Custom Resource Definitions
Kyverno uses Kubernetes Custom Resource Definitions (CRDs) for policy definitions, policy reports, and other internal types. When operating in a Kubernetes cluster with Kyverno installed, you can always inspect Kyverno types natively using
For example, here is the definition of a Kyverno
λ kubectl explain policy.spec KIND: Policy VERSION: kyverno.io/v1 RESOURCE: spec <Object> DESCRIPTION: Spec defines policy behaviors and contains one or rules. FIELDS: background <boolean> Background controls if rules are applied to existing resources during a background scan. Optional. Default value is "true". The value must be set to "false" if the policy rule uses variables that are only available in the admission review request (e.g. user name). rules <Object> Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources. validationFailureAction <string> ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. The default value is "audit".
The complete Kyverno CRD reference can be viewed using this link: