From 01c459d53ac59709b3f6eb1fd3a6074df546cf29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kub=C3=ADn?=
 <17200879+kukacz@users.noreply.github.com>
Date: Wed, 17 Jun 2026 12:17:32 +0200
Subject: [PATCH] publish module fluxcd-kustomize-controller v1.8.5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lukáš Kubín <17200879+kukacz@users.noreply.github.com>
---
 fluxcd-kustomize-controller/README.md         |  889 ++++++-----
 fluxcd-kustomize-controller/kcl.mod           |    6 +-
 fluxcd-kustomize-controller/kcl.mod.lock      |    5 -
 ...omize_toolkit_fluxcd_io_v1_kustomization.k |  138 +-
 ..._toolkit_fluxcd_io_v1beta1_kustomization.k |  665 --------
 ..._toolkit_fluxcd_io_v1beta2_kustomization.k |  709 ---------
 ...yverno_io_v2beta1_cluster_cleanup_policy.k | 1345 +++++++++++++++++
 7 files changed, 1941 insertions(+), 1816 deletions(-)
 delete mode 100644 fluxcd-kustomize-controller/kcl.mod.lock
 delete mode 100644 fluxcd-kustomize-controller/v1beta1/kustomize_toolkit_fluxcd_io_v1beta1_kustomization.k
 delete mode 100644 fluxcd-kustomize-controller/v1beta2/kustomize_toolkit_fluxcd_io_v1beta2_kustomization.k
 create mode 100644 fluxcd-kustomize-controller/v2beta1/kyverno_io_v2beta1_cluster_cleanup_policy.k

diff --git a/fluxcd-kustomize-controller/README.md b/fluxcd-kustomize-controller/README.md
index 6f1e465c..8a5b7c7e 100644
--- a/fluxcd-kustomize-controller/README.md
+++ b/fluxcd-kustomize-controller/README.md
@@ -1,4 +1,4 @@
-# kustomize-controller
+# fluxcd-kustomize-controller
 
 ## Index
 
@@ -13,6 +13,7 @@
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecHealthChecksItems0](#kustomizetoolkitfluxcdiov1kustomizationspechealthchecksitems0)
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecImagesItems0](#kustomizetoolkitfluxcdiov1kustomizationspecimagesitems0)
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfig](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfig)
+  - [KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigConfigMapRef](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfigconfigmapref)
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfigsecretref)
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecPatchesItems0](#kustomizetoolkitfluxcdiov1kustomizationspecpatchesitems0)
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecPatchesItems0Target](#kustomizetoolkitfluxcdiov1kustomizationspecpatchesitems0target)
@@ -21,53 +22,9 @@
   - [KustomizeToolkitFluxcdIoV1KustomizationSpecSourceRef](#kustomizetoolkitfluxcdiov1kustomizationspecsourceref)
   - [KustomizeToolkitFluxcdIoV1KustomizationStatus](#kustomizetoolkitfluxcdiov1kustomizationstatus)
   - [KustomizeToolkitFluxcdIoV1KustomizationStatusConditionsItems0](#kustomizetoolkitfluxcdiov1kustomizationstatusconditionsitems0)
+  - [KustomizeToolkitFluxcdIoV1KustomizationStatusHistoryItems0](#kustomizetoolkitfluxcdiov1kustomizationstatushistoryitems0)
   - [KustomizeToolkitFluxcdIoV1KustomizationStatusInventory](#kustomizetoolkitfluxcdiov1kustomizationstatusinventory)
   - [KustomizeToolkitFluxcdIoV1KustomizationStatusInventoryEntriesItems0](#kustomizetoolkitfluxcdiov1kustomizationstatusinventoryentriesitems0)
-- v1beta1
-  - [Kustomization](#kustomization)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpec](#kustomizetoolkitfluxcdiov1beta1kustomizationspec)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryption](#kustomizetoolkitfluxcdiov1beta1kustomizationspecdecryption)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryptionSecretRef](#kustomizetoolkitfluxcdiov1beta1kustomizationspecdecryptionsecretref)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDependsOnItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecdependsonitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecHealthChecksItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspechealthchecksitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecImagesItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecimagesitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfig](#kustomizetoolkitfluxcdiov1beta1kustomizationspeckubeconfig)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1beta1kustomizationspeckubeconfigsecretref)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0Target](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesitems0target)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesjson6902items0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0PatchItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesjson6902items0patchitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0Target](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesjson6902items0target)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuild](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpostbuild)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuildSubstituteFromItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpostbuildsubstitutefromitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecSourceRef](#kustomizetoolkitfluxcdiov1beta1kustomizationspecsourceref)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationStatus](#kustomizetoolkitfluxcdiov1beta1kustomizationstatus)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusConditionsItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationstatusconditionsitems0)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshot](#kustomizetoolkitfluxcdiov1beta1kustomizationstatussnapshot)
-  - [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshotEntriesItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationstatussnapshotentriesitems0)
-- v1beta2
-  - [Kustomization](#kustomization)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpec](#kustomizetoolkitfluxcdiov1beta2kustomizationspec)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecCommonMetadata](#kustomizetoolkitfluxcdiov1beta2kustomizationspeccommonmetadata)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryption](#kustomizetoolkitfluxcdiov1beta2kustomizationspecdecryption)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryptionSecretRef](#kustomizetoolkitfluxcdiov1beta2kustomizationspecdecryptionsecretref)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDependsOnItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecdependsonitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecHealthChecksItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspechealthchecksitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecImagesItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecimagesitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfig](#kustomizetoolkitfluxcdiov1beta2kustomizationspeckubeconfig)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1beta2kustomizationspeckubeconfigsecretref)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0Target](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesitems0target)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesjson6902items0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0PatchItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesjson6902items0patchitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0Target](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesjson6902items0target)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuild](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpostbuild)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuildSubstituteFromItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpostbuildsubstitutefromitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecSourceRef](#kustomizetoolkitfluxcdiov1beta2kustomizationspecsourceref)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationStatus](#kustomizetoolkitfluxcdiov1beta2kustomizationstatus)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusConditionsItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationstatusconditionsitems0)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventory](#kustomizetoolkitfluxcdiov1beta2kustomizationstatusinventory)
-  - [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventoryEntriesItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationstatusinventoryentriesitems0)
 - v2
   - [ClusterCleanupPolicy](#clustercleanuppolicy)
   - [KyvernoIoV2ClusterCleanupPolicySpec](#kyvernoiov2clustercleanuppolicyspec)
@@ -116,6 +73,54 @@
   - [KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0subjectsitems0)
   - [KyvernoIoV2ClusterCleanupPolicyStatus](#kyvernoiov2clustercleanuppolicystatus)
   - [KyvernoIoV2ClusterCleanupPolicyStatusConditionsItems0](#kyvernoiov2clustercleanuppolicystatusconditionsitems0)
+- v2beta1
+  - [ClusterCleanupPolicy](#clustercleanuppolicy)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpec](#kyvernoiov2beta1clustercleanuppolicyspec)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecConditions](#kyvernoiov2beta1clustercleanuppolicyspecconditions)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAllItems0](#kyvernoiov2beta1clustercleanuppolicyspecconditionsallitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAnyItems0](#kyvernoiov2beta1clustercleanuppolicyspecconditionsanyitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICall](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicall)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallDataItems0](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicalldataitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallService](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicallservice)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicallserviceheadersitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ConfigMap](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0configmap)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0GlobalReference](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0globalreference)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistry](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0imageregistry)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0imageregistryimageregistrycredentials)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0Variable](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0variable)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExclude](#kyvernoiov2beta1clustercleanuppolicyspecexclude)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resources)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0subjectsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resources)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0subjectsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatch](#kyvernoiov2beta1clustercleanuppolicyspecmatch)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resources)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesnamespaceselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesnamespaceselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0subjectsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resources)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesselector)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesselectormatchexpressionsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0subjectsitems0)
+  - [KyvernoIoV2beta1ClusterCleanupPolicyStatus](#kyvernoiov2beta1clustercleanuppolicystatus)
+  - [KyvernoIoV2beta1ClusterCleanupPolicyStatusConditionsItems0](#kyvernoiov2beta1clustercleanuppolicystatusconditionsitems0)
 
 ## Schemas
 
@@ -141,13 +146,14 @@ KustomizationSpec defines the configuration to calculate the desired state from
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**commonMetadata**|[KustomizeToolkitFluxcdIoV1KustomizationSpecCommonMetadata](#kustomizetoolkitfluxcdiov1kustomizationspeccommonmetadata)|common metadata||
-|**components**|[str]|Components specifies relative paths to specifications of other Components.||
+|**components**|[str]|Components specifies relative paths to kustomize Components.||
 |**decryption**|[KustomizeToolkitFluxcdIoV1KustomizationSpecDecryption](#kustomizetoolkitfluxcdiov1kustomizationspecdecryption)|decryption||
 |**deletionPolicy**|"MirrorPrune" | "Delete" | "WaitForTermination" | "Orphan"|DeletionPolicy can be used to control garbage collection when this<br />Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete',<br />'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field<br />(orphan if false, delete if true). Defaults to 'MirrorPrune'.||
-|**dependsOn**|[[KustomizeToolkitFluxcdIoV1KustomizationSpecDependsOnItems0](#kustomizetoolkitfluxcdiov1kustomizationspecdependsonitems0)]|DependsOn may contain a meta.NamespacedObjectReference slice<br />with references to Kustomization resources that must be ready before this<br />Kustomization can be reconciled.||
+|**dependsOn**|[[KustomizeToolkitFluxcdIoV1KustomizationSpecDependsOnItems0](#kustomizetoolkitfluxcdiov1kustomizationspecdependsonitems0)]|DependsOn may contain a DependencyReference slice<br />with references to Kustomization resources that must be ready before this<br />Kustomization can be reconciled.||
 |**force**|bool|Force instructs the controller to recreate resources<br />when patching fails due to an immutable field change.|False|
 |**healthCheckExprs**|[[KustomizeToolkitFluxcdIoV1KustomizationSpecHealthCheckExprsItems0](#kustomizetoolkitfluxcdiov1kustomizationspechealthcheckexprsitems0)]|HealthCheckExprs is a list of healthcheck expressions for evaluating the<br />health of custom resources using Common Expression Language (CEL).<br />The expressions are evaluated only when Wait or HealthChecks are specified.||
 |**healthChecks**|[[KustomizeToolkitFluxcdIoV1KustomizationSpecHealthChecksItems0](#kustomizetoolkitfluxcdiov1kustomizationspechealthchecksitems0)]|A list of resources to be included in the health assessment.||
+|**ignoreMissingComponents**|bool|IgnoreMissingComponents instructs the controller to ignore Components paths<br />not found in source by removing them from the generated kustomization.yaml<br />before running kustomize build.||
 |**images**|[[KustomizeToolkitFluxcdIoV1KustomizationSpecImagesItems0](#kustomizetoolkitfluxcdiov1kustomizationspecimagesitems0)]|Images is a list of (image name, new name, new tag or digest)<br />for changing image names, tags or digests. This can also be achieved with a<br />patch, but this operator is simpler to specify.||
 |**interval** `required`|str|The interval at which to reconcile the Kustomization.<br />This interval is approximate and may be subject to jitter to ensure<br />efficient use of resources.||
 |**kubeConfig**|[KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfig](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfig)|kube config||
@@ -196,14 +202,15 @@ The secret name containing the private OpenPGP keys used for decryption. A stati
 |**name** `required`|str|Name of the referent.||
 ### KustomizeToolkitFluxcdIoV1KustomizationSpecDependsOnItems0
 
-NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace.
+DependencyReference defines a Kustomization dependency on another Kustomization resource.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**name** `required`|str|Name of the referent.||
-|**namespace**|str|Namespace of the referent, when not specified it acts as LocalObjectReference.||
+|**namespace**|str|Namespace of the referent, defaults to the namespace of the Kustomization<br />resource object that contains the reference.||
+|**readyExpr**|str|ReadyExpr is a CEL expression that can be used to assess the readiness<br />of a dependency. When specified, the built-in readiness check<br />is replaced by the logic defined in the CEL expression.<br />To make the CEL expression additive to the built-in readiness check,<br />the feature gate `AdditiveCELDependencyCheck` must be set to `true`.||
 ### KustomizeToolkitFluxcdIoV1KustomizationSpecHealthCheckExprsItems0
 
 CustomHealthCheck defines the health check for custom resources.
@@ -249,10 +256,20 @@ The KubeConfig for reconciling the Kustomization on a remote cluster. When used
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**secretRef** `required`|[KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfigsecretref)|secret ref||
+|**configMapRef**|[KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigConfigMapRef](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfigconfigmapref)|config map ref||
+|**secretRef**|[KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1kustomizationspeckubeconfigsecretref)|secret ref||
+### KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigConfigMapRef
+
+ConfigMapRef holds an optional name of a ConfigMap that contains the following keys:  - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or `generic`. Required. - `cluster`: the fully qualified resource name of the Kubernetes cluster in the cloud provider API. Not used by the `generic` provider. Required when one of `address` or `ca.crt` is not set. - `address`: the address of the Kubernetes API server. Required for `generic`. For the other providers, if not specified, the first address in the cluster resource will be used, and if specified, it must match one of the addresses in the cluster resource. If audiences is not set, will be used as the audience for the `generic` provider. - `ca.crt`: the optional PEM-encoded CA certificate for the Kubernetes API server. If not set, the controller will use the CA certificate from the cluster resource. - `audiences`: the optional audiences as a list of line-break-separated strings for the Kubernetes ServiceAccount token. Defaults to the `address` for the `generic` provider, or to specific values for the other providers depending on the provider. -  `serviceAccountName`: the optional name of the Kubernetes ServiceAccount in the same namespace that should be used for authentication. If not specified, the controller ServiceAccount will be used.  Mutually exclusive with SecretRef.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name of the referent.||
 ### KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef
 
-SecretRef holds the name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources.
+SecretRef holds an optional name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. Mutually exclusive with ConfigMapRef. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources. Supported only for the generic provider.
 
