{
"components": {
"schemas": {
"io.k8s.api.admissionregistration.v1.AuditAnnotation": {
"description": "AuditAnnotation describes how to produce an audit annotation for an API request.",
"properties": {
"key": {
"default": "",
"description": "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.",
"type": "string"
},
"valueExpression": {
"default": "",
"description": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.",
"type": "string"
}
},
"required": [
"key",
"valueExpression"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ExpressionWarning": {
"description": "ExpressionWarning is a warning information that targets a specific expression.",
"properties": {
"fieldRef": {
"default": "",
"description": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"",
"type": "string"
},
"warning": {
"default": "",
"description": "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.",
"type": "string"
}
},
"required": [
"fieldRef",
"warning"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.MatchCondition": {
"description": "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.",
"properties": {
"expression": {
"default": "",
"description": "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired.",
"type": "string"
},
"name": {
"default": "",
"description": "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.",
"type": "string"
}
},
"required": [
"name",
"expression"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.MatchResources": {
"description": "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
"properties": {
"excludeResourceRules": {
"description": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.NamedRuleWithOperations"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchPolicy": {
"description": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"",
"type": "string"
},
"namespaceSelector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything."
},
"objectSelector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything."
},
"resourceRules": {
"description": "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.NamedRuleWithOperations"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.api.admissionregistration.v1.MutatingWebhook": {
"description": "MutatingWebhook describes an admission webhook and the resources and operations it applies to.",
"properties": {
"admissionReviewVersions": {
"description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"clientConfig": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.WebhookClientConfig"
}
],
"default": {},
"description": "ClientConfig defines how to communicate with the hook. Required"
},
"failurePolicy": {
"description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.",
"type": "string"
},
"matchConditions": {
"description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MatchCondition"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "name",
"x-kubernetes-patch-strategy": "merge"
},
"matchPolicy": {
"description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"",
"type": "string"
},
"name": {
"default": "",
"description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
"type": "string"
},
"namespaceSelector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything."
},
"objectSelector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything."
},
"reinvocationPolicy": {
"description": "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".",
"type": "string"
},
"rules": {
"description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.RuleWithOperations"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"sideEffects": {
"description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.",
"type": "string"
},
"timeoutSeconds": {
"description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.",
"format": "int32",
"type": "integer"
}
},
"required": [
"name",
"clientConfig",
"sideEffects",
"admissionReviewVersions"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration": {
"description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
}
],
"default": {},
"description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata."
},
"webhooks": {
"description": "Webhooks is a list of webhooks and the affected resources and operations.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhook"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "name",
"x-kubernetes-patch-strategy": "merge"
}
},
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList": {
"description": "MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"items": {
"description": "List of MutatingWebhookConfiguration.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
],
"default": {}
},
"type": "array"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
],
"default": {},
"description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
}
},
"required": [
"items"
],
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfigurationList",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.NamedRuleWithOperations": {
"description": "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.",
"properties": {
"apiGroups": {
"description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"apiVersions": {
"description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"operations": {
"description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"resourceNames": {
"description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"resources": {
"description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"scope": {
"description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.api.admissionregistration.v1.ParamKind": {
"description": "ParamKind is a tuple of Group Kind and Version.",
"properties": {
"apiVersion": {
"description": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.",
"type": "string"
},
"kind": {
"description": "Kind is the API kind the resources belong to. Required.",
"type": "string"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.api.admissionregistration.v1.ParamRef": {
"description": "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.",
"properties": {
"name": {
"description": "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.",
"type": "string"
},
"namespace": {
"description": "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.",
"type": "string"
},
"parameterNotFoundAction": {
"description": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired",
"type": "string"
},
"selector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset."
