diff --git a/config/crd/bases/config.gatekeeper.sh_configs.yaml b/config/crd/bases/config.gatekeeper.sh_configs.yaml index f9207c4dbab..aa870f987de 100644 --- a/config/crd/bases/config.gatekeeper.sh_configs.yaml +++ b/config/crd/bases/config.gatekeeper.sh_configs.yaml @@ -42,10 +42,11 @@ spec: excludedNamespaces: items: description: 'A string that supports globbing at its front - or end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + and end. Ex: "kube-*" will match "kube-system" or "kube-public", + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array processes: diff --git a/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml b/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml index 1fd9983a63b..e504c6069fe 100644 --- a/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml +++ b/config/crd/bases/match.gatekeeper.sh_matchcrd.yaml @@ -38,11 +38,12 @@ spec: `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + will match "kube-system" or "gatekeeper-system", "*system*" will + match "system-kube" or "kube-system". The asterisk is required + for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -120,7 +121,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's @@ -174,11 +175,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + will match "kube-system" or "gatekeeper-system", "*system*" will + match "system-kube" or "kube-system". The asterisk is required + for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/config/crd/bases/mutations.gatekeeper.sh_assign.yaml b/config/crd/bases/mutations.gatekeeper.sh_assign.yaml index 42d3c1bc386..60b2e470db8 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assign.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assign.yaml @@ -75,11 +75,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -158,7 +159,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -213,11 +214,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -422,11 +424,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -505,7 +508,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -560,11 +563,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -769,11 +773,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -852,7 +857,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -907,11 +912,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml b/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml index b472e067181..85d4d58be8e 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assignimage.yaml @@ -75,11 +75,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -158,7 +159,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -213,11 +214,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml b/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml index 902aba1db61..5d2883032c1 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_assignmetadata.yaml @@ -48,11 +48,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -131,7 +132,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -186,11 +187,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -347,11 +349,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -430,7 +433,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -485,11 +488,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -646,11 +650,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -729,7 +734,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -784,11 +789,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml b/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml index 7e95583fb54..1c0c28b85e8 100644 --- a/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml +++ b/config/crd/bases/mutations.gatekeeper.sh_modifyset.yaml @@ -76,11 +76,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -159,7 +160,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -214,11 +215,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -389,11 +391,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -472,7 +475,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -527,11 +530,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -702,11 +706,12 @@ spec: matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -785,7 +790,7 @@ spec: a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an @@ -840,11 +845,12 @@ spec: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", - "*-system" will match "kube-system" or "gatekeeper-system". The + "*-system" will match "kube-system" or "gatekeeper-system", + "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml index 0221a194812..7a709aa9e93 100644 --- a/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assign-customresourcedefinition.yaml @@ -64,8 +64,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -115,7 +115,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -150,8 +150,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -309,8 +309,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -360,7 +360,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -395,8 +395,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -554,8 +554,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -605,7 +605,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -640,8 +640,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml index 197f2f17933..a6ae2b75bc6 100644 --- a/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assignimage-customresourcedefinition.yaml @@ -64,8 +64,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -115,7 +115,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -150,8 +150,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml index 65c17ed3ae1..f3c4dca92fb 100644 --- a/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/assignmetadata-customresourcedefinition.yaml @@ -44,8 +44,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -95,7 +95,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -130,8 +130,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -255,8 +255,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -306,7 +306,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -341,8 +341,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -466,8 +466,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -517,7 +517,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -552,8 +552,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml index 269ca95f9a2..36bb7d541b7 100644 --- a/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/config-customresourcedefinition.yaml @@ -38,8 +38,8 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array processes: diff --git a/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml b/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml index 46574fd369f..4ee2a39d106 100644 --- a/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml +++ b/manifest_staging/charts/gatekeeper/crds/modifyset-customresourcedefinition.yaml @@ -64,8 +64,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -115,7 +115,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -150,8 +150,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -282,8 +282,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -333,7 +333,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -368,8 +368,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -500,8 +500,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -551,7 +551,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -586,8 +586,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml index 618cd8e2fc6..53d0beb7d10 100644 --- a/manifest_staging/deploy/gatekeeper.yaml +++ b/manifest_staging/deploy/gatekeeper.yaml @@ -96,8 +96,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -147,7 +147,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -182,8 +182,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -341,8 +341,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -392,7 +392,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -427,8 +427,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -586,8 +586,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -637,7 +637,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -672,8 +672,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -854,8 +854,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -905,7 +905,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -940,8 +940,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -1072,8 +1072,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -1123,7 +1123,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -1158,8 +1158,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -1283,8 +1283,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -1334,7 +1334,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -1369,8 +1369,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -1494,8 +1494,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -1545,7 +1545,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -1580,8 +1580,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -1722,8 +1722,8 @@ spec: properties: excludedNamespaces: items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array processes: @@ -2615,8 +2615,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -2666,7 +2666,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -2701,8 +2701,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -2833,8 +2833,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -2884,7 +2884,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -2919,8 +2919,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: @@ -3051,8 +3051,8 @@ spec: excludedNamespaces: description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -3102,7 +3102,7 @@ spec: type: object name: description: 'Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace. @@ -3137,8 +3137,8 @@ spec: namespaces: description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.' items: - description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will match "system-kube" or "kube-system". The asterisk is required for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/pkg/target/matchcrd_constant.go b/pkg/target/matchcrd_constant.go index fd454258514..a390668bd47 100644 --- a/pkg/target/matchcrd_constant.go +++ b/pkg/target/matchcrd_constant.go @@ -44,11 +44,12 @@ spec: `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`excludedNamespaces: [*-system]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`.' items: - description: 'A string that supports globbing at its front or end. + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + will match "kube-system" or "gatekeeper-system", "*system*" will + match "system-kube" or "kube-system". The asterisk is required + for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array kinds: @@ -126,7 +127,7 @@ spec: a prefix or suffix glob. For example, `+"`"+`name: pod-*`+"`"+` would match both `+"`"+`pod-a`+"`"+` and `+"`"+`pod-b`+"`"+`, and `+"`"+`name: *-pod`+"`"+` would match both `+"`"+`a-pod`+"`"+` and `+"`"+`b-pod`+"`"+`.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + pattern: ^\*?[-:a-z0-9]*\*?$ type: string namespaceSelector: description: NamespaceSelector is a label selector against an object's @@ -180,11 +181,12 @@ spec: [kube-*]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`kube-public`+"`"+`, and `+"`"+`namespaces: [*-system]`+"`"+` matches both `+"`"+`kube-system`+"`"+` and `+"`"+`gatekeeper-system`+"`"+`.' items: - description: 'A string that supports globbing at its front or end. + description: 'A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" - will match "kube-system" or "gatekeeper-system". The asterisk - is required for wildcard matching.' - pattern: ^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$ + will match "kube-system" or "gatekeeper-system", "*system*" will + match "system-kube" or "kube-system". The asterisk is required + for wildcard matching.' + pattern: ^\*?[-:a-z0-9]*\*?$ type: string type: array scope: diff --git a/pkg/wildcard/wildcard.go b/pkg/wildcard/wildcard.go index 36df10bfa7c..687a2a8f2bb 100644 --- a/pkg/wildcard/wildcard.go +++ b/pkg/wildcard/wildcard.go @@ -2,11 +2,11 @@ package wildcard import "strings" -// +kubebuilder:validation:Pattern=`^(\*|\*-)?[a-z0-9]([-:a-z0-9]*[a-z0-9])?(\*|-\*)?$` +// +kubebuilder:validation:Pattern=`^\*?[-:a-z0-9]*\*?$` -// A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or -// "kube-public", "*-system" will match "kube-system" or "gatekeeper-system". The asterisk is -// required for wildcard matching. +// A string that supports globbing at its front and end. Ex: "kube-*" will match "kube-system" or +// "kube-public", "*-system" will match "kube-system" or "gatekeeper-system", "*system*" will +// match "system-kube" or "kube-system". The asterisk is required for wildcard matching. // //nolint:revive type Wildcard string diff --git a/pkg/wildcard/wildcard_test.go b/pkg/wildcard/wildcard_test.go index d3853eebae8..cf273ed1a80 100644 --- a/pkg/wildcard/wildcard_test.go +++ b/pkg/wildcard/wildcard_test.go @@ -54,11 +54,17 @@ func TestMatches(t *testing.T) { matches: false, }, { - name: "wildcard suffix and prefix match", + name: "wildcard suffix and prefix, match", w: Wildcard("*-kube-*"), candidate: "test-kube-test", matches: true, }, + { + name: "wildcard suffix and prefix, no match", + w: Wildcard("*-kube-*"), + candidate: "my-kub-controller", + matches: false, + }, { name: "no wildcard, only hypens at suffix and prefix", w: Wildcard("-kube-"), @@ -66,22 +72,16 @@ func TestMatches(t *testing.T) { matches: false, }, { - name: "wild card at suffix and prefix, multiple hyphens", - w: Wildcard("*-kube-*"), - candidate: "test-dev-kube-dev-test", + name: "wildcard with consecutive hyphens", + w: Wildcard("*--*"), + candidate: "my--namespace", matches: true, }, { - name: "wild card at suffid and end, multiple hypens, no match", - w: Wildcard("*-kube-*"), - candidate: "my-kub-controller", - matches: false, - }, - { - name: "wild card at suffix and prefix, multiple hyphens, no match", - w: Wildcard("*-kube-*"), - candidate: "my-controller-manager", - matches: false, + name: "double wildcard", + w: Wildcard("**"), + candidate: "my:namespace", + matches: true, }, }