 #### Attributes
 
@@ -315,7 +332,7 @@ Reference of the source where the kustomization file is.
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**apiVersion**|str|API version of the referent.||
-|**kind** `required`|"OCIRepository" | "GitRepository" | "Bucket"|Kind of the referent.||
+|**kind** `required`|"OCIRepository" | "GitRepository" | "Bucket" | "ExternalArtifact"|Kind of the referent.||
 |**name** `required`|str|Name of the referent.||
 |**namespace**|str|Namespace of the referent, defaults to the namespace of the Kubernetes<br />resource object that contains the reference.||
 ### KustomizeToolkitFluxcdIoV1KustomizationStatus
@@ -327,6 +344,7 @@ KustomizationStatus defines the observed state of a kustomization.
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**conditions**|[[KustomizeToolkitFluxcdIoV1KustomizationStatusConditionsItems0](#kustomizetoolkitfluxcdiov1kustomizationstatusconditionsitems0)]|conditions||
+|**history**|[[KustomizeToolkitFluxcdIoV1KustomizationStatusHistoryItems0](#kustomizetoolkitfluxcdiov1kustomizationstatushistoryitems0)]|History contains a set of snapshots of the last reconciliation attempts<br />tracking the revision, the state and the duration of each attempt.||
 |**inventory**|[KustomizeToolkitFluxcdIoV1KustomizationStatusInventory](#kustomizetoolkitfluxcdiov1kustomizationstatusinventory)|inventory||
 |**lastAppliedOriginRevision**|str|The last successfully applied origin revision.<br />Equals the origin revision of the applied Artifact from the referenced Source.<br />Usually present on the Metadata of the applied Artifact and depends on the<br />Source type, e.g. for OCI it's the value associated with the key<br />"org.opencontainers.image.revision".||
 |**lastAppliedRevision**|str|The last successfully applied revision.<br />Equals the Revision of the applied Artifact from the referenced Source.||
@@ -347,6 +365,21 @@ Condition contains details for one aspect of the current state of this API Resou
 |**reason** `required`|str|reason contains a programmatic identifier indicating the reason for the condition's last transition.<br />Producers of specific condition types may define expected values and meanings for this field,<br />and whether the values are considered a guaranteed API.<br />The value should be a CamelCase string.<br />This field may not be empty.||
 |**status** `required`|"True" | "False" | "Unknown"|status of the condition, one of True, False, Unknown.||
 |**type** `required`|str|||
+### KustomizeToolkitFluxcdIoV1KustomizationStatusHistoryItems0
+
+Snapshot represents a point-in-time record of a group of resources reconciliation, including timing information, status, and a unique digest identifier.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**digest** `required`|str|Digest is the checksum in the format `<algo>:<hex>` of the resources in this snapshot.||
+|**firstReconciled** `required`|str|FirstReconciled is the time when this revision was first reconciled to the cluster.||
+|**lastReconciled** `required`|str|LastReconciled is the time when this revision was last reconciled to the cluster.||
+|**lastReconciledDuration** `required`|str|LastReconciledDuration is time it took to reconcile the resources in this revision.||
+|**lastReconciledStatus** `required`|str|LastReconciledStatus is the status of the last reconciliation.||
+|**metadata**|{str:str}|Metadata contains additional information about the snapshot.||
+|**totalReconciliations** `required`|int|TotalReconciliations is the total number of reconciliations that have occurred for this snapshot.||
 ### KustomizeToolkitFluxcdIoV1KustomizationStatusInventory
 
 Inventory contains the list of Kubernetes resource object references that have been successfully applied.
@@ -366,496 +399,537 @@ ResourceRef contains the information necessary to locate a resource within a clu
 | --- | --- | --- | --- |
 |**id** `required`|str|ID is the string representation of the Kubernetes resource object's metadata,<br />in the format '<namespace>_<name>_<group>_<kind>'.||
 |**v** `required`|str|Version is the API version of the Kubernetes resource object's kind.||
-### Kustomization
+### ClusterCleanupPolicy
 
-Kustomization is the Schema for the kustomizations API.
+ClusterCleanupPolicy defines rule for resource cleanup.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion** `required` `readOnly`|"kustomize.toolkit.fluxcd.io/v1beta1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"kustomize.toolkit.fluxcd.io/v1beta1"|
-|**kind** `required` `readOnly`|"Kustomization"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Kustomization"|
+|**apiVersion** `required` `readOnly`|"kyverno.io/v2"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"kyverno.io/v2"|
+|**kind** `required` `readOnly`|"ClusterCleanupPolicy"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ClusterCleanupPolicy"|
 |**metadata**|[ObjectMeta](#objectmeta)|metadata||
-|**spec**|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpec](#kustomizetoolkitfluxcdiov1beta1kustomizationspec)|spec||
-|**status**|[KustomizeToolkitFluxcdIoV1beta1KustomizationStatus](#kustomizetoolkitfluxcdiov1beta1kustomizationstatus)|status||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpec
+|**spec** `required`|[KyvernoIoV2ClusterCleanupPolicySpec](#kyvernoiov2clustercleanuppolicyspec)|spec||
+|**status**|[KyvernoIoV2ClusterCleanupPolicyStatus](#kyvernoiov2clustercleanuppolicystatus)|status||
+### KyvernoIoV2ClusterCleanupPolicySpec
 
-KustomizationSpec defines the desired state of a kustomization.
+Spec declares policy behaviors.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**decryption**|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryption](#kustomizetoolkitfluxcdiov1beta1kustomizationspecdecryption)|decryption||
-|**dependsOn**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDependsOnItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecdependsonitems0)]|DependsOn may contain a meta.NamespacedObjectReference slice<br />with references to Kustomization resources that must be ready before this<br />Kustomization can be reconciled.||
-|**force**|bool|Force instructs the controller to recreate resources<br />when patching fails due to an immutable field change.|False|
-|**healthChecks**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecHealthChecksItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspechealthchecksitems0)]|A list of resources to be included in the health assessment.||
-|**images**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecImagesItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecimagesitems0)]|Images is a list of (image name, new name, new tag or digest)<br />for changing image names, tags or digests. This can also be achieved with a<br />patch, but this operator is simpler to specify.||
-|**interval** `required`|str|The interval at which to reconcile the Kustomization.||
-|**kubeConfig**|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfig](#kustomizetoolkitfluxcdiov1beta1kustomizationspeckubeconfig)|kube config||
-|**patches**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesitems0)]|Strategic merge and JSON patches, defined as inline YAML objects,<br />capable of targeting objects based on kind, label and annotation selectors.||
-|**patchesJson6902**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesjson6902items0)]|JSON 6902 patches, defined as inline YAML objects.||
-|**patchesStrategicMerge**|[]|Strategic merge patches, defined as inline YAML objects.||
-|**path**|str|Path to the directory containing the kustomization.yaml file, or the<br />set of plain YAMLs a kustomization.yaml should be generated for.<br />Defaults to 'None', which translates to the root path of the SourceRef.||
-|**postBuild**|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuild](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpostbuild)|post build||
-|**prune** `required`|bool|Prune enables garbage collection.||
-|**retryInterval**|str|The interval at which to retry a previously failed reconciliation.<br />When not specified, the controller uses the KustomizationSpec.Interval<br />value to retry failures.||
-|**serviceAccountName**|str|The name of the Kubernetes service account to impersonate<br />when reconciling this Kustomization.||
-|**sourceRef** `required`|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecSourceRef](#kustomizetoolkitfluxcdiov1beta1kustomizationspecsourceref)|source ref||
-|**suspend**|bool|This flag tells the controller to suspend subsequent kustomize executions,<br />it does not apply to already started executions. Defaults to false.||
-|**targetNamespace**|str|TargetNamespace sets or overrides the namespace in the<br />kustomization.yaml file.||
-|**timeout**|str|Timeout for validation, apply and health checking operations.<br />Defaults to 'Interval' duration.||
-|**validation**|"none" | "client" | "server"|Validate the Kubernetes objects before applying them on the cluster.<br />The validation strategy can be 'client' (local dry-run), 'server'<br />(APIServer dry-run) or 'none'.<br />When 'Force' is 'true', validation will fallback to 'client' if set to<br />'server' because server-side validation is not supported in this scenario.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryption
+|**conditions**|[KyvernoIoV2ClusterCleanupPolicySpecConditions](#kyvernoiov2clustercleanuppolicyspecconditions)|conditions||
+|**context**|[[KyvernoIoV2ClusterCleanupPolicySpecContextItems0](#kyvernoiov2clustercleanuppolicyspeccontextitems0)]|Context defines variables and data sources that can be used during rule execution.||
+|**exclude**|[KyvernoIoV2ClusterCleanupPolicySpecExclude](#kyvernoiov2clustercleanuppolicyspecexclude)|exclude||
+|**match** `required`|[KyvernoIoV2ClusterCleanupPolicySpecMatch](#kyvernoiov2clustercleanuppolicyspecmatch)|match||
+|**schedule** `required`|str|The schedule in Cron format||
+### KyvernoIoV2ClusterCleanupPolicySpecConditions
 
-Decrypt Kubernetes secrets before applying them on the cluster.
+Conditions defines the conditions used to select the resources which will be cleaned up.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**provider** `required` `readOnly`|"sops"|Provider is the name of the decryption engine.|"sops"|
-|**secretRef**|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryptionSecretRef](#kustomizetoolkitfluxcdiov1beta1kustomizationspecdecryptionsecretref)|secret ref||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryptionSecretRef
+|**all**|[[KyvernoIoV2ClusterCleanupPolicySpecConditionsAllItems0](#kyvernoiov2clustercleanuppolicyspecconditionsallitems0)]|||
+|**any**|[[KyvernoIoV2ClusterCleanupPolicySpecConditionsAnyItems0](#kyvernoiov2clustercleanuppolicyspecconditionsanyitems0)]|AnyConditions enable variable-based conditional rule execution. This is useful for<br />finer control of when an rule is applied. A condition can reference object data<br />using JMESPath notation.<br />Here, at least one of the conditions need to pass.||
+### KyvernoIoV2ClusterCleanupPolicySpecConditionsAllItems0
 
-The secret name containing the private OpenPGP keys used for decryption.
+kyverno io v2 cluster cleanup policy spec conditions all items0
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**name** `required`|str|Name of the referent.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDependsOnItems0
+|**key**|any|Key is the context entry (using JMESPath) for conditional rule evaluation.||
+|**message**|str|Message is an optional display message||
+|**operator**|"Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"|Operator is the conditional operation to perform. Valid operators are:<br />Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,<br />GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,<br />DurationLessThanOrEquals, DurationLessThan||
+|**value**|any|Value is the conditional value, or set of values. The values can be fixed set<br />or can be variables declared using JMESPath.||
+### KyvernoIoV2ClusterCleanupPolicySpecConditionsAnyItems0
 
-NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace.
+kyverno io v2 cluster cleanup policy spec conditions any items0
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**name** `required`|str|Name of the referent.||
-|**namespace**|str|Namespace of the referent, when not specified it acts as LocalObjectReference.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecHealthChecksItems0
+|**key**|any|Key is the context entry (using JMESPath) for conditional rule evaluation.||
+|**message**|str|Message is an optional display message||
+|**operator**|"Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"|Operator is the conditional operation to perform. Valid operators are:<br />Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,<br />GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,<br />DurationLessThanOrEquals, DurationLessThan||
+|**value**|any|Value is the conditional value, or set of values. The values can be fixed set<br />or can be variables declared using JMESPath.||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0
 
-NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object in any namespace.
+ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion**|str|API version of the referent, if not specified the Kubernetes preferred version will be used.||
-|**kind** `required`|str|Kind of the referent.||
-|**name** `required`|str|Name of the referent.||
-|**namespace**|str|Namespace of the referent, when not specified it acts as LocalObjectReference.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecImagesItems0
+|**apiCall**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICall](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicall)|api call||
+|**configMap**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0ConfigMap](#kyvernoiov2clustercleanuppolicyspeccontextitems0configmap)|config map||
+|**globalReference**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0GlobalReference](#kyvernoiov2clustercleanuppolicyspeccontextitems0globalreference)|global reference||
+|**imageRegistry**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistry](#kyvernoiov2clustercleanuppolicyspeccontextitems0imageregistry)|image registry||
+|**name** `required`|str|Name is the variable name.||
+|**variable**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0Variable](#kyvernoiov2clustercleanuppolicyspeccontextitems0variable)|variable||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICall
 
-Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.
+APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**digest**|str|Digest is the value used to replace the original image tag.<br />If digest is present NewTag value is ignored.||
-|**name** `required`|str|Name is a tag-less image name.||
-|**newName**|str|NewName is the value used to replace the original name.||
-|**newTag**|str|NewTag is the value used to replace the original tag.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfig
+|**data**|[[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallDataItems0](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicalldataitems0)]|The data object specifies the POST data sent to the server.<br />Only applicable when the method field is set to POST.||
+|**default**|any|Default is an optional arbitrary JSON object that the context<br />value is set to, if the apiCall returns error.||
+|**jmesPath**|str|JMESPath is an optional JSON Match Expression that can be used to<br />transform the JSON response returned from the server. For example<br />a JMESPath of "items \| length(@)" applied to the API server response<br />for the URLPath "/apis/apps/v1/deployments" will return the total count<br />of deployments across all namespaces.||
+|**method**|"GET" | "POST"|Method is the HTTP request type (GET or POST). Defaults to GET.|"GET"|
+|**service**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallService](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicallservice)|service||
+|**urlPath**|str|URLPath is the URL path to be used in the HTTP GET or POST request to the<br />Kubernetes API server (e.g. "/api/v1/namespaces" or  "/apis/apps/v1/deployments").<br />The format required is the same format used by the `kubectl get --raw` command.<br />See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls<br />for details.<br />It's mutually exclusive with the Service field.||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallDataItems0
 
-The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName.
+RequestData contains the HTTP POST data
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**secretRef** `required`|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1beta1kustomizationspeckubeconfigsecretref)|secret ref||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfigSecretRef
+|**key** `required`|str|Key is a unique identifier for the data value||
+|**value** `required`|any|Value is the data value||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallService
 
-SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization.
+Service is an API call to a JSON web service. This is used for non-Kubernetes API server calls. It's mutually exclusive with the URLPath field.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**name** `required`|str|Name of the referent.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0
+|**caBundle**|str|CABundle is a PEM encoded CA bundle which will be used to validate<br />the server certificate.||
+|**headers**|[[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicallserviceheadersitems0)]|Headers is a list of optional HTTP headers to be included in the request.||
+|**url** `required`|str|URL is the JSON web service URL. A typical form is<br />`https://{service}.{namespace}:{port}/{path}`.||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0
 
-Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should be applied to.
+kyverno io v2 cluster cleanup policy spec context items0 API call service headers items0
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**patch** `required`|str|Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with<br />an array of operation objects.||
-|**target**|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0Target](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesitems0target)|target||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0Target
+|**key** `required`|str|Key is the header key||
+|**value** `required`|str|Value is the header value||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0ConfigMap
 
-Target points to the resources that the patch document should be applied to.
+ConfigMap is the ConfigMap reference.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**annotationSelector**|str|AnnotationSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource annotations.||
-|**group**|str|Group is the API group to select resources from.<br />Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**kind**|str|Kind of the API Group to select resources from.<br />Together with Group and Version it is capable of unambiguously<br />identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**labelSelector**|str|LabelSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource labels.||
-|**name**|str|Name to match resources with.||
-|**namespace**|str|Namespace to select resources from.||
-|**version**|str|Version of the API Group to select resources from.<br />Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0
+|**name** `required`|str|Name is the ConfigMap name.||
+|**namespace**|str|Namespace is the ConfigMap namespace.||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0GlobalReference
 
-JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.
+GlobalContextEntryReference is a reference to a cached global context entry.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**patch** `required`|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0PatchItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesjson6902items0patchitems0)]|Patch contains the JSON6902 patch document with an array of operation objects.||
-|**target** `required`|[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0Target](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpatchesjson6902items0target)|target||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0PatchItems0
+|**jmesPath**|str|JMESPath is an optional JSON Match Expression that can be used to<br />transform the JSON response returned from the server. For example<br />a JMESPath of "items \| length(@)" applied to the API server response<br />for the URLPath "/apis/apps/v1/deployments" will return the total count<br />of deployments across all namespaces.||
+|**name** `required`|str|Name of the global context entry||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistry
 
-JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
+ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**from**|str|From contains a JSON-pointer value that references a location within the target document where the operation is<br />performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.||
-|**op** `required`|"test" | "remove" | "add" | "replace" | "move" | "copy"|Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or<br />"test".<br />https://datatracker.ietf.org/doc/html/rfc6902#section-4||
-|**path** `required`|str|Path contains the JSON-pointer value that references a location within the target document where the operation<br />is performed. The meaning of the value depends on the value of Op.||
-|**value**|any|Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into<br />account by all operations.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0Target
+|**imageRegistryCredentials**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials](#kyvernoiov2clustercleanuppolicyspeccontextitems0imageregistryimageregistrycredentials)|image registry credentials||
+|**jmesPath**|str|JMESPath is an optional JSON Match Expression that can be used to<br />transform the ImageData struct returned as a result of processing<br />the image reference.||
+|**reference** `required`|str|Reference is image reference to a container image in the registry.<br />Example: ghcr.io/kyverno/kyverno:latest||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials
 
-Target points to the resources that the patch document should be applied to.
+ImageRegistryCredentials provides credentials that will be used for authentication with registry
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**annotationSelector**|str|AnnotationSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource annotations.||
-|**group**|str|Group is the API group to select resources from.<br />Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**kind**|str|Kind of the API Group to select resources from.<br />Together with Group and Version it is capable of unambiguously<br />identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**labelSelector**|str|LabelSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource labels.||
-|**name**|str|Name to match resources with.||
-|**namespace**|str|Namespace to select resources from.||
-|**version**|str|Version of the API Group to select resources from.<br />Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuild
+|**allowInsecureRegistry**|bool|AllowInsecureRegistry allows insecure access to a registry.||
+|**providers**|[str]|Providers specifies a list of OCI Registry names, whose authentication providers are provided.<br />It can be of one of these values: default,google,azure,amazon,github.||
+|**secrets**|[str]|Secrets specifies a list of secrets that are provided for credentials.<br />Secrets must live in the Kyverno namespace.||
+### KyvernoIoV2ClusterCleanupPolicySpecContextItems0Variable
 
-PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.
+Variable defines an arbitrary JMESPath context variable that can be defined inline.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**substitute**|{str:str}|Substitute holds a map of key/value pairs.<br />The variables defined in your YAML manifests<br />that match any of the keys defined in the map<br />will be substituted with the set value.<br />Includes support for bash string replacement functions<br />e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.||
-|**substituteFrom**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuildSubstituteFromItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationspecpostbuildsubstitutefromitems0)]|SubstituteFrom holds references to ConfigMaps and Secrets containing<br />the variables and their values to be substituted in the YAML manifests.<br />The ConfigMap and the Secret data keys represent the var names and they<br />must match the vars declared in the manifests for the substitution to happen.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuildSubstituteFromItems0
+|**default**|any|Default is an optional arbitrary JSON object that the variable may take if the JMESPath<br />expression evaluates to nil||
+|**jmesPath**|str|JMESPath is an optional JMESPath Expression that can be used to<br />transform the variable.||
+|**value**|any|Value is any arbitrary JSON object representable in YAML or JSON form.||
+### KyvernoIoV2ClusterCleanupPolicySpecExclude
 
-SubstituteReference contains a reference to a resource containing the variables name and value.
+ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**kind** `required`|"Secret" | "ConfigMap"|Kind of the values referent, valid values are ('Secret', 'ConfigMap').||
-|**name** `required`|str|Name of the values referent. Should reside in the same namespace as the<br />referring resource.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationSpecSourceRef
+|**all**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0)]|||
+|**any**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0)]|Any allows specifying resources which will be ORed||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0
 
-Reference of the source where the kustomization file is.
+ResourceFilter allow users to "AND" or "OR" between resources
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion**|str|API version of the referent||
-|**kind** `required`|"GitRepository" | "Bucket"|Kind of the referent||
-|**name** `required`|str|Name of the referent||
-|**namespace**|str|Namespace of the referent, defaults to the Kustomization namespace||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationStatus
+|**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
+|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0Resources](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resources)|resources||
+|**roles**|[str]|Roles is the list of namespaced role names for the user.||
+|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0Resources
 
-KustomizationStatus defines the observed state of a kustomization.
+ResourceDescription contains information about the resource being created or modified.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**conditions**|[[KustomizeToolkitFluxcdIoV1beta1KustomizationStatusConditionsItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationstatusconditionsitems0)]|conditions||
-|**lastAppliedRevision**|str|The last successfully applied revision.<br />The revision format for Git sources is <branch\|tag>/<commit-sha>.||
-|**lastAttemptedRevision**|str|LastAttemptedRevision is the revision of the last reconciliation attempt.||
-|**lastHandledReconcileAt**|str|LastHandledReconcileAt holds the value of the most recent<br />reconcile request value, so a change of the annotation value<br />can be detected.||
-|**observedGeneration**|int|ObservedGeneration is the last reconciled generation.||
-|**snapshot**|[KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshot](#kustomizetoolkitfluxcdiov1beta1kustomizationstatussnapshot)|snapshot||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationStatusConditionsItems0
+|**annotations**|{str:str}|Annotations is a  map of annotations (key-value pairs of type string). Annotation keys<br />and values support the wildcard characters "*" (matches zero or many characters) and<br />"?" (matches at least one character).||
+|**kinds**|[str]|Kinds is a list of resource kinds.||
+|**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
+|**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselector)|namespace selector||
+|**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
+|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesselector)|selector||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector
 
-Condition contains details for one aspect of the current state of this API Resource.
+NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**lastTransitionTime** `required`|str|lastTransitionTime is the last time the condition transitioned from one status to another.<br />This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.||
-|**message** `required`|str|message is a human readable message indicating details about the transition.<br />This may be an empty string.||
-|**observedGeneration**|int|observedGeneration represents the .metadata.generation that the condition was set based upon.<br />For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date<br />with respect to the current state of the instance.||
-|**reason** `required`|str|reason contains a programmatic identifier indicating the reason for the condition's last transition.<br />Producers of specific condition types may define expected values and meanings for this field,<br />and whether the values are considered a guaranteed API.<br />The value should be a CamelCase string.<br />This field may not be empty.||
-|**status** `required`|"True" | "False" | "Unknown"|status of the condition, one of True, False, Unknown.||
-|**type** `required`|str|||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshot
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
-The last successfully applied revision metadata.
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**checksum** `required`|str|The manifests sha1 checksum.||
-|**entries** `required`|[[KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshotEntriesItems0](#kustomizetoolkitfluxcdiov1beta1kustomizationstatussnapshotentriesitems0)]|A list of Kubernetes kinds grouped by namespace.||
-### KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshotEntriesItems0
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector
 
