A policy
for Binary Authorization.
JSON representation |
---|
{ "name": string, "description": string, "globalPolicyEvaluationMode": enum ( |
Fields | |
---|---|
name |
Output only. The resource name, in the format |
description |
Optional. A descriptive comment. |
globalPolicyEvaluationMode |
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. |
admissionWhitelistPatterns[] |
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. |
clusterAdmissionRules |
Optional. Per-cluster admission rules. Cluster spec format: An object containing a list of |
kubernetesNamespaceAdmissionRules |
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: An object containing a list of |
kubernetesServiceAccountAdmissionRules |
Optional. Per-kubernetes-service-account admission rules. Service account spec format: An object containing a list of |
istioServiceIdentityAdmissionRules |
Optional. Per-istio-service-identity admission rules. Istio service identity spec format: An object containing a list of |
defaultAdmissionRule |
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule. |
updateTime |
Output only. Time when the policy was last updated. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
etag |
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the policy has an up-to-date value before attempting to update it. See https://google.aip.dev/154. |