@@ -443,6 +443,54 @@ spec:
443443 type : object
444444 filtering :
445445 properties :
446+ namespaceLabelSelector :
447+ description : |-
448+ NamespaceLabelSelector selects Kubernetes namespaces by their own labels.
449+ It is evaluated in addition to namespace include/exclude filtering.
450+ properties :
451+ matchExpressions :
452+ description : matchExpressions is a list of label selector
453+ requirements. The requirements are ANDed.
454+ items :
455+ description : |-
456+ A label selector requirement is a selector that contains values, a key, and an operator that
457+ relates the key and values.
458+ properties :
459+ key :
460+ description : key is the label key that the selector
461+ applies to.
462+ type : string
463+ operator :
464+ description : |-
465+ operator represents a key's relationship to a set of values.
466+ Valid operators are In, NotIn, Exists and DoesNotExist.
467+ type : string
468+ values :
469+ description : |-
470+ values is an array of string values. If the operator is In or NotIn,
471+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
472+ the values array must be empty. This array is replaced during a strategic
473+ merge patch.
474+ items :
475+ type : string
476+ type : array
477+ x-kubernetes-list-type : atomic
478+ required :
479+ - key
480+ - operator
481+ type : object
482+ type : array
483+ x-kubernetes-list-type : atomic
484+ matchLabels :
485+ additionalProperties :
486+ type : string
487+ description : |-
488+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
489+ map is equivalent to an element of matchExpressions, whose key field is "key", the
490+ operator is "In", and the values array contains only "value". The requirements are ANDed.
491+ type : object
492+ type : object
493+ x-kubernetes-map-type : atomic
446494 namespaces :
447495 properties :
448496 exclude :
@@ -461,6 +509,54 @@ spec:
461509 type : string
462510 type : array
463511 type : object
512+ objectLabelSelector :
513+ description : |-
514+ ObjectLabelSelector selects Kubernetes objects by their own labels.
515+ It is passed to cnspec Kubernetes discovery for scheduled scans.
516+ properties :
517+ matchExpressions :
518+ description : matchExpressions is a list of label selector
519+ requirements. The requirements are ANDed.
520+ items :
521+ description : |-
522+ A label selector requirement is a selector that contains values, a key, and an operator that
523+ relates the key and values.
524+ properties :
525+ key :
526+ description : key is the label key that the selector
527+ applies to.
528+ type : string
529+ operator :
530+ description : |-
531+ operator represents a key's relationship to a set of values.
532+ Valid operators are In, NotIn, Exists and DoesNotExist.
533+ type : string
534+ values :
535+ description : |-
536+ values is an array of string values. If the operator is In or NotIn,
537+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
538+ the values array must be empty. This array is replaced during a strategic
539+ merge patch.
540+ items :
541+ type : string
542+ type : array
543+ x-kubernetes-list-type : atomic
544+ required :
545+ - key
546+ - operator
547+ type : object
548+ type : array
549+ x-kubernetes-list-type : atomic
550+ matchLabels :
551+ additionalProperties :
552+ type : string
553+ description : |-
554+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
555+ map is equivalent to an element of matchExpressions, whose key field is "key", the
556+ operator is "In", and the values array contains only "value". The requirements are ANDed.
557+ type : object
558+ type : object
559+ x-kubernetes-map-type : atomic
464560 type : object
465561 kubernetesResources :
466562 properties :
@@ -486,8 +582,57 @@ spec:
486582 filtering :
487583 description : |-
488584 Filtering allows namespace filtering specific to this external cluster.
489- If not specified, uses the global filtering from MondooAuditConfigSpec.Filtering.
585+ If omitted, the external cluster inherits the global filtering from MondooAuditConfigSpec.Filtering.
586+ Set an empty filtering object to scan all namespaces for this external cluster even when global filtering is configured.
490587properties :
588+ namespaceLabelSelector :
589+ description : |-
590+ NamespaceLabelSelector selects Kubernetes namespaces by their own labels.
591+ It is evaluated in addition to namespace include/exclude filtering.
592+ properties :
593+ matchExpressions :
594+ description : matchExpressions is a list of label
595+ selector requirements. The requirements are ANDed.
596+ items :
597+ description : |-
598+ A label selector requirement is a selector that contains values, a key, and an operator that
599+ relates the key and values.
600+ properties :
601+ key :
602+ description : key is the label key that the
603+ selector applies to.
604+ type : string
605+ operator :
606+ description : |-
607+ operator represents a key's relationship to a set of values.
608+ Valid operators are In, NotIn, Exists and DoesNotExist.
609+ type : string
610+ values :
611+ description : |-
612+ values is an array of string values. If the operator is In or NotIn,
613+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
614+ the values array must be empty. This array is replaced during a strategic
615+ merge patch.
616+ items :
617+ type : string
618+ type : array
619+ x-kubernetes-list-type : atomic
620+ required :
621+ - key
622+ - operator
623+ type : object
624+ type : array
625+ x-kubernetes-list-type : atomic
626+ matchLabels :
627+ additionalProperties :
628+ type : string
629+ description : |-
630+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
631+ map is equivalent to an element of matchExpressions, whose key field is "key", the
632+ operator is "In", and the values array contains only "value". The requirements are ANDed.
633+ type : object
634+ type : object
635+ x-kubernetes-map-type : atomic
491636 namespaces :
492637 properties :
493638 exclude :
@@ -506,6 +651,54 @@ spec:
506651 type : string
507652 type : array
508653 type : object
654+ objectLabelSelector :
655+ description : |-
656+ ObjectLabelSelector selects Kubernetes objects by their own labels.
657+ It is passed to cnspec Kubernetes discovery for scheduled scans.
658+ properties :
659+ matchExpressions :
660+ description : matchExpressions is a list of label
661+ selector requirements. The requirements are ANDed.
662+ items :
663+ description : |-
664+ A label selector requirement is a selector that contains values, a key, and an operator that
665+ relates the key and values.
666+ properties :
667+ key :
668+ description : key is the label key that the
669+ selector applies to.
670+ type : string
671+ operator :
672+ description : |-
673+ operator represents a key's relationship to a set of values.
674+ Valid operators are In, NotIn, Exists and DoesNotExist.
675+ type : string
676+ values :
677+ description : |-
678+ values is an array of string values. If the operator is In or NotIn,
679+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
680+ the values array must be empty. This array is replaced during a strategic
681+ merge patch.
682+ items :
683+ type : string
684+ type : array
685+ x-kubernetes-list-type : atomic
686+ required :
687+ - key
688+ - operator
689+ type : object
690+ type : array
691+ x-kubernetes-list-type : atomic
692+ matchLabels :
693+ additionalProperties :
694+ type : string
695+ description : |-
696+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
697+ map is equivalent to an element of matchExpressions, whose key field is "key", the
698+ operator is "In", and the values array contains only "value". The requirements are ANDed.
699+ type : object
700+ type : object
701+ x-kubernetes-map-type : atomic
509702 type : object
510703 kubeconfigSecretRef :
511704 description : |-
0 commit comments