The Space API describes the types and parameters for the core Space components.
Match is the selector for resources that should be included in the backup. By default, we’ll back up all Groups and for each Group:
- All ControlPlanes.
- All Secrets.
- All other Space API resources, e.g. SharedBackupConfigs, SharedUpboundPolicies, Backups, etc…
Match is the selector for resources that should be included in the backup. By default, we’ll back up all Groups and for each Group:
- All ControlPlanes.
- All Secrets.
- All other Space API resources, e.g. SharedBackupConfigs, SharedUpboundPolicies, Backups, etc…
true
One
processing stops after a rule has
been applied i.e. the rule matches and results in a pass, fail, or error. When
set to All
all rules in the policy are processed. The default is All
.true
GetFailurePolicy()
should be used.
Allowed values are Ignore or Fail. Defaults to Fail.Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
‘object’ - The object from the incoming request. The value is null for DELETE requests. ‘oldObject’ - The existing object. The value is null for CREATE requests. ‘request’ - Attributes of the admission request(https://pkg.go.dev/k8s.io/kubernetes/pkg/apis/admission#AdmissionRequest). ‘authorizer’ - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz ‘authorizer.requestResource’ - A CEL ResourceCheck constructed from the ‘authorizer’ and configured with the request resource. Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
Required.
Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, ‘-’, ‘’ or ‘.’, and must start and end with an alphanumeric character (e.g. ‘MyName’, or ‘my.name’, or ‘123-abc’, regex used for validation is ‘([A-Za-z0-9][-A-Za-z0-9.]*)?[A-Za-z0-9]’) with an optional DNS subdomain prefix and ‘/’ (e.g. ’example.com/MyName’)
Required.
kubectl get --raw
command.
See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
for details.matchLabels
support the wildcard characters *
(matches zero or many characters)
and ?
(matches one character).Wildcards allows writing label selectors like
[‘storage.k8s.io/’: ‘’]. Note that using [’’ : ‘’] matches any key and value but
does not match an empty label set.matchLabels
support the wildcard
characters *
(matches zero or many characters) and ?
(matches one character).
Wildcards allows writing label selectors like [‘storage.k8s.io/’: ‘’]. Note that
using [’’ : ‘’] matches any key and value but does not match an empty label set.matchLabels
support the wildcard characters *
(matches zero or many characters)
and ?
(matches one character).Wildcards allows writing label selectors like
[‘storage.k8s.io/’: ‘’]. Note that using [’’ : ‘’] matches any key and value but
does not match an empty label set.matchLabels
support the wildcard
characters *
(matches zero or many characters) and ?
(matches one character).
Wildcards allows writing label selectors like [‘storage.k8s.io/’: ‘’]. Note that
using [’’ : ‘’] matches any key and value but does not match an empty label set.matchLabels
support the wildcard characters *
(matches zero or many characters)
and ?
(matches one character).Wildcards allows writing label selectors like
[‘storage.k8s.io/’: ‘’]. Note that using [’’ : ‘’] matches any key and value but
does not match an empty label set.matchLabels
support the wildcard
characters *
(matches zero or many characters) and ?
(matches one character).
Wildcards allows writing label selectors like [‘storage.k8s.io/’: ‘’]. Note that
using [’’ : ‘’] matches any key and value but does not match an empty label set.matchLabels
.
wildcard characters are not supported.matchLabels
support the wildcard characters *
(matches zero or many characters)
and ?
(matches one character).Wildcards allows writing label selectors like
[‘storage.k8s.io/’: ‘’]. Note that using [’’ : ‘’] matches any key and value but
does not match an empty label set.matchLabels
support the wildcard
characters *
(matches zero or many characters) and ?
(matches one character).
Wildcards allows writing label selectors like [‘storage.k8s.io/’: ‘’]. Note that
using [’’ : ‘’] matches any key and value but does not match an empty label set.matchLabels
support the wildcard characters *
(matches zero or many characters)
and ?
(matches one character).Wildcards allows writing label selectors like
[‘storage.k8s.io/’: ‘’]. Note that using [’’ : ‘’] matches any key and value but
does not match an empty label set.matchLabels
support the wildcard
characters *
(matches zero or many characters) and ?
(matches one character).
Wildcards allows writing label selectors like [‘storage.k8s.io/’: ‘’]. Note that
using [’’ : ‘’] matches any key and value but does not match an empty label set.