Document policy.spec.rules.context.apiCall about website HOT 5 CLOSED

Sample policy:

apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: limits
spec:
  validationFailureAction: enforce
  rules:
  - name: limit-lb-svc
    match:
      resources:
        kinds:
        - Service
    context:
    - name: serviceCount
      apiCall:
        urlPath: "/api/v1/namespaces/{{ request.object.metadata.namespace }}/services"
        jmesPath: "items[?spec.type == 'LoadBalancer'] | length(@)"    
    preconditions:
    - key: "{{ request.operation }}"
      operator: Equals
      value: "CREATE"
    validate:
      message: "Only one LoadBalancer service is allowed per namespace"
      deny:
        conditions:
        - key: "{{ serviceCount }}"
          operator: Equals
          value: 1

from website.

λ kubectl explain policy.spec.rules.context.apiCall
KIND:     Policy
VERSION:  kyverno.io/v1

RESOURCE: apiCall <Object>

DESCRIPTION:
     APICall is an API server request to retrieve data

FIELDS:
   jmesPath     <string>
     JMESPath is an optional JSON Match Expression that can be used to transform
     the JSON response from the API server.

   urlPath      <string> -required-
     URLPath is the URL path to be used in the HTTP GET request

from website.

@JimBugwadia, can you possibly provide some "starter" docs (in this issue is fine; I can pick up the torch) that describes the functions supported in JMESPath, the operators, and if things like wildcards are supported in that and urlPath along with a couple more examples?

from website.

Thanks, Chip! Working on it and will get a PR this weekend. I am thinking of splitting the "Variables" and "External Data Lookups" sections into separate chapters with more details on how variables are processed.

from website.

Yeah, I think those definitely should be separate pages. I'm hoping to work on the new features in docs this weekend. Also thinking more about how we can version the docs, the pain in doing so, and what value that provides...

from website.