Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
Output only. Time when the policy was last updated.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
etag
string
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the policy has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-04-12 UTC."],[[["This content outlines the JSON representation of a Binary Authorization policy, which dictates the rules for allowing or denying images."],["The policy can include a `defaultAdmissionRule` for clusters, as well as specific rules based on `clusterAdmissionRules`, `kubernetesNamespaceAdmissionRules`, `kubernetesServiceAccountAdmissionRules`, and `istioServiceIdentityAdmissionRules`."],["The `globalPolicyEvaluationMode` can be set to control the evaluation of a Google-maintained global admission policy for common system-level images."],["`admissionWhitelistPatterns` allow for specifying patterns that, if matched, will always permit the admission request, typically used to exclude infrastructure images."],["The policy contains `updateTime` and `etag`, allowing one to track when the policy was last updated, and it allows for a checksum to be sent on update requests to ensure the policy has the right value before updating it."]]],[]]