-Snapshot holds the metadata of namespaced Kubernetes objects
+Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**kinds** `required`|{str:str}|The list of Kubernetes kinds.||
-|**namespace**|str|The namespace of this entry.||
-### Kustomization
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0
 
-Kustomization is the Schema for the kustomizations API.
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion** `required` `readOnly`|"kustomize.toolkit.fluxcd.io/v1beta2"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"kustomize.toolkit.fluxcd.io/v1beta2"|
-|**kind** `required` `readOnly`|"Kustomization"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Kustomization"|
-|**metadata**|[ObjectMeta](#objectmeta)|metadata||
-|**spec**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpec](#kustomizetoolkitfluxcdiov1beta2kustomizationspec)|spec||
-|**status**|[KustomizeToolkitFluxcdIoV1beta2KustomizationStatus](#kustomizetoolkitfluxcdiov1beta2kustomizationstatus)|status||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpec
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0
 
-KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize.
+Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**commonMetadata**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecCommonMetadata](#kustomizetoolkitfluxcdiov1beta2kustomizationspeccommonmetadata)|common metadata||
-|**components**|[str]|Components specifies relative paths to specifications of other Components.||
-|**decryption**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryption](#kustomizetoolkitfluxcdiov1beta2kustomizationspecdecryption)|decryption||
-|**dependsOn**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDependsOnItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecdependsonitems0)]|DependsOn may contain a meta.NamespacedObjectReference slice<br />with references to Kustomization resources that must be ready before this<br />Kustomization can be reconciled.||
-|**force**|bool|Force instructs the controller to recreate resources<br />when patching fails due to an immutable field change.|False|
-|**healthChecks**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecHealthChecksItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspechealthchecksitems0)]|A list of resources to be included in the health assessment.||
-|**images**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecImagesItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecimagesitems0)]|Images is a list of (image name, new name, new tag or digest)<br />for changing image names, tags or digests. This can also be achieved with a<br />patch, but this operator is simpler to specify.||
-|**interval** `required`|str|The interval at which to reconcile the Kustomization.||
-|**kubeConfig**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfig](#kustomizetoolkitfluxcdiov1beta2kustomizationspeckubeconfig)|kube config||
-|**patches**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesitems0)]|Strategic merge and JSON patches, defined as inline YAML objects,<br />capable of targeting objects based on kind, label and annotation selectors.||
-|**patchesJson6902**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesjson6902items0)]|JSON 6902 patches, defined as inline YAML objects.<br />Deprecated: Use Patches instead.||
-|**patchesStrategicMerge**|[]|Strategic merge patches, defined as inline YAML objects.<br />Deprecated: Use Patches instead.||
-|**path**|str|Path to the directory containing the kustomization.yaml file, or the<br />set of plain YAMLs a kustomization.yaml should be generated for.<br />Defaults to 'None', which translates to the root path of the SourceRef.||
-|**postBuild**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuild](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpostbuild)|post build||
-|**prune** `required`|bool|Prune enables garbage collection.||
-|**retryInterval**|str|The interval at which to retry a previously failed reconciliation.<br />When not specified, the controller uses the KustomizationSpec.Interval<br />value to retry failures.||
-|**serviceAccountName**|str|The name of the Kubernetes service account to impersonate<br />when reconciling this Kustomization.||
-|**sourceRef** `required`|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecSourceRef](#kustomizetoolkitfluxcdiov1beta2kustomizationspecsourceref)|source ref||
-|**suspend**|bool|This flag tells the controller to suspend subsequent kustomize executions,<br />it does not apply to already started executions. Defaults to false.||
-|**targetNamespace**|str|TargetNamespace sets or overrides the namespace in the<br />kustomization.yaml file.||
-|**timeout**|str|Timeout for validation, apply and health checking operations.<br />Defaults to 'Interval' duration.||
-|**validation**|"none" | "client" | "server"|Deprecated: Not used in v1beta2.||
-|**wait**|bool|Wait instructs the controller to check the health of all the reconciled resources.<br />When enabled, the HealthChecks are ignored. Defaults to false.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecCommonMetadata
+|**apiGroup**|str|APIGroup holds the API group of the referenced subject.<br />Defaults to "" for ServiceAccount subjects.<br />Defaults to "rbac.authorization.k8s.io" for User and Group subjects.||
+|**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
+|**name** `required`|str|Name of the object being referenced.||
+|**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0
 
-CommonMetadata specifies the common labels and annotations that are applied to all resources. Any existing label or annotation will be overridden if its key matches a common one.
+ResourceFilter allow users to "AND" or "OR" between resources
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
+|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0Resources](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resources)|resources||
+|**roles**|[str]|Roles is the list of namespaced role names for the user.||
+|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0Resources
+
+ResourceDescription contains information about the resource being created or modified.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**annotations**|{str:str}|Annotations is a  map of annotations (key-value pairs of type string). Annotation keys<br />and values support the wildcard characters "*" (matches zero or many characters) and<br />"?" (matches at least one character).||
+|**kinds**|[str]|Kinds is a list of resource kinds.||
+|**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
+|**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselector)|namespace selector||
+|**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
+|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesselector)|selector||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector
+
+NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0
+
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector
+
+Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0
+
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0
+
+Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**annotations**|{str:str}|Annotations to be added to the object's metadata.||
-|**labels**|{str:str}|Labels to be added to the object's metadata.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryption
+|**apiGroup**|str|APIGroup holds the API group of the referenced subject.<br />Defaults to "" for ServiceAccount subjects.<br />Defaults to "rbac.authorization.k8s.io" for User and Group subjects.||
+|**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
+|**name** `required`|str|Name of the object being referenced.||
+|**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatch
 
-Decrypt Kubernetes secrets before applying them on the cluster.
+MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**provider** `required` `readOnly`|"sops"|Provider is the name of the decryption engine.|"sops"|
-|**secretRef**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryptionSecretRef](#kustomizetoolkitfluxcdiov1beta2kustomizationspecdecryptionsecretref)|secret ref||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryptionSecretRef
+|**all**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0)]|||
+|**any**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0)]|Any allows specifying resources which will be ORed||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0
 
-The secret name containing the private OpenPGP keys used for decryption.
+ResourceFilter allow users to "AND" or "OR" between resources
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**name** `required`|str|Name of the referent.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDependsOnItems0
+|**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
+|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0Resources](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resources)|resources||
+|**roles**|[str]|Roles is the list of namespaced role names for the user.||
+|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0Resources
 
-NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace.
+ResourceDescription contains information about the resource being created or modified.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**name** `required`|str|Name of the referent.||
-|**namespace**|str|Namespace of the referent, when not specified it acts as LocalObjectReference.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecHealthChecksItems0
+|**annotations**|{str:str}|Annotations is a  map of annotations (key-value pairs of type string). Annotation keys<br />and values support the wildcard characters "*" (matches zero or many characters) and<br />"?" (matches at least one character).||
+|**kinds**|[str]|Kinds is a list of resource kinds.||
+|**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
+|**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesnamespaceselector)|namespace selector||
+|**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
+|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesselector)|selector||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector
 
-NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object in any namespace.
+NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion**|str|API version of the referent, if not specified the Kubernetes preferred version will be used.||
-|**kind** `required`|str|Kind of the referent.||
-|**name** `required`|str|Name of the referent.||
-|**namespace**|str|Namespace of the referent, when not specified it acts as LocalObjectReference.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecImagesItems0
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
-Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**digest**|str|Digest is the value used to replace the original image tag.<br />If digest is present NewTag value is ignored.||
-|**name** `required`|str|Name is a tag-less image name.||
-|**newName**|str|NewName is the value used to replace the original name.||
-|**newTag**|str|NewTag is the value used to replace the original tag.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfig
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector
 
-The KubeConfig for reconciling the Kustomization on a remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the --default-service-account flag is set, its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName is empty.
+Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**secretRef** `required`|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfigSecretRef](#kustomizetoolkitfluxcdiov1beta2kustomizationspeckubeconfigsecretref)|secret ref||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfigSecretRef
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0
 
-SecretRef holds the name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources.
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**key**|str|Key in the Secret, when not specified an implementation-specific default key is used.||
-|**name** `required`|str|Name of the Secret.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0
 
-Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should be applied to.
+Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**patch** `required`|str|Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with<br />an array of operation objects.||
-|**target**|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0Target](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesitems0target)|target||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0Target
+|**apiGroup**|str|APIGroup holds the API group of the referenced subject.<br />Defaults to "" for ServiceAccount subjects.<br />Defaults to "rbac.authorization.k8s.io" for User and Group subjects.||
+|**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
+|**name** `required`|str|Name of the object being referenced.||
+|**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0
 
-Target points to the resources that the patch document should be applied to.
+ResourceFilter allow users to "AND" or "OR" between resources
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**annotationSelector**|str|AnnotationSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource annotations.||
-|**group**|str|Group is the API group to select resources from.<br />Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**kind**|str|Kind of the API Group to select resources from.<br />Together with Group and Version it is capable of unambiguously<br />identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**labelSelector**|str|LabelSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource labels.||
-|**name**|str|Name to match resources with.||
-|**namespace**|str|Namespace to select resources from.||
-|**version**|str|Version of the API Group to select resources from.<br />Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0
+|**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
+|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0Resources](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resources)|resources||
+|**roles**|[str]|Roles is the list of namespaced role names for the user.||
+|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0Resources
 
-JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.
+ResourceDescription contains information about the resource being created or modified.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**patch** `required`|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0PatchItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesjson6902items0patchitems0)]|Patch contains the JSON6902 patch document with an array of operation objects.||
-|**target** `required`|[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0Target](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpatchesjson6902items0target)|target||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0PatchItems0
+|**annotations**|{str:str}|Annotations is a  map of annotations (key-value pairs of type string). Annotation keys<br />and values support the wildcard characters "*" (matches zero or many characters) and<br />"?" (matches at least one character).||
+|**kinds**|[str]|Kinds is a list of resource kinds.||
+|**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
+|**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselector)|namespace selector||
+|**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
+|**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
+|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesselector)|selector||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector
 
-JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4
+NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**from**|str|From contains a JSON-pointer value that references a location within the target document where the operation is<br />performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.||
-|**op** `required`|"test" | "remove" | "add" | "replace" | "move" | "copy"|Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or<br />"test".<br />https://datatracker.ietf.org/doc/html/rfc6902#section-4||
-|**path** `required`|str|Path contains the JSON-pointer value that references a location within the target document where the operation<br />is performed. The meaning of the value depends on the value of Op.||
-|**value**|any|Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into<br />account by all operations.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0Target
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
-Target points to the resources that the patch document should be applied to.
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**annotationSelector**|str|AnnotationSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource annotations.||
-|**group**|str|Group is the API group to select resources from.<br />Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**kind**|str|Kind of the API Group to select resources from.<br />Together with Group and Version it is capable of unambiguously<br />identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-|**labelSelector**|str|LabelSelector is a string that follows the label selection expression<br />https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api<br />It matches with the resource labels.||
-|**name**|str|Name to match resources with.||
-|**namespace**|str|Namespace to select resources from.||
-|**version**|str|Version of the API Group to select resources from.<br />Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.<br />https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuild
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector
 
-PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.
+Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**substitute**|{str:str}|Substitute holds a map of key/value pairs.<br />The variables defined in your YAML manifests<br />that match any of the keys defined in the map<br />will be substituted with the set value.<br />Includes support for bash string replacement functions<br />e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.||
-|**substituteFrom**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuildSubstituteFromItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationspecpostbuildsubstitutefromitems0)]|SubstituteFrom holds references to ConfigMaps and Secrets containing<br />the variables and their values to be substituted in the YAML manifests.<br />The ConfigMap and the Secret data keys represent the var names and they<br />must match the vars declared in the manifests for the substitution to happen.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuildSubstituteFromItems0
+|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0
 
-SubstituteReference contains a reference to a resource containing the variables name and value.
+A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**kind** `required`|"Secret" | "ConfigMap"|Kind of the values referent, valid values are ('Secret', 'ConfigMap').||
-|**name** `required`|str|Name of the values referent. Should reside in the same namespace as the<br />referring resource.||
-|**optional**|bool|Optional indicates whether the referenced resource must exist, or whether to<br />tolerate its absence. If true and the referenced resource is absent, proceed<br />as if the resource was present but empty, without any variables defined.|False|
-### KustomizeToolkitFluxcdIoV1beta2KustomizationSpecSourceRef
+|**key** `required`|str|key is the label key that the selector applies to.||
+|**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
+|**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
+### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0
 
-Reference of the source where the kustomization file is.
+Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion**|str|API version of the referent.||
-|**kind** `required`|"OCIRepository" | "GitRepository" | "Bucket"|Kind of the referent.||
-|**name** `required`|str|Name of the referent.||
-|**namespace**|str|Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationStatus
+|**apiGroup**|str|APIGroup holds the API group of the referenced subject.<br />Defaults to "" for ServiceAccount subjects.<br />Defaults to "rbac.authorization.k8s.io" for User and Group subjects.||
+|**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
+|**name** `required`|str|Name of the object being referenced.||
+|**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
+### KyvernoIoV2ClusterCleanupPolicyStatus
 
-KustomizationStatus defines the observed state of a kustomization.
+Status contains policy runtime data.
 
