Skip to content

Files

Latest commit

665a8d6 · Nov 26, 2024

History

History
18 lines (10 loc) · 2.3 KB

V1alpha1MatchResources.md

File metadata and controls

18 lines (10 loc) · 2.3 KB

V1alpha1MatchResources

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

Properties

Name Type Description Notes
excludeResourceRules List<V1alpha1NamedRuleWithOperations> ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded) [optional]
matchPolicy String matchPolicy defines how the &quot;MatchResources&quot; list is used to match incoming requests. Allowed values are &quot;Exact&quot; or &quot;Equivalent&quot;. - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but &quot;rules&quot; only included `apiGroups:[&quot;apps&quot;], apiVersions:[&quot;v1&quot;], resources: [&quot;deployments&quot;]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy. - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and &quot;rules&quot; only included `apiGroups:[&quot;apps&quot;], apiVersions:[&quot;v1&quot;], resources: [&quot;deployments&quot;]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy. Defaults to &quot;Equivalent&quot; [optional]
namespaceSelector V1LabelSelector [optional]
objectSelector V1LabelSelector [optional]
resourceRules List<V1alpha1NamedRuleWithOperations> ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches any Rule. [optional]