4.3 KiB
title | content_type | package | auto_generated |
---|---|---|---|
Image Policy API (v1alpha1) | tool-reference | imagepolicy.k8s.io/v1alpha1 | true |
Resource Types
ImageReview
ImageReview checks if the set of images in a pod are allowed.
Field | Description |
---|---|
apiVersion string | imagepolicy.k8s.io/v1alpha1 |
kind string | ImageReview |
metadata meta/v1.ObjectMeta
|
Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Refer to the Kubernetes API documentation for the fields of themetadata field. |
spec [Required]ImageReviewSpec
|
Spec holds information about the pod being evaluated |
status ImageReviewStatus
|
Status is filled in by the backend and indicates whether the pod should be allowed. |
ImageReviewContainerSpec
Appears in:
ImageReviewContainerSpec is a description of a container within the pod creation request.
Field | Description |
---|---|
image string
|
This can be in the form image:tag or image@SHA:012345679abcdef. |
ImageReviewSpec
Appears in:
ImageReviewSpec is a description of the pod creation request.
Field | Description |
---|---|
containers []ImageReviewContainerSpec
|
Containers is a list of a subset of the information in each container of the Pod being created. |
annotations map[string]string
|
Annotations is a list of key-value pairs extracted from the Pod's annotations.
It only includes keys which match the pattern |
namespace string
|
Namespace is the namespace the pod is being created in. |
ImageReviewStatus
Appears in:
ImageReviewStatus is the result of the review for the pod creation request.
Field | Description |
---|---|
allowed [Required]bool
|
Allowed indicates that all images were allowed to be run. |
reason string
|
Reason should be empty unless Allowed is false in which case it may contain a short description of what is wrong. Kubernetes may truncate excessively long errors when displaying to the user. |
auditAnnotations map[string]string
|
AuditAnnotations will be added to the attributes object of the admission controller request using 'AddAnnotation'. The keys should be prefix-less (i.e., the admission controller will add an appropriate prefix). |