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.api.admissionregistration.v1.RuleWithOperations": {
"description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.",
"properties": {
"apiGroups": {
"description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"apiVersions": {
"description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"operations": {
"description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"resources": {
"description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"scope": {
"description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".",
"type": "string"
}
},
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ServiceReference": {
"description": "ServiceReference holds a reference to Service.legacy.k8s.io",
"properties": {
"name": {
"default": "",
"description": "`name` is the name of the service. Required",
"type": "string"
},
"namespace": {
"default": "",
"description": "`namespace` is the namespace of the service. Required",
"type": "string"
},
"path": {
"description": "`path` is an optional URL path which will be sent in any request to this service.",
"type": "string"
},
"port": {
"description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).",
"format": "int32",
"type": "integer"
}
},
"required": [
"namespace",
"name"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.TypeChecking": {
"description": "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy",
"properties": {
"expressionWarnings": {
"description": "The type checking warnings for each expression.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ExpressionWarning"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy": {
"description": "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
}
],
"default": {},
"description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata."
},
"spec": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec"
}
],
"default": {},
"description": "Specification of the desired behavior of the ValidatingAdmissionPolicy."
},
"status": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus"
}
],
"default": {},
"description": "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only."
}
},
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding": {
"description": "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
}
],
"default": {},
"description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata."
},
"spec": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec"
}
],
"default": {},
"description": "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding."
}
},
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList": {
"description": "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"items": {
"description": "List of PolicyBinding.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
],
"default": {}
},
"type": "array"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
],
"default": {},
"description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
}
},
"required": [
"items"
],
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBindingList",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec": {
"description": "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.",
"properties": {
"matchResources": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MatchResources"
}
],
"description": "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required."
},
"paramRef": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ParamRef"
}
],
"description": "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param."
},
"policyName": {
"description": "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.",
"type": "string"
},
"validationActions": {
"description": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\\\"message\\\": \\\"Invalid value\\\", {\\\"policy\\\": \\\"policy.example.com\\\", {\\\"binding\\\": \\\"policybinding.example.com\\\", {\\\"expressionIndex\\\": \\\"1\\\", {\\\"validationActions\\\": [\\\"Audit\\\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "set"
}
},
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList": {
"description": "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"items": {
"description": "List of ValidatingAdmissionPolicy.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
],
"default": {}
},
"type": "array"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
],
"default": {},
"description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
}
},
"required": [
"items"
],
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyList",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec": {
"description": "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.",
"properties": {
"auditAnnotations": {
"description": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.AuditAnnotation"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"failurePolicy": {
"description": "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.",
"type": "string"
},
"matchConditions": {
"description": "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the policy is skipped",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MatchCondition"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "name",
"x-kubernetes-patch-strategy": "merge"
},
"matchConstraints": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MatchResources"
}
],
"description": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required."
},
"paramKind": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ParamKind"
}
],
"description": "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null."
},
"validations": {
"description": "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.Validation"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"variables": {
"description": "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.Variable"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "name",
"x-kubernetes-patch-strategy": "merge"
}
},
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus": {
"description": "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.",
"properties": {
"conditions": {
"description": "The conditions represent the latest available observations of a policy's current state.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Condition"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
},
"observedGeneration": {
"description": "The generation observed by the controller.",
"format": "int64",
"type": "integer"
},
"typeChecking": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.TypeChecking"
}
],
"description": "The results of type checking for each expression. Presence of this field indicates the completion of the type checking."
}
},
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ValidatingWebhook": {
"description": "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.",
"properties": {
"admissionReviewVersions": {
"description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"clientConfig": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.WebhookClientConfig"
}
],
"default": {},
"description": "ClientConfig defines how to communicate with the hook. Required"
},
"failurePolicy": {
"description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.",
"type": "string"
},
"matchConditions": {
"description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MatchCondition"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "name",
"x-kubernetes-patch-strategy": "merge"
},
"matchPolicy": {
"description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"",
"type": "string"
},
"name": {
"default": "",
"description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
"type": "string"
},
"namespaceSelector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything."
},
"objectSelector": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
}
],
"description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything."
