pulumi-kubernetes-kotlin/com.pulumi.kubernetes.admissionregistration.v1alpha1.kotlin.inputs/MatchResourcesPatchArgs

MatchResourcesPatchArgs

data class MatchResourcesPatchArgs(val excludeResourceRules: Output<List<NamedRuleWithOperationsPatchArgs>>? = null, val matchPolicy: Output<String>? = null, val namespaceSelector: Output<LabelSelectorPatchArgs>? = null, val objectSelector: Output<LabelSelectorPatchArgs>? = null, val resourceRules: Output<List<NamedRuleWithOperationsPatchArgs>>? = null) : ConvertibleToJava<MatchResourcesPatchArgs>

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

Constructors

Link copied to clipboard
constructor(excludeResourceRules: Output<List<NamedRuleWithOperationsPatchArgs>>? = null, matchPolicy: Output<String>? = null, namespaceSelector: Output<LabelSelectorPatchArgs>? = null, objectSelector: Output<LabelSelectorPatchArgs>? = null, resourceRules: Output<List<NamedRuleWithOperationsPatchArgs>>? = null)

Properties

Link copied to clipboard
val excludeResourceRules: Output<List<NamedRuleWithOperationsPatchArgs>>? = null

ExcludeResourceRules describes what operations on what resources/subresources the policy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

Link copied to clipboard
val matchPolicy: Output<String>? = null

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

Link copied to clipboard
val namespaceSelector: Output<LabelSelectorPatchArgs>? = null

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": "0", "1" } ] } If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": "prod", "staging" } ] } See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors. Default to the empty LabelSelector, which matches everything.

Link copied to clipboard
val objectSelector: Output<LabelSelectorPatchArgs>? = null

ObjectSelector decides whether to run the policy based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the policy's expression (CEL), and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

Link copied to clipboard
val resourceRules: Output<List<NamedRuleWithOperationsPatchArgs>>? = null

ResourceRules describes what operations on what resources/subresources the admission policy matches. The policy cares about an operation if it matches any Rule.

Functions

Link copied to clipboard
open override fun toJava(): MatchResourcesPatchArgs