 #### Attributes
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**conditions**|[[KustomizeToolkitFluxcdIoV1beta2KustomizationStatusConditionsItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationstatusconditionsitems0)]|conditions||
-|**inventory**|[KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventory](#kustomizetoolkitfluxcdiov1beta2kustomizationstatusinventory)|inventory||
-|**lastAppliedRevision**|str|The last successfully applied revision.<br />Equals the Revision of the applied Artifact from the referenced Source.||
-|**lastAttemptedRevision**|str|LastAttemptedRevision is the revision of the last reconciliation attempt.||
-|**lastHandledReconcileAt**|str|LastHandledReconcileAt holds the value of the most recent<br />reconcile request value, so a change of the annotation value<br />can be detected.||
-|**observedGeneration**|int|ObservedGeneration is the last reconciled generation.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationStatusConditionsItems0
+|**conditions**|[[KyvernoIoV2ClusterCleanupPolicyStatusConditionsItems0](#kyvernoiov2clustercleanuppolicystatusconditionsitems0)]|conditions||
+|**lastExecutionTime**|str|last execution time||
+### KyvernoIoV2ClusterCleanupPolicyStatusConditionsItems0
 
 Condition contains details for one aspect of the current state of this API Resource.
 
@@ -869,25 +943,6 @@ Condition contains details for one aspect of the current state of this API Resou
 |**reason** `required`|str|reason contains a programmatic identifier indicating the reason for the condition's last transition.<br />Producers of specific condition types may define expected values and meanings for this field,<br />and whether the values are considered a guaranteed API.<br />The value should be a CamelCase string.<br />This field may not be empty.||
 |**status** `required`|"True" | "False" | "Unknown"|status of the condition, one of True, False, Unknown.||
 |**type** `required`|str|||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventory
-
-Inventory contains the list of Kubernetes resource object references that have been successfully applied.
-
-#### Attributes
-
-| name | type | description | default value |
-| --- | --- | --- | --- |
-|**entries** `required`|[[KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventoryEntriesItems0](#kustomizetoolkitfluxcdiov1beta2kustomizationstatusinventoryentriesitems0)]|Entries of Kubernetes resource object references.||
-### KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventoryEntriesItems0
-
-ResourceRef contains the information necessary to locate a resource within a cluster.
-
-#### Attributes
-
-| name | type | description | default value |
-| --- | --- | --- | --- |
-|**id** `required`|str|ID is the string representation of the Kubernetes resource object's metadata,<br />in the format '<namespace>_<name>_<group>_<kind>'.||
-|**v** `required`|str|Version is the API version of the Kubernetes resource object's kind.||
 ### ClusterCleanupPolicy
 
 ClusterCleanupPolicy defines rule for resource cleanup.
@@ -896,12 +951,12 @@ ClusterCleanupPolicy defines rule for resource cleanup.
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiVersion** `required` `readOnly`|"kyverno.io/v2"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"kyverno.io/v2"|
+|**apiVersion** `required` `readOnly`|"kyverno.io/v2beta1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"kyverno.io/v2beta1"|
 |**kind** `required` `readOnly`|"ClusterCleanupPolicy"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ClusterCleanupPolicy"|
 |**metadata**|[ObjectMeta](#objectmeta)|metadata||
-|**spec** `required`|[KyvernoIoV2ClusterCleanupPolicySpec](#kyvernoiov2clustercleanuppolicyspec)|spec||
-|**status**|[KyvernoIoV2ClusterCleanupPolicyStatus](#kyvernoiov2clustercleanuppolicystatus)|status||
-### KyvernoIoV2ClusterCleanupPolicySpec
+|**spec** `required`|[KyvernoIoV2beta1ClusterCleanupPolicySpec](#kyvernoiov2beta1clustercleanuppolicyspec)|spec||
+|**status**|[KyvernoIoV2beta1ClusterCleanupPolicyStatus](#kyvernoiov2beta1clustercleanuppolicystatus)|status||
+### KyvernoIoV2beta1ClusterCleanupPolicySpec
 
 Spec declares policy behaviors.
 
@@ -909,12 +964,12 @@ Spec declares policy behaviors.
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**conditions**|[KyvernoIoV2ClusterCleanupPolicySpecConditions](#kyvernoiov2clustercleanuppolicyspecconditions)|conditions||
-|**context**|[[KyvernoIoV2ClusterCleanupPolicySpecContextItems0](#kyvernoiov2clustercleanuppolicyspeccontextitems0)]|Context defines variables and data sources that can be used during rule execution.||
-|**exclude**|[KyvernoIoV2ClusterCleanupPolicySpecExclude](#kyvernoiov2clustercleanuppolicyspecexclude)|exclude||
-|**match** `required`|[KyvernoIoV2ClusterCleanupPolicySpecMatch](#kyvernoiov2clustercleanuppolicyspecmatch)|match||
+|**conditions**|[KyvernoIoV2beta1ClusterCleanupPolicySpecConditions](#kyvernoiov2beta1clustercleanuppolicyspecconditions)|conditions||
+|**context**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0)]|Context defines variables and data sources that can be used during rule execution.||
+|**exclude**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExclude](#kyvernoiov2beta1clustercleanuppolicyspecexclude)|exclude||
+|**match** `required`|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatch](#kyvernoiov2beta1clustercleanuppolicyspecmatch)|match||
 |**schedule** `required`|str|The schedule in Cron format||
-### KyvernoIoV2ClusterCleanupPolicySpecConditions
+### KyvernoIoV2beta1ClusterCleanupPolicySpecConditions
 
 Conditions defines the conditions used to select the resources which will be cleaned up.
 
@@ -922,11 +977,11 @@ Conditions defines the conditions used to select the resources which will be cle
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**all**|[[KyvernoIoV2ClusterCleanupPolicySpecConditionsAllItems0](#kyvernoiov2clustercleanuppolicyspecconditionsallitems0)]|||
-|**any**|[[KyvernoIoV2ClusterCleanupPolicySpecConditionsAnyItems0](#kyvernoiov2clustercleanuppolicyspecconditionsanyitems0)]|AnyConditions enable variable-based conditional rule execution. This is useful for<br />finer control of when an rule is applied. A condition can reference object data<br />using JMESPath notation.<br />Here, at least one of the conditions need to pass.||
-### KyvernoIoV2ClusterCleanupPolicySpecConditionsAllItems0
+|**all**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAllItems0](#kyvernoiov2beta1clustercleanuppolicyspecconditionsallitems0)]|||
+|**any**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAnyItems0](#kyvernoiov2beta1clustercleanuppolicyspecconditionsanyitems0)]|AnyConditions enable variable-based conditional rule execution. This is useful for<br />finer control of when an rule is applied. A condition can reference object data<br />using JMESPath notation.<br />Here, at least one of the conditions need to pass.||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAllItems0
 
-kyverno io v2 cluster cleanup policy spec conditions all items0
+kyverno io v2beta1 cluster cleanup policy spec conditions all items0
 
 #### Attributes
 
@@ -936,9 +991,9 @@ kyverno io v2 cluster cleanup policy spec conditions all items0
 |**message**|str|Message is an optional display message||
 |**operator**|"Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"|Operator is the conditional operation to perform. Valid operators are:<br />Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,<br />GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,<br />DurationLessThanOrEquals, DurationLessThan||
 |**value**|any|Value is the conditional value, or set of values. The values can be fixed set<br />or can be variables declared using JMESPath.||
-### KyvernoIoV2ClusterCleanupPolicySpecConditionsAnyItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAnyItems0
 
-kyverno io v2 cluster cleanup policy spec conditions any items0
+kyverno io v2beta1 cluster cleanup policy spec conditions any items0
 
 #### Attributes
 
@@ -948,7 +1003,7 @@ kyverno io v2 cluster cleanup policy spec conditions any items0
 |**message**|str|Message is an optional display message||
 |**operator**|"Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"|Operator is the conditional operation to perform. Valid operators are:<br />Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,<br />GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,<br />DurationLessThanOrEquals, DurationLessThan||
 |**value**|any|Value is the conditional value, or set of values. The values can be fixed set<br />or can be variables declared using JMESPath.||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0
 
 ContextEntry adds variables and data sources to a rule Context. Either a ConfigMap reference or a APILookup must be provided.
 
@@ -956,13 +1011,13 @@ ContextEntry adds variables and data sources to a rule Context. Either a ConfigM
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**apiCall**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICall](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicall)|api call||
-|**configMap**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0ConfigMap](#kyvernoiov2clustercleanuppolicyspeccontextitems0configmap)|config map||
-|**globalReference**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0GlobalReference](#kyvernoiov2clustercleanuppolicyspeccontextitems0globalreference)|global reference||
-|**imageRegistry**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistry](#kyvernoiov2clustercleanuppolicyspeccontextitems0imageregistry)|image registry||
+|**apiCall**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICall](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicall)|api call||
+|**configMap**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ConfigMap](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0configmap)|config map||
+|**globalReference**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0GlobalReference](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0globalreference)|global reference||
+|**imageRegistry**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistry](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0imageregistry)|image registry||
 |**name** `required`|str|Name is the variable name.||
-|**variable**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0Variable](#kyvernoiov2clustercleanuppolicyspeccontextitems0variable)|variable||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICall
+|**variable**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0Variable](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0variable)|variable||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICall
 
 APICall is an HTTP request to the Kubernetes API server, or other JSON web service. The data returned is stored in the context with the name for the context entry.
 
@@ -970,13 +1025,13 @@ APICall is an HTTP request to the Kubernetes API server, or other JSON web servi
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**data**|[[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallDataItems0](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicalldataitems0)]|The data object specifies the POST data sent to the server.<br />Only applicable when the method field is set to POST.||
+|**data**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallDataItems0](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicalldataitems0)]|The data object specifies the POST data sent to the server.<br />Only applicable when the method field is set to POST.||
 |**default**|any|Default is an optional arbitrary JSON object that the context<br />value is set to, if the apiCall returns error.||
 |**jmesPath**|str|JMESPath is an optional JSON Match Expression that can be used to<br />transform the JSON response returned from the server. For example<br />a JMESPath of "items \| length(@)" applied to the API server response<br />for the URLPath "/apis/apps/v1/deployments" will return the total count<br />of deployments across all namespaces.||
 |**method**|"GET" | "POST"|Method is the HTTP request type (GET or POST). Defaults to GET.|"GET"|
-|**service**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallService](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicallservice)|service||
+|**service**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallService](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicallservice)|service||
 |**urlPath**|str|URLPath is the URL path to be used in the HTTP GET or POST request to the<br />Kubernetes API server (e.g. "/api/v1/namespaces" or  "/apis/apps/v1/deployments").<br />The format required is the same format used by the `kubectl get --raw` command.<br />See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls<br />for details.<br />It's mutually exclusive with the Service field.||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallDataItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallDataItems0
 
 RequestData contains the HTTP POST data
 
@@ -986,7 +1041,7 @@ RequestData contains the HTTP POST data
 | --- | --- | --- | --- |
 |**key** `required`|str|Key is a unique identifier for the data value||
 |**value** `required`|any|Value is the data value||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallService
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallService
 
 Service is an API call to a JSON web service. This is used for non-Kubernetes API server calls. It's mutually exclusive with the URLPath field.
 