},
"rules": {
"description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.RuleWithOperations"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"sideEffects": {
"description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.",
"type": "string"
},
"timeoutSeconds": {
"description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.",
"format": "int32",
"type": "integer"
}
},
"required": [
"name",
"clientConfig",
"sideEffects",
"admissionReviewVersions"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration": {
"description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
}
],
"default": {},
"description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata."
},
"webhooks": {
"description": "Webhooks is a list of webhooks and the affected resources and operations.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhook"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "name",
"x-kubernetes-patch-strategy": "merge"
}
},
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList": {
"description": "ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"items": {
"description": "List of ValidatingWebhookConfiguration.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
],
"default": {}
},
"type": "array"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
],
"default": {},
"description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
}
},
"required": [
"items"
],
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfigurationList",
"version": "v1"
}
]
},
"io.k8s.api.admissionregistration.v1.Validation": {
"description": "Validation specifies the CEL expression which is used to apply the validation.",
"properties": {
"expression": {
"default": "",
"description": "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired.",
"type": "string"
},
"message": {
"description": "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".",
"type": "string"
},
"messageExpression": {
"description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"",
"type": "string"
},
"reason": {
"description": "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.",
"type": "string"
}
},
"required": [
"expression"
],
"type": "object"
},
"io.k8s.api.admissionregistration.v1.Variable": {
"description": "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.",
"properties": {
"expression": {
"default": "",
"description": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.",
"type": "string"
},
"name": {
"default": "",
"description": "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`",
"type": "string"
}
},
"required": [
"name",
"expression"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.api.admissionregistration.v1.WebhookClientConfig": {
"description": "WebhookClientConfig contains the information to make a TLS connection with the webhook",
"properties": {
"caBundle": {
"description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.",
"format": "byte",
"type": "string"
},
"service": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ServiceReference"
}
],
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`."
},
"url": {
"description": "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
"type": "string"
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.APIResource": {
"description": "APIResource specifies the name of a resource and whether it is namespaced.",
"properties": {
"categories": {
"description": "categories is a list of the grouped resources this resource belongs to (e.g. 'all')",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"group": {
"description": "group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale\".",
"type": "string"
},
"kind": {
"default": "",
"description": "kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')",
"type": "string"
},
"name": {
"default": "",
"description": "name is the plural name of the resource.",
"type": "string"
},
"namespaced": {
"default": false,
"description": "namespaced indicates if a resource is namespaced or not.",
"type": "boolean"
},
"shortNames": {
"description": "shortNames is a list of suggested short names of the resource.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"singularName": {
"default": "",
"description": "singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.",
"type": "string"
},
"storageVersionHash": {
"description": "The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.",
"type": "string"
},
"verbs": {
"description": "verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)",
"items": {
"default": "",
"type": "string"
},
"type": "array"
},
"version": {
"description": "version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)\".",
"type": "string"
}
},
"required": [
"name",
"singularName",
"namespaced",
"kind",
"verbs"
],
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList": {
"description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"groupVersion": {
"default": "",
"description": "groupVersion is the group and version this APIResourceList is for.",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"resources": {
"description": "resources contains the name of the resources and if they are namespaced.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResource"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"groupVersion",
"resources"
],
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "",
"kind": "APIResourceList",
"version": "v1"
}
]
},
"io.k8s.apimachinery.pkg.apis.meta.v1.Condition": {
"description": "Condition contains details for one aspect of the current state of this API Resource.",
"properties": {
"lastTransitionTime": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"
}
],
"description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable."
},
"message": {
"default": "",
"description": "message is a human readable message indicating details about the transition. This may be an empty string.",
"type": "string"
},
"observedGeneration": {
"description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.",
"format": "int64",
"type": "integer"
},
"reason": {
"default": "",
"description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.",
"type": "string"
},
"status": {
"default": "",
"description": "status of the condition, one of True, False, Unknown.",
"type": "string"
},
"type": {
"default": "",
"description": "type of condition in CamelCase or in foo.example.com/CamelCase.",
"type": "string"
}
},
"required": [
"type",
"status",
"lastTransitionTime",
"reason",
"message"
],
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions": {
"description": "DeleteOptions may be provided when deleting an API object.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"dryRun": {
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"gracePeriodSeconds": {
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"format": "int64",
"type": "integer"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"orphanDependents": {
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"type": "boolean"
},
"preconditions": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions"
}
],
"description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned."
