Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckKind ¶
func CheckKind(subresourceGVKToAPIResource map[string]*metav1.APIResource, kinds []string, gvk schema.GroupVersionKind, subresourceInAdmnReview string, allowEphemeralContainers bool) bool
CheckKind checks if the resource kind matches the kinds in the policy. If the policy matches on subresources, then those resources are present in the subresourceGVKToAPIResource map. Set allowEphemeralContainers to true to allow ephemeral containers to be matched even when the policy does not explicitly match on ephemeral containers and only matches on pods.
func CheckMatchesResources ¶
func CheckMatchesResources( resource unstructured.Unstructured, statement kyvernov2beta1.MatchResources, namespaceLabels map[string]string, subresourceGVKToAPIResource map[string]*metav1.APIResource, subresourceInAdmnReview string, admissionInfo kyvernov1beta1.RequestInfo, excludeGroupRole []string, ) error
func CheckNamespace ¶
func CheckNamespace(statement string, resource unstructured.Unstructured) error
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.