@@ -995,11 +1050,11 @@ Service is an API call to a JSON web service. This is used for non-Kubernetes AP
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**caBundle**|str|CABundle is a PEM encoded CA bundle which will be used to validate<br />the server certificate.||
-|**headers**|[[KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0](#kyvernoiov2clustercleanuppolicyspeccontextitems0apicallserviceheadersitems0)]|Headers is a list of optional HTTP headers to be included in the request.||
+|**headers**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0apicallserviceheadersitems0)]|Headers is a list of optional HTTP headers to be included in the request.||
 |**url** `required`|str|URL is the JSON web service URL. A typical form is<br />`https://{service}.{namespace}:{port}/{path}`.||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0
 
-kyverno io v2 cluster cleanup policy spec context items0 API call service headers items0
+kyverno io v2beta1 cluster cleanup policy spec context items0 API call service headers items0
 
 #### Attributes
 
@@ -1007,7 +1062,7 @@ kyverno io v2 cluster cleanup policy spec context items0 API call service header
 | --- | --- | --- | --- |
 |**key** `required`|str|Key is the header key||
 |**value** `required`|str|Value is the header value||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0ConfigMap
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ConfigMap
 
 ConfigMap is the ConfigMap reference.
 
@@ -1017,7 +1072,7 @@ ConfigMap is the ConfigMap reference.
 | --- | --- | --- | --- |
 |**name** `required`|str|Name is the ConfigMap name.||
 |**namespace**|str|Namespace is the ConfigMap namespace.||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0GlobalReference
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0GlobalReference
 
 GlobalContextEntryReference is a reference to a cached global context entry.
 
@@ -1027,7 +1082,7 @@ GlobalContextEntryReference is a reference to a cached global context entry.
 | --- | --- | --- | --- |
 |**jmesPath**|str|JMESPath is an optional JSON Match Expression that can be used to<br />transform the JSON response returned from the server. For example<br />a JMESPath of "items \| length(@)" applied to the API server response<br />for the URLPath "/apis/apps/v1/deployments" will return the total count<br />of deployments across all namespaces.||
 |**name** `required`|str|Name of the global context entry||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistry
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistry
 
 ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image details.
 
@@ -1035,10 +1090,10 @@ ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image detai
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**imageRegistryCredentials**|[KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials](#kyvernoiov2clustercleanuppolicyspeccontextitems0imageregistryimageregistrycredentials)|image registry credentials||
+|**imageRegistryCredentials**|[KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials](#kyvernoiov2beta1clustercleanuppolicyspeccontextitems0imageregistryimageregistrycredentials)|image registry credentials||
 |**jmesPath**|str|JMESPath is an optional JSON Match Expression that can be used to<br />transform the ImageData struct returned as a result of processing<br />the image reference.||
 |**reference** `required`|str|Reference is image reference to a container image in the registry.<br />Example: ghcr.io/kyverno/kyverno:latest||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials
 
 ImageRegistryCredentials provides credentials that will be used for authentication with registry
 
@@ -1049,7 +1104,7 @@ ImageRegistryCredentials provides credentials that will be used for authenticati
 |**allowInsecureRegistry**|bool|AllowInsecureRegistry allows insecure access to a registry.||
 |**providers**|[str]|Providers specifies a list of OCI Registry names, whose authentication providers are provided.<br />It can be of one of these values: default,google,azure,amazon,github.||
 |**secrets**|[str]|Secrets specifies a list of secrets that are provided for credentials.<br />Secrets must live in the Kyverno namespace.||
-### KyvernoIoV2ClusterCleanupPolicySpecContextItems0Variable
+### KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0Variable
 
 Variable defines an arbitrary JMESPath context variable that can be defined inline.
 
@@ -1060,7 +1115,7 @@ Variable defines an arbitrary JMESPath context variable that can be defined inli
 |**default**|any|Default is an optional arbitrary JSON object that the variable may take if the JMESPath<br />expression evaluates to nil||
 |**jmesPath**|str|JMESPath is an optional JMESPath Expression that can be used to<br />transform the variable.||
 |**value**|any|Value is any arbitrary JSON object representable in YAML or JSON form.||
-### KyvernoIoV2ClusterCleanupPolicySpecExclude
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExclude
 
 ExcludeResources defines when cleanuppolicy should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.
 
@@ -1068,9 +1123,9 @@ ExcludeResources defines when cleanuppolicy should not be applied. The exclude c
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**all**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0)]|||
-|**any**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0)]|Any allows specifying resources which will be ORed||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0
+|**all**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0)]|||
+|**any**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0)]|Any allows specifying resources which will be ORed||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0
 
 ResourceFilter allow users to "AND" or "OR" between resources
 
@@ -1079,10 +1134,10 @@ ResourceFilter allow users to "AND" or "OR" between resources
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
-|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0Resources](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resources)|resources||
+|**resources**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resources)|resources||
 |**roles**|[str]|Roles is the list of namespaced role names for the user.||
-|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0Resources
+|**subjects**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0Resources
 
 ResourceDescription contains information about the resource being created or modified.
 
@@ -1094,11 +1149,11 @@ ResourceDescription contains information about the resource being created or mod
 |**kinds**|[str]|Kinds is a list of resource kinds.||
 |**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
 |**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
-|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselector)|namespace selector||
+|**namespaceSelector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselector)|namespace selector||
 |**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
 |**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
-|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesselector)|selector||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector
+|**selector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesselector)|selector||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector
 
 NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1106,9 +1161,9 @@ NamespaceSelector is a label selector for the resource namespace. Label keys and
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1119,7 +1174,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector
 
 Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1127,9 +1182,9 @@ Selector is a label selector. Label keys and values in `matchLabels` support the
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeallitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeallitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1140,7 +1195,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0
 
 Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
@@ -1152,7 +1207,7 @@ Subject contains a reference to the object or user identities a role binding app
 |**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
 |**name** `required`|str|Name of the object being referenced.||
 |**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0
 
 ResourceFilter allow users to "AND" or "OR" between resources
 
@@ -1161,10 +1216,10 @@ ResourceFilter allow users to "AND" or "OR" between resources
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
-|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0Resources](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resources)|resources||
+|**resources**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resources)|resources||
 |**roles**|[str]|Roles is the list of namespaced role names for the user.||
-|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0Resources
+|**subjects**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0Resources
 
 ResourceDescription contains information about the resource being created or modified.
 
@@ -1176,11 +1231,11 @@ ResourceDescription contains information about the resource being created or mod
 |**kinds**|[str]|Kinds is a list of resource kinds.||
 |**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
 |**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
-|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselector)|namespace selector||
+|**namespaceSelector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselector)|namespace selector||
 |**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
 |**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
-|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesselector)|selector||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector
+|**selector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesselector)|selector||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector
 
 NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1188,9 +1243,9 @@ NamespaceSelector is a label selector for the resource namespace. Label keys and
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1201,7 +1256,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector
 
 Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1209,9 +1264,9 @@ Selector is a label selector. Label keys and values in `matchLabels` support the
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecexcludeanyitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecexcludeanyitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1222,7 +1277,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0
 
 Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
@@ -1234,7 +1289,7 @@ Subject contains a reference to the object or user identities a role binding app
 |**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
 |**name** `required`|str|Name of the object being referenced.||
 |**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatch
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatch
 
 MatchResources defines when cleanuppolicy should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.
 
@@ -1242,9 +1297,9 @@ MatchResources defines when cleanuppolicy should be applied. The match criteria
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**all**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0)]|||
-|**any**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0)]|Any allows specifying resources which will be ORed||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0
+|**all**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0)]|||
+|**any**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0)]|Any allows specifying resources which will be ORed||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0
 
 ResourceFilter allow users to "AND" or "OR" between resources
 
@@ -1253,10 +1308,10 @@ ResourceFilter allow users to "AND" or "OR" between resources
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
-|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0Resources](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resources)|resources||
+|**resources**|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resources)|resources||
 |**roles**|[str]|Roles is the list of namespaced role names for the user.||
-|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0Resources
+|**subjects**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0Resources
 
 ResourceDescription contains information about the resource being created or modified.
 
@@ -1268,11 +1323,11 @@ ResourceDescription contains information about the resource being created or mod
 |**kinds**|[str]|Kinds is a list of resource kinds.||
 |**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
 |**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
-|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesnamespaceselector)|namespace selector||
+|**namespaceSelector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesnamespaceselector)|namespace selector||
 |**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
 |**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
-|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesselector)|selector||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector
+|**selector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesselector)|selector||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector
 
 NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1280,9 +1335,9 @@ NamespaceSelector is a label selector for the resource namespace. Label keys and
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1293,7 +1348,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector
 
 Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1301,9 +1356,9 @@ Selector is a label selector. Label keys and values in `matchLabels` support the
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchallitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchallitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1314,7 +1369,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0
 
 Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
@@ -1326,7 +1381,7 @@ Subject contains a reference to the object or user identities a role binding app
 |**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
 |**name** `required`|str|Name of the object being referenced.||
 |**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0
 
 ResourceFilter allow users to "AND" or "OR" between resources
 
@@ -1335,10 +1390,10 @@ ResourceFilter allow users to "AND" or "OR" between resources
 | name | type | description | default value |
 | --- | --- | --- | --- |
 |**clusterRoles**|[str]|ClusterRoles is the list of cluster-wide role names for the user.||
-|**resources**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0Resources](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resources)|resources||
+|**resources**|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0Resources](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resources)|resources||
 |**roles**|[str]|Roles is the list of namespaced role names for the user.||
-|**subjects**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0Resources
+|**subjects**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0subjectsitems0)]|Subjects is the list of subject names like users, user groups, and service accounts.||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0Resources
 
 ResourceDescription contains information about the resource being created or modified.
 
@@ -1350,11 +1405,11 @@ ResourceDescription contains information about the resource being created or mod
 |**kinds**|[str]|Kinds is a list of resource kinds.||
 |**name**|str|Name is the name of the resource. The name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).<br />NOTE: "Name" is being deprecated in favor of "Names".||
 |**names**|[str]|Names are the names of the resources. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
-|**namespaceSelector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselector)|namespace selector||
+|**namespaceSelector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselector)|namespace selector||
 |**namespaces**|[str]|Namespaces is a list of namespaces names. Each name supports wildcard characters<br />"*" (matches zero or many characters) and "?" (at least one character).||
 |**operations**|[str]|Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.||
-|**selector**|[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesselector)|selector||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector
+|**selector**|[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesselector)|selector||
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector
 
 NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1362,9 +1417,9 @@ NamespaceSelector is a label selector for the resource namespace. Label keys and
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesnamespaceselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1375,7 +1430,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector
 
 Selector is a label selector. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.
 
@@ -1383,9 +1438,9 @@ Selector is a label selector. Label keys and values in `matchLabels` support the
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**matchExpressions**|[[KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2clustercleanuppolicyspecmatchanyitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
+|**matchExpressions**|[[KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0](#kyvernoiov2beta1clustercleanuppolicyspecmatchanyitems0resourcesselectormatchexpressionsitems0)]|matchExpressions is a list of label selector requirements. The requirements are ANDed.||
 |**matchLabels**|{str:str}|matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels<br />map is equivalent to an element of matchExpressions, whose key field is "key", the<br />operator is "In", and the values array contains only "value". The requirements are ANDed.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0
 
 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
 
@@ -1396,7 +1451,7 @@ A label selector requirement is a selector that contains values, a key, and an o
 |**key** `required`|str|key is the label key that the selector applies to.||
 |**operator** `required`|str|operator represents a key's relationship to a set of values.<br />Valid operators are In, NotIn, Exists and DoesNotExist.||
 |**values**|[str]|values is an array of string values. If the operator is In or NotIn,<br />the values array must be non-empty. If the operator is Exists or DoesNotExist,<br />the values array must be empty. This array is replaced during a strategic<br />merge patch.||
-### KyvernoIoV2ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0
 
 Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference, or a value for non-objects such as user and group names.
 
@@ -1408,7 +1463,7 @@ Subject contains a reference to the object or user identities a role binding app
 |**kind** `required`|str|Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".<br />If the Authorizer does not recognized the kind value, the Authorizer should report an error.||
 |**name** `required`|str|Name of the object being referenced.||
 |**namespace**|str|Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty<br />the Authorizer should report an error.||
-### KyvernoIoV2ClusterCleanupPolicyStatus
+### KyvernoIoV2beta1ClusterCleanupPolicyStatus
 
 Status contains policy runtime data.
 