},
"propagationPolicy": {
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"type": "string"
}
},
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "admission.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "admission.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "admissionregistration.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "admissionregistration.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "admissionregistration.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "apiextensions.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "apiextensions.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "apiregistration.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "apiregistration.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "apps",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "apps",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "apps",
"kind": "DeleteOptions",
"version": "v1beta2"
},
{
"group": "authentication.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "authentication.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "authentication.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "authorization.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "authorization.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "autoscaling",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "autoscaling",
"kind": "DeleteOptions",
"version": "v2"
},
{
"group": "autoscaling",
"kind": "DeleteOptions",
"version": "v2beta1"
},
{
"group": "autoscaling",
"kind": "DeleteOptions",
"version": "v2beta2"
},
{
"group": "batch",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "batch",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "certificates.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "certificates.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "certificates.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "coordination.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "coordination.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "coordination.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "discovery.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "discovery.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "events.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "events.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "extensions",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta2"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta3"
},
{
"group": "imagepolicy.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "internal.apiserver.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "networking.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "networking.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "networking.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "node.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "node.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "node.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "policy",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "policy",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "rbac.authorization.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "rbac.authorization.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "rbac.authorization.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "resource.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha3"
},
{
"group": "scheduling.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "scheduling.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "scheduling.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "storage.k8s.io",
"kind": "DeleteOptions",
"version": "v1"
},
{
"group": "storage.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "storage.k8s.io",
"kind": "DeleteOptions",
"version": "v1beta1"
},
{
"group": "storagemigration.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
}
]
},
"io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": {
"description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:<name>', where <name> is the name of a field in a struct, or key in a map 'v:<value>', where <value> is the exact json formatted value of a list item 'i:<index>', where <index> is position of a item in a list 'k:<keys>', where <keys> is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff",
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": {
"description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.",
"properties": {
"matchExpressions": {
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"matchLabels": {
"additionalProperties": {
"default": "",
"type": "string"
},
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
"type": "object"
}
},
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": {
"description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
"properties": {
"key": {
"default": "",
"description": "key is the label key that the selector applies to.",
"type": "string"
},
"operator": {
"default": "",
"description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.",
"type": "string"
},
"values": {
"description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "atomic"
}
},
"required": [
"key",
"operator"
],
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta": {
"description": "ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.",
"properties": {
"continue": {
"description": "continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.",
"type": "string"
},
"remainingItemCount": {
"description": "remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.",
"format": "int64",
"type": "integer"
},
"resourceVersion": {
"description": "String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency",
"type": "string"
},
"selfLink": {
"description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.",
"type": "string"
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": {
"description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.",
"type": "string"
},
"fieldsType": {
"description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"",
"type": "string"
},
"fieldsV1": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1"
}
],
"description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type."
},
"manager": {
"description": "Manager is an identifier of the workflow managing these fields.",
"type": "string"
},
"operation": {
"description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.",
"type": "string"
},
"subresource": {
"description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.",
"type": "string"
},
"time": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"
}
],
"description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over."
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": {
"description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.",
"properties": {
"annotations": {
"additionalProperties": {
"default": "",
"type": "string"
},
"description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations",
"type": "object"
},
"creationTimestamp": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"
}
],
"description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata"
},
"deletionGracePeriodSeconds": {
"description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.",
"format": "int64",
"type": "integer"
},
"deletionTimestamp": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time"
}
],
"description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata"
},
"finalizers": {
"description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.",
"items": {
"default": "",
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "set",
"x-kubernetes-patch-strategy": "merge"
},
"generateName": {
"description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency",
"type": "string"
},
"generation": {
"description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.",
"format": "int64",
"type": "integer"
},
"labels": {
"additionalProperties": {
"default": "",
"type": "string"
},
"description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels",
"type": "object"
},
"managedFields": {
"description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"name": {
"description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names",
"type": "string"
},
"namespace": {
"description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces",
"type": "string"
},
"ownerReferences": {
"description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-map-keys": [
"uid"
],
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "uid",
"x-kubernetes-patch-strategy": "merge"
},
"resourceVersion": {
"description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency",
"type": "string"
},
"selfLink": {
"description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.",
"type": "string"
},
"uid": {
"description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids",
"type": "string"
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": {
"description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.",
"properties": {
"apiVersion": {
"default": "",
"description": "API version of the referent.",
"type": "string"
},
"blockOwnerDeletion": {
"description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.",
"type": "boolean"
},
"controller": {
"description": "If true, this reference points to the managing controller.",
"type": "boolean"
},
"kind": {
"default": "",
"description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"name": {
"default": "",
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names",
"type": "string"
},
"uid": {
"default": "",
"description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids",
"type": "string"
}
},
"required": [
"apiVersion",
"kind",
"name",
"uid"
],
"type": "object",
"x-kubernetes-map-type": "atomic"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.Patch": {
"description": "Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.",
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions": {
"description": "Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.",
"properties": {
"resourceVersion": {
"description": "Specifies the target ResourceVersion",
"type": "string"
},
"uid": {
"description": "Specifies the target UID.",
"type": "string"
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.Status": {
"description": "Status is a return value for calls that don't return other objects.",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
"type": "string"
},
"code": {
"description": "Suggested HTTP return code for this status, 0 if not set.",
"format": "int32",
"type": "integer"
},
"details": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails"
}
],
"description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.",
"x-kubernetes-list-type": "atomic"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"message": {
"description": "A human-readable description of the status of this operation.",
"type": "string"
},
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
],
"default": {},
"description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
},
"reason": {
"description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.",
"type": "string"
},
"status": {
"description": "Status of the operation. One of: \"Success\" or \"Failure\". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
"type": "string"
}
},
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "",
"kind": "Status",
"version": "v1"
}
]
},
"io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause": {
"description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.",
"properties": {
"field": {
"description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.\n\nExamples:\n \"name\" - the field \"name\" on the current resource\n \"items[0].name\" - the field \"name\" on the first array entry in \"items\"",
"type": "string"
},
"message": {
"description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader.",
"type": "string"
},
"reason": {
"description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.",
"type": "string"
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails": {
"description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.",
"properties": {
"causes": {
"description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.",
"items": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause"
}
],
"default": {}
},
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"group": {
"description": "The group attribute of the resource associated with the status StatusReason.",
"type": "string"
},
"kind": {
"description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
"type": "string"
},
"name": {
"description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).",
"type": "string"
},
"retryAfterSeconds": {
"description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.",
"format": "int32",
"type": "integer"
},
"uid": {
"description": "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids",
"type": "string"
}
},
"type": "object"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.Time": {
"description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.",
"format": "date-time",
"type": "string"
},
"io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent": {
"description": "Event represents a single event to a watched resource.",
"properties": {
"object": {
"allOf": [
{
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension"
}
],
"description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context."