@@ -1416,9 +1471,9 @@ Status contains policy runtime data.
 
 | name | type | description | default value |
 | --- | --- | --- | --- |
-|**conditions**|[[KyvernoIoV2ClusterCleanupPolicyStatusConditionsItems0](#kyvernoiov2clustercleanuppolicystatusconditionsitems0)]|conditions||
+|**conditions**|[[KyvernoIoV2beta1ClusterCleanupPolicyStatusConditionsItems0](#kyvernoiov2beta1clustercleanuppolicystatusconditionsitems0)]|conditions||
 |**lastExecutionTime**|str|last execution time||
-### KyvernoIoV2ClusterCleanupPolicyStatusConditionsItems0
+### KyvernoIoV2beta1ClusterCleanupPolicyStatusConditionsItems0
 
 Condition contains details for one aspect of the current state of this API Resource.
 
diff --git a/fluxcd-kustomize-controller/kcl.mod b/fluxcd-kustomize-controller/kcl.mod
index 069b3237..dbf3bf5b 100644
--- a/fluxcd-kustomize-controller/kcl.mod
+++ b/fluxcd-kustomize-controller/kcl.mod
@@ -1,8 +1,8 @@
 [package]
-name = "kustomize-controller"
+name = "fluxcd-kustomize-controller"
 edition = "*"
-version = "v1.6.0"
+version = "v1.8.5"
 description = "KCL package for https://github.com/fluxcd/kustomize-controller CRDs"
 
 [dependencies]
-k8s = "1.32.4"
+k8s = "1.35"
diff --git a/fluxcd-kustomize-controller/kcl.mod.lock b/fluxcd-kustomize-controller/kcl.mod.lock
deleted file mode 100644
index 3cb69f07..00000000
--- a/fluxcd-kustomize-controller/kcl.mod.lock
+++ /dev/null
@@ -1,5 +0,0 @@
-[dependencies]
-  [dependencies.k8s]
-    name = "k8s"
-    full_name = "k8s_1.32.4"
-    version = "1.32.4"
diff --git a/fluxcd-kustomize-controller/v1/kustomize_toolkit_fluxcd_io_v1_kustomization.k b/fluxcd-kustomize-controller/v1/kustomize_toolkit_fluxcd_io_v1_kustomization.k
index f8dc9de4..94ccba7f 100644
--- a/fluxcd-kustomize-controller/v1/kustomize_toolkit_fluxcd_io_v1_kustomization.k
+++ b/fluxcd-kustomize-controller/v1/kustomize_toolkit_fluxcd_io_v1_kustomization.k
@@ -47,7 +47,7 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpec:
     commonMetadata : KustomizeToolkitFluxcdIoV1KustomizationSpecCommonMetadata, default is Undefined, optional
         common metadata
     components : [str], default is Undefined, optional
-        Components specifies relative paths to specifications of other Components.
+        Components specifies relative paths to kustomize Components.
     decryption : KustomizeToolkitFluxcdIoV1KustomizationSpecDecryption, default is Undefined, optional
         decryption
     deletionPolicy : str, default is Undefined, optional
@@ -56,7 +56,7 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpec:
         'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field
         (orphan if false, delete if true). Defaults to 'MirrorPrune'.
     dependsOn : [KustomizeToolkitFluxcdIoV1KustomizationSpecDependsOnItems0], default is Undefined, optional
-        DependsOn may contain a meta.NamespacedObjectReference slice
+        DependsOn may contain a DependencyReference slice
         with references to Kustomization resources that must be ready before this
         Kustomization can be reconciled.
     force : bool, default is Undefined, optional
@@ -68,6 +68,10 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpec:
         The expressions are evaluated only when Wait or HealthChecks are specified.
     healthChecks : [KustomizeToolkitFluxcdIoV1KustomizationSpecHealthChecksItems0], default is Undefined, optional
         A list of resources to be included in the health assessment.
+    ignoreMissingComponents : bool, default is Undefined, optional
+        IgnoreMissingComponents instructs the controller to ignore Components paths
+        not found in source by removing them from the generated kustomization.yaml
+        before running kustomize build.
     images : [KustomizeToolkitFluxcdIoV1KustomizationSpecImagesItems0], default is Undefined, optional
         Images is a list of (image name, new name, new tag or digest)
         for changing image names, tags or digests. This can also be achieved with a
@@ -133,6 +137,8 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpec:
 
     healthChecks?: [KustomizeToolkitFluxcdIoV1KustomizationSpecHealthChecksItems0]
 
+    ignoreMissingComponents?: bool
+
     images?: [KustomizeToolkitFluxcdIoV1KustomizationSpecImagesItems0]
 
     interval: str
@@ -168,13 +174,13 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpec:
 
     check:
         _regex_match(str(interval), r"^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$")
-        len(namePrefix) <= 200 if namePrefix
-        len(namePrefix) >= 1 if namePrefix
-        len(nameSuffix) <= 200 if nameSuffix
-        len(nameSuffix) >= 1 if nameSuffix
+        len(namePrefix) <= 200 if namePrefix not in [None, Undefined]
+        len(namePrefix) >= 1 if namePrefix not in [None, Undefined]
+        len(nameSuffix) <= 200 if nameSuffix not in [None, Undefined]
+        len(nameSuffix) >= 1 if nameSuffix not in [None, Undefined]
         _regex_match(str(retryInterval), r"^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$") if retryInterval
-        len(targetNamespace) <= 63 if targetNamespace
-        len(targetNamespace) >= 1 if targetNamespace
+        len(targetNamespace) <= 63 if targetNamespace not in [None, Undefined]
+        len(targetNamespace) >= 1 if targetNamespace not in [None, Undefined]
         _regex_match(str(timeout), r"^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$") if timeout
 
 
@@ -243,15 +249,21 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpecDecryptionSecretRef:
 
 schema KustomizeToolkitFluxcdIoV1KustomizationSpecDependsOnItems0:
     r"""
-    NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
-    namespace.
+    DependencyReference defines a Kustomization dependency on another Kustomization resource.
 
     Attributes
     ----------
     name : str, default is Undefined, required
         Name of the referent.
     namespace : str, default is Undefined, optional
-        Namespace of the referent, when not specified it acts as LocalObjectReference.
+        Namespace of the referent, defaults to the namespace of the Kustomization
+        resource object that contains the reference.
+    readyExpr : str, default is Undefined, optional
+        ReadyExpr is a CEL expression that can be used to assess the readiness
+        of a dependency. When specified, the built-in readiness check
+        is replaced by the logic defined in the CEL expression.
+        To make the CEL expression additive to the built-in readiness check,
+        the feature gate `AdditiveCELDependencyCheck` must be set to `true`.
     """
 
 
@@ -259,6 +271,8 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpecDependsOnItems0:
 
     namespace?: str
 
+    readyExpr?: str
+
 
 schema KustomizeToolkitFluxcdIoV1KustomizationSpecHealthCheckExprsItems0:
     r"""
@@ -359,24 +373,70 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfig:
 
     Attributes
     ----------
-    secretRef : KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef, default is Undefined, required
+    configMapRef : KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigConfigMapRef, default is Undefined, optional
+        config map ref
+    secretRef : KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef, default is Undefined, optional
         secret ref
     """
 
 
-    secretRef: KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef
+    configMapRef?: KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigConfigMapRef
+
+    secretRef?: KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef
+
+
+schema KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigConfigMapRef:
+    r"""
+    ConfigMapRef holds an optional name of a ConfigMap that contains
+    the following keys:
+
+    - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or
+       `generic`. Required.
+    - `cluster`: the fully qualified resource name of the Kubernetes
+       cluster in the cloud provider API. Not used by the `generic`
+       provider. Required when one of `address` or `ca.crt` is not set.
+    - `address`: the address of the Kubernetes API server. Required
+       for `generic`. For the other providers, if not specified, the
+       first address in the cluster resource will be used, and if
+       specified, it must match one of the addresses in the cluster
+       resource.
+       If audiences is not set, will be used as the audience for the
+       `generic` provider.
+    - `ca.crt`: the optional PEM-encoded CA certificate for the
+       Kubernetes API server. If not set, the controller will use the
+       CA certificate from the cluster resource.
+    - `audiences`: the optional audiences as a list of
+       line-break-separated strings for the Kubernetes ServiceAccount
+       token. Defaults to the `address` for the `generic` provider, or
+       to specific values for the other providers depending on the
+       provider.
+    -  `serviceAccountName`: the optional name of the Kubernetes
+       ServiceAccount in the same namespace that should be used
+       for authentication. If not specified, the controller
+       ServiceAccount will be used.
+
+    Mutually exclusive with SecretRef.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        Name of the referent.
+    """
+
+
+    name: str
 
 
 schema KustomizeToolkitFluxcdIoV1KustomizationSpecKubeConfigSecretRef:
     r"""
-    SecretRef holds the name of a secret that contains a key with
+    SecretRef holds an optional name of a secret that contains a key with
     the kubeconfig file as the value. If no key is set, the key will default
-    to 'value'.
+    to 'value'. Mutually exclusive with ConfigMapRef.
     It is recommended that the kubeconfig is self-contained, and the secret
     is regularly updated if credentials such as a cloud-access-token expire.
     Cloud specific `cmd-path` auth helpers will not function without adding
     binaries and credentials to the Pod that is responsible for reconciling
-    Kubernetes resources.
+    Kubernetes resources. Supported only for the generic provider.
 
     Attributes
     ----------
@@ -539,7 +599,7 @@ schema KustomizeToolkitFluxcdIoV1KustomizationSpecSourceRef:
 
     apiVersion?: str
 
-    kind: "OCIRepository" | "GitRepository" | "Bucket"
+    kind: "OCIRepository" | "GitRepository" | "Bucket" | "ExternalArtifact"
 
     name: str
 
@@ -554,6 +614,9 @@ schema KustomizeToolkitFluxcdIoV1KustomizationStatus:
     ----------
     conditions : [KustomizeToolkitFluxcdIoV1KustomizationStatusConditionsItems0], default is Undefined, optional
         conditions
+    history : [KustomizeToolkitFluxcdIoV1KustomizationStatusHistoryItems0], default is Undefined, optional
+        History contains a set of snapshots of the last reconciliation attempts
+        tracking the revision, the state and the duration of each attempt.
     inventory : KustomizeToolkitFluxcdIoV1KustomizationStatusInventory, default is Undefined, optional
         inventory
     lastAppliedOriginRevision : str, default is Undefined, optional
@@ -578,6 +641,8 @@ schema KustomizeToolkitFluxcdIoV1KustomizationStatus:
 
     conditions?: [KustomizeToolkitFluxcdIoV1KustomizationStatusConditionsItems0]
 
+    history?: [KustomizeToolkitFluxcdIoV1KustomizationStatusHistoryItems0]
+
     inventory?: KustomizeToolkitFluxcdIoV1KustomizationStatusInventory
 
     lastAppliedOriginRevision?: str
@@ -643,6 +708,45 @@ schema KustomizeToolkitFluxcdIoV1KustomizationStatusConditionsItems0:
         _regex_match(str($type), r"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$")
 