},
"type": {
"default": "",
"type": "string"
}
},
"required": [
"type",
"object"
],
"type": "object",
"x-kubernetes-group-version-kind": [
{
"group": "",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "admission.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "admission.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "admissionregistration.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "admissionregistration.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "admissionregistration.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "apiextensions.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "apiextensions.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "apiregistration.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "apiregistration.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "apps",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "apps",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "apps",
"kind": "WatchEvent",
"version": "v1beta2"
},
{
"group": "authentication.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "authentication.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "authentication.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "authorization.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "authorization.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "autoscaling",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "autoscaling",
"kind": "WatchEvent",
"version": "v2"
},
{
"group": "autoscaling",
"kind": "WatchEvent",
"version": "v2beta1"
},
{
"group": "autoscaling",
"kind": "WatchEvent",
"version": "v2beta2"
},
{
"group": "batch",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "batch",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "certificates.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "certificates.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "certificates.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "coordination.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "coordination.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "coordination.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "discovery.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "discovery.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "events.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "events.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "extensions",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "WatchEvent",
"version": "v1beta2"
},
{
"group": "flowcontrol.apiserver.k8s.io",
"kind": "WatchEvent",
"version": "v1beta3"
},
{
"group": "imagepolicy.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "internal.apiserver.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "networking.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "networking.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "networking.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "node.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "node.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "node.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "policy",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "policy",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "rbac.authorization.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "rbac.authorization.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "rbac.authorization.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "resource.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha3"
},
{
"group": "scheduling.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "scheduling.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "scheduling.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "storage.k8s.io",
"kind": "WatchEvent",
"version": "v1"
},
{
"group": "storage.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "storage.k8s.io",
"kind": "WatchEvent",
"version": "v1beta1"
},
{
"group": "storagemigration.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
}
]
},
"io.k8s.apimachinery.pkg.runtime.RawExtension": {
"description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)",
"type": "object"
}
},
"securitySchemes": {
"BearerToken": {
"description": "Bearer Token authentication",
"in": "header",
"name": "authorization",
"type": "apiKey"
}
}
},
"info": {
"title": "Kubernetes",
"version": "unversioned"
},
"openapi": "3.0.0",
"paths": {
"/apis/admissionregistration.k8s.io/v1/": {
"get": {
"description": "get available resources",
"operationId": "getAdmissionregistrationV1APIResources",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
]
}
},
"/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations": {
"delete": {
"description": "delete collection of MutatingWebhookConfiguration",
"operationId": "deleteAdmissionregistrationV1CollectionMutatingWebhookConfiguration",
"parameters": [
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "deletecollection",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"get": {
"description": "list or watch objects of kind MutatingWebhookConfiguration",
"operationId": "listAdmissionregistrationV1MutatingWebhookConfiguration",
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "list",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"post": {
"description": "create a MutatingWebhookConfiguration",
"operationId": "createAdmissionregistrationV1MutatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "Created"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "post",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}": {
"delete": {
"description": "delete a MutatingWebhookConfiguration",
"operationId": "deleteAdmissionregistrationV1MutatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "delete",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"get": {
"description": "read the specified MutatingWebhookConfiguration",
"operationId": "readAdmissionregistrationV1MutatingWebhookConfiguration",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "get",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "name of the MutatingWebhookConfiguration",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"patch": {
"description": "partially update the specified MutatingWebhookConfiguration",
"operationId": "patchAdmissionregistrationV1MutatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.",
"in": "query",
"name": "force",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"application/apply-patch+yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/strategic-merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "patch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"put": {
"description": "replace the specified MutatingWebhookConfiguration",
"operationId": "replaceAdmissionregistrationV1MutatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "put",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies": {
"delete": {
"description": "delete collection of ValidatingAdmissionPolicy",
"operationId": "deleteAdmissionregistrationV1CollectionValidatingAdmissionPolicy",
"parameters": [
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "deletecollection",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"get": {
"description": "list or watch objects of kind ValidatingAdmissionPolicy",
"operationId": "listAdmissionregistrationV1ValidatingAdmissionPolicy",
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "list",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"parameters": [
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"post": {
"description": "create a ValidatingAdmissionPolicy",
"operationId": "createAdmissionregistrationV1ValidatingAdmissionPolicy",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "Created"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "post",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies/{name}": {
"delete": {
"description": "delete a ValidatingAdmissionPolicy",
"operationId": "deleteAdmissionregistrationV1ValidatingAdmissionPolicy",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "delete",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"get": {
"description": "read the specified ValidatingAdmissionPolicy",
"operationId": "readAdmissionregistrationV1ValidatingAdmissionPolicy",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "get",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"parameters": [
{
"description": "name of the ValidatingAdmissionPolicy",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"patch": {
"description": "partially update the specified ValidatingAdmissionPolicy",
"operationId": "patchAdmissionregistrationV1ValidatingAdmissionPolicy",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.",
"in": "query",
"name": "force",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"application/apply-patch+yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/strategic-merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "patch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"put": {
"description": "replace the specified ValidatingAdmissionPolicy",
"operationId": "replaceAdmissionregistrationV1ValidatingAdmissionPolicy",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "put",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicies/{name}/status": {
"get": {
"description": "read status of the specified ValidatingAdmissionPolicy",
"operationId": "readAdmissionregistrationV1ValidatingAdmissionPolicyStatus",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "get",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"parameters": [
{
"description": "name of the ValidatingAdmissionPolicy",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"patch": {
"description": "partially update status of the specified ValidatingAdmissionPolicy",
"operationId": "patchAdmissionregistrationV1ValidatingAdmissionPolicyStatus",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.",
"in": "query",
"name": "force",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"application/apply-patch+yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/strategic-merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "patch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"put": {
"description": "replace status of the specified ValidatingAdmissionPolicy",
"operationId": "replaceAdmissionregistrationV1ValidatingAdmissionPolicyStatus",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "put",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicybindings": {
"delete": {
"description": "delete collection of ValidatingAdmissionPolicyBinding",
"operationId": "deleteAdmissionregistrationV1CollectionValidatingAdmissionPolicyBinding",
"parameters": [
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "deletecollection",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"get": {
"description": "list or watch objects of kind ValidatingAdmissionPolicyBinding",
"operationId": "listAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "list",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"parameters": [
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"post": {
"description": "create a ValidatingAdmissionPolicyBinding",
"operationId": "createAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "Created"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "post",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingadmissionpolicybindings/{name}": {
"delete": {
"description": "delete a ValidatingAdmissionPolicyBinding",
"operationId": "deleteAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "delete",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"get": {
"description": "read the specified ValidatingAdmissionPolicyBinding",
"operationId": "readAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "get",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"parameters": [
{
"description": "name of the ValidatingAdmissionPolicyBinding",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"patch": {
"description": "partially update the specified ValidatingAdmissionPolicyBinding",
"operationId": "patchAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.",
"in": "query",
"name": "force",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"application/apply-patch+yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/strategic-merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "patch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"put": {
"description": "replace the specified ValidatingAdmissionPolicyBinding",
"operationId": "replaceAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "put",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations": {
"delete": {
"description": "delete collection of ValidatingWebhookConfiguration",
"operationId": "deleteAdmissionregistrationV1CollectionValidatingWebhookConfiguration",
"parameters": [
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "deletecollection",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"get": {
"description": "list or watch objects of kind ValidatingWebhookConfiguration",
"operationId": "listAdmissionregistrationV1ValidatingWebhookConfiguration",
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "list",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"post": {
"description": "create a ValidatingWebhookConfiguration",
"operationId": "createAdmissionregistrationV1ValidatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "Created"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "post",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}": {
"delete": {
"description": "delete a ValidatingWebhookConfiguration",
"operationId": "deleteAdmissionregistrationV1ValidatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"in": "query",
"name": "gracePeriodSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"in": "query",
"name": "orphanDependents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"in": "query",
"name": "propagationPolicy",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
}
}
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "OK"
},
"202": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
}
},
"description": "Accepted"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "delete",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"get": {
"description": "read the specified ValidatingWebhookConfiguration",
"operationId": "readAdmissionregistrationV1ValidatingWebhookConfiguration",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "get",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "name of the ValidatingWebhookConfiguration",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"patch": {
"description": "partially update the specified ValidatingWebhookConfiguration",
"operationId": "patchAdmissionregistrationV1ValidatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.",
"in": "query",
"name": "force",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"application/apply-patch+yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
"application/strategic-merge-patch+json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "patch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"put": {
"description": "replace the specified ValidatingWebhookConfiguration",
"operationId": "replaceAdmissionregistrationV1ValidatingWebhookConfiguration",
"parameters": [
{
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"in": "query",
"name": "dryRun",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.",
"in": "query",
"name": "fieldManager",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.",
"in": "query",
"name": "fieldValidation",
"schema": {
"type": "string",
"uniqueItems": true
}
}
],
"requestBody": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "OK"
},
"201": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration"
}
}
},
"description": "Created"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "put",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
}
},
"/apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations": {
"get": {
"description": "watch individual changes to a list of MutatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead.",
"operationId": "watchAdmissionregistrationV1MutatingWebhookConfigurationList",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watchlist",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations/{name}": {
"get": {
"description": "watch changes to an object of kind MutatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.",
"operationId": "watchAdmissionregistrationV1MutatingWebhookConfiguration",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "MutatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "name of the MutatingWebhookConfiguration",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicies": {
"get": {
"description": "watch individual changes to a list of ValidatingAdmissionPolicy. deprecated: use the 'watch' parameter with a list operation instead.",
"operationId": "watchAdmissionregistrationV1ValidatingAdmissionPolicyList",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watchlist",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicies/{name}": {
"get": {
"description": "watch changes to an object of kind ValidatingAdmissionPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.",
"operationId": "watchAdmissionregistrationV1ValidatingAdmissionPolicy",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicy",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "name of the ValidatingAdmissionPolicy",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicybindings": {
"get": {
"description": "watch individual changes to a list of ValidatingAdmissionPolicyBinding. deprecated: use the 'watch' parameter with a list operation instead.",
"operationId": "watchAdmissionregistrationV1ValidatingAdmissionPolicyBindingList",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watchlist",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/validatingadmissionpolicybindings/{name}": {
"get": {
"description": "watch changes to an object of kind ValidatingAdmissionPolicyBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.",
"operationId": "watchAdmissionregistrationV1ValidatingAdmissionPolicyBinding",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingAdmissionPolicyBinding",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "name of the ValidatingAdmissionPolicyBinding",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations": {
"get": {
"description": "watch individual changes to a list of ValidatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead.",
"operationId": "watchAdmissionregistrationV1ValidatingWebhookConfigurationList",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watchlist",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
},
"/apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations/{name}": {
"get": {
"description": "watch changes to an object of kind ValidatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.",
"operationId": "watchAdmissionregistrationV1ValidatingWebhookConfiguration",
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/json;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/vnd.kubernetes.protobuf;stream=watch": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"application/yaml": {
"schema": {
"$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
}
},
"description": "OK"
},
"401": {
"description": "Unauthorized"
}
},
"tags": [
"admissionregistration_v1"
],
"x-kubernetes-action": "watch",
"x-kubernetes-group-version-kind": {
"group": "admissionregistration.k8s.io",
"kind": "ValidatingWebhookConfiguration",
"version": "v1"
}
},
"parameters": [
{
"description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.",
"in": "query",
"name": "allowWatchBookmarks",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"in": "query",
"name": "continue",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"in": "query",
"name": "fieldSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"in": "query",
"name": "labelSelector",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"in": "query",
"name": "limit",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "name of the ValidatingWebhookConfiguration",
"in": "path",
"name": "name",
"required": true,
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).",
"in": "query",
"name": "pretty",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersion",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset",
"in": "query",
"name": "resourceVersionMatch",
"schema": {
"type": "string",
"uniqueItems": true
}
},
{
"description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.",
"in": "query",
"name": "sendInitialEvents",
"schema": {
"type": "boolean",
"uniqueItems": true
}
},
{
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"in": "query",
"name": "timeoutSeconds",
"schema": {
"type": "integer",
"uniqueItems": true
}
},
{
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"in": "query",
"name": "watch",
"schema": {
"type": "boolean",
"uniqueItems": true
}
}
]
}
}
}
Codebase Browser
kubernetes