 
+schema KustomizeToolkitFluxcdIoV1KustomizationStatusHistoryItems0:
+    r"""
+    Snapshot represents a point-in-time record of a group of resources reconciliation,
+    including timing information, status, and a unique digest identifier.
+
+    Attributes
+    ----------
+    digest : str, default is Undefined, required
+        Digest is the checksum in the format `<algo>:<hex>` of the resources in this snapshot.
+    firstReconciled : str, default is Undefined, required
+        FirstReconciled is the time when this revision was first reconciled to the cluster.
+    lastReconciled : str, default is Undefined, required
+        LastReconciled is the time when this revision was last reconciled to the cluster.
+    lastReconciledDuration : str, default is Undefined, required
+        LastReconciledDuration is time it took to reconcile the resources in this revision.
+    lastReconciledStatus : str, default is Undefined, required
+        LastReconciledStatus is the status of the last reconciliation.
+    metadata : {str:str}, default is Undefined, optional
+        Metadata contains additional information about the snapshot.
+    totalReconciliations : int, default is Undefined, required
+        TotalReconciliations is the total number of reconciliations that have occurred for this snapshot.
+    """
+
+
+    digest: str
+
+    firstReconciled: str
+
+    lastReconciled: str
+
+    lastReconciledDuration: str
+
+    lastReconciledStatus: str
+
+    metadata?: {str:str}
+
+    totalReconciliations: int
+
+
 schema KustomizeToolkitFluxcdIoV1KustomizationStatusInventory:
     r"""
     Inventory contains the list of Kubernetes resource object references that
diff --git a/fluxcd-kustomize-controller/v1beta1/kustomize_toolkit_fluxcd_io_v1beta1_kustomization.k b/fluxcd-kustomize-controller/v1beta1/kustomize_toolkit_fluxcd_io_v1beta1_kustomization.k
deleted file mode 100644
index 68d9e682..00000000
--- a/fluxcd-kustomize-controller/v1beta1/kustomize_toolkit_fluxcd_io_v1beta1_kustomization.k
+++ /dev/null
@@ -1,665 +0,0 @@
-"""
-This file was generated by the KCL auto-gen tool. DO NOT EDIT.
-Editing this file might prove futile when you re-run the KCL auto-gen generate command.
-"""
-import regex
-import k8s.apimachinery.pkg.apis.meta.v1
-_regex_match = regex.match
-
-
-schema Kustomization:
-    r"""
-    Kustomization is the Schema for the kustomizations API.
-
-    Attributes
-    ----------
-    apiVersion : str, default is "kustomize.toolkit.fluxcd.io/v1beta1", required
-        APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-    kind : str, default is "Kustomization", required
-        Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-    metadata : v1.ObjectMeta, default is Undefined, optional
-        metadata
-    spec : KustomizeToolkitFluxcdIoV1beta1KustomizationSpec, default is Undefined, optional
-        spec
-    status : KustomizeToolkitFluxcdIoV1beta1KustomizationStatus, default is Undefined, optional
-        status
-    """
-
-
-    apiVersion: "kustomize.toolkit.fluxcd.io/v1beta1" = "kustomize.toolkit.fluxcd.io/v1beta1"
-
-    kind: "Kustomization" = "Kustomization"
-
-    metadata?: v1.ObjectMeta
-
-    spec?: KustomizeToolkitFluxcdIoV1beta1KustomizationSpec
-
-    status?: KustomizeToolkitFluxcdIoV1beta1KustomizationStatus
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpec:
-    r"""
-    KustomizationSpec defines the desired state of a kustomization.
-
-    Attributes
-    ----------
-    decryption : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryption, default is Undefined, optional
-        decryption
-    dependsOn : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDependsOnItems0], default is Undefined, optional
-        DependsOn may contain a meta.NamespacedObjectReference slice
-        with references to Kustomization resources that must be ready before this
-        Kustomization can be reconciled.
-    force : bool, default is Undefined, optional
-        Force instructs the controller to recreate resources
-        when patching fails due to an immutable field change.
-    healthChecks : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecHealthChecksItems0], default is Undefined, optional
-        A list of resources to be included in the health assessment.
-    images : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecImagesItems0], default is Undefined, optional
-        Images is a list of (image name, new name, new tag or digest)
-        for changing image names, tags or digests. This can also be achieved with a
-        patch, but this operator is simpler to specify.
-    interval : str, default is Undefined, required
-        The interval at which to reconcile the Kustomization.
-    kubeConfig : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfig, default is Undefined, optional
-        kube config
-    patches : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0], default is Undefined, optional
-        Strategic merge and JSON patches, defined as inline YAML objects,
-        capable of targeting objects based on kind, label and annotation selectors.
-    patchesJson6902 : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0], default is Undefined, optional
-        JSON 6902 patches, defined as inline YAML objects.
-    patchesStrategicMerge : [any], default is Undefined, optional
-        Strategic merge patches, defined as inline YAML objects.
-    path : str, default is Undefined, optional
-        Path to the directory containing the kustomization.yaml file, or the
-        set of plain YAMLs a kustomization.yaml should be generated for.
-        Defaults to 'None', which translates to the root path of the SourceRef.
-    postBuild : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuild, default is Undefined, optional
-        post build
-    prune : bool, default is Undefined, required
-        Prune enables garbage collection.
-    retryInterval : str, default is Undefined, optional
-        The interval at which to retry a previously failed reconciliation.
-        When not specified, the controller uses the KustomizationSpec.Interval
-        value to retry failures.
-    serviceAccountName : str, default is Undefined, optional
-        The name of the Kubernetes service account to impersonate
-        when reconciling this Kustomization.
-    sourceRef : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecSourceRef, default is Undefined, required
-        source ref
-    suspend : bool, default is Undefined, optional
-        This flag tells the controller to suspend subsequent kustomize executions,
-        it does not apply to already started executions. Defaults to false.
-    targetNamespace : str, default is Undefined, optional
-        TargetNamespace sets or overrides the namespace in the
-        kustomization.yaml file.
-    timeout : str, default is Undefined, optional
-        Timeout for validation, apply and health checking operations.
-        Defaults to 'Interval' duration.
-    validation : str, default is Undefined, optional
-        Validate the Kubernetes objects before applying them on the cluster.
-        The validation strategy can be 'client' (local dry-run), 'server'
-        (APIServer dry-run) or 'none'.
-        When 'Force' is 'true', validation will fallback to 'client' if set to
-        'server' because server-side validation is not supported in this scenario.
-    """
-
-
-    decryption?: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryption
-
-    dependsOn?: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDependsOnItems0]
-
-    force?: bool = False
-
-    healthChecks?: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecHealthChecksItems0]
-
-    images?: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecImagesItems0]
-
-    interval: str
-
-    kubeConfig?: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfig
-
-    patches?: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0]
-
-    patchesJson6902?: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0]
-
-    patchesStrategicMerge?: [any]
-
-    path?: str
-
-    postBuild?: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuild
-
-    prune: bool
-
-    retryInterval?: str
-
-    serviceAccountName?: str
-
-    sourceRef: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecSourceRef
-
-    suspend?: bool
-
-    targetNamespace?: str
-
-    timeout?: str
-
-    validation?: "none" | "client" | "server"
-
-
-    check:
-        len(targetNamespace) <= 63 if targetNamespace
-        len(targetNamespace) >= 1 if targetNamespace
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryption:
-    r"""
-    Decrypt Kubernetes secrets before applying them on the cluster.
-
-    Attributes
-    ----------
-    provider : str, default is Undefined, required
-        Provider is the name of the decryption engine.
-    secretRef : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryptionSecretRef, default is Undefined, optional
-        secret ref
-    """
-
-
-    provider: "sops"
-
-    secretRef?: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryptionSecretRef
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDecryptionSecretRef:
-    r"""
-    The secret name containing the private OpenPGP keys used for decryption.
-
-    Attributes
-    ----------
-    name : str, default is Undefined, required
-        Name of the referent.
-    """
-
-
-    name: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecDependsOnItems0:
-    r"""
-    NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
-    namespace.
-
-    Attributes
-    ----------
-    name : str, default is Undefined, required
-        Name of the referent.
-    namespace : str, default is Undefined, optional
-        Namespace of the referent, when not specified it acts as LocalObjectReference.
-    """
-
-
-    name: str
-
-    namespace?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecHealthChecksItems0:
-    r"""
-    NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
-    in any namespace.
-
-    Attributes
-    ----------
-    apiVersion : str, default is Undefined, optional
-        API version of the referent, if not specified the Kubernetes preferred version will be used.
-    kind : str, default is Undefined, required
-        Kind of the referent.
-    name : str, default is Undefined, required
-        Name of the referent.
-    namespace : str, default is Undefined, optional
-        Namespace of the referent, when not specified it acts as LocalObjectReference.
-    """
-
-
-    apiVersion?: str
-
-    kind: str
-
-    name: str
-
-    namespace?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecImagesItems0:
-    r"""
-    Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.
-
-    Attributes
-    ----------
-    digest : str, default is Undefined, optional
-        Digest is the value used to replace the original image tag.
-        If digest is present NewTag value is ignored.
-    name : str, default is Undefined, required
-        Name is a tag-less image name.
-    newName : str, default is Undefined, optional
-        NewName is the value used to replace the original name.
-    newTag : str, default is Undefined, optional
-        NewTag is the value used to replace the original tag.
-    """
-
-
-    digest?: str
-
-    name: str
-
-    newName?: str
-
-    newTag?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfig:
-    r"""
-    The KubeConfig for reconciling the Kustomization on a remote cluster.
-    When specified, KubeConfig takes precedence over ServiceAccountName.
-
-    Attributes
-    ----------
-    secretRef : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfigSecretRef, default is Undefined, required
-        secret ref
-    """
-
-
-    secretRef: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfigSecretRef
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecKubeConfigSecretRef:
-    r"""
-    SecretRef holds the name to a secret that contains a 'value' key with
-    the kubeconfig file as the value. It must be in the same namespace as
-    the Kustomization.
-    It is recommended that the kubeconfig is self-contained, and the secret
-    is regularly updated if credentials such as a cloud-access-token expire.
-    Cloud specific `cmd-path` auth helpers will not function without adding
-    binaries and credentials to the Pod that is responsible for reconciling
-    the Kustomization.
-
-    Attributes
-    ----------
-    name : str, default is Undefined, required
-        Name of the referent.
-    """
-
-
-    name: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0:
-    r"""
-    Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
-    be applied to.
-
-    Attributes
-    ----------
-    patch : str, default is Undefined, required
-        Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
-        an array of operation objects.
-    target : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0Target, default is Undefined, optional
-        target
-    """
-
-
-    patch: str
-
-    target?: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0Target
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesItems0Target:
-    r"""
-    Target points to the resources that the patch document should be applied to.
-
-    Attributes
-    ----------
-    annotationSelector : str, default is Undefined, optional
-        AnnotationSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource annotations.
-    group : str, default is Undefined, optional
-        Group is the API group to select resources from.
-        Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    kind : str, default is Undefined, optional
-        Kind of the API Group to select resources from.
-        Together with Group and Version it is capable of unambiguously
-        identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    labelSelector : str, default is Undefined, optional
-        LabelSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource labels.
-    name : str, default is Undefined, optional
-        Name to match resources with.
-    namespace : str, default is Undefined, optional
-        Namespace to select resources from.
-    version : str, default is Undefined, optional
-        Version of the API Group to select resources from.
-        Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    """
-
-
-    annotationSelector?: str
-
-    group?: str
-
-    kind?: str
-
-    labelSelector?: str
-
-    name?: str
-
-    namespace?: str
-
-    version?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0:
-    r"""
-    JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.
-
-    Attributes
-    ----------
-    patch : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0PatchItems0], default is Undefined, required
-        Patch contains the JSON6902 patch document with an array of operation objects.
-    target : KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0Target, default is Undefined, required
-        target
-    """
-
-
-    patch: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0PatchItems0]
-
-    target: KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0Target
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0PatchItems0:
-    r"""
-    JSON6902 is a JSON6902 operation object.
-    https://datatracker.ietf.org/doc/html/rfc6902#section-4
-
-    Attributes
-    ----------
-    from : str, default is Undefined, optional
-        From contains a JSON-pointer value that references a location within the target document where the operation is
-        performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
-    op : str, default is Undefined, required
-        Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
-        "test".
-        https://datatracker.ietf.org/doc/html/rfc6902#section-4
-    path : str, default is Undefined, required
-        Path contains the JSON-pointer value that references a location within the target document where the operation
-        is performed. The meaning of the value depends on the value of Op.
-    value : any, default is Undefined, optional
-        Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
-        account by all operations.
-    """
-
-
-    from?: str
-
-    op: "test" | "remove" | "add" | "replace" | "move" | "copy"
-
-    path: str
-
-    value?: any
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPatchesJson6902Items0Target:
-    r"""
-    Target points to the resources that the patch document should be applied to.
-
-    Attributes
-    ----------
-    annotationSelector : str, default is Undefined, optional
-        AnnotationSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource annotations.
-    group : str, default is Undefined, optional
-        Group is the API group to select resources from.
-        Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    kind : str, default is Undefined, optional
-        Kind of the API Group to select resources from.
-        Together with Group and Version it is capable of unambiguously
-        identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    labelSelector : str, default is Undefined, optional
-        LabelSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource labels.
-    name : str, default is Undefined, optional
-        Name to match resources with.
-    namespace : str, default is Undefined, optional
-        Namespace to select resources from.
-    version : str, default is Undefined, optional
-        Version of the API Group to select resources from.
-        Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    """
-
-
-    annotationSelector?: str
-
-    group?: str
-
-    kind?: str
-
-    labelSelector?: str
-
-    name?: str
-
-    namespace?: str
-
-    version?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuild:
-    r"""
-    PostBuild describes which actions to perform on the YAML manifest
-    generated by building the kustomize overlay.
-
-    Attributes
-    ----------
-    substitute : {str:str}, default is Undefined, optional
-        Substitute holds a map of key/value pairs.
-        The variables defined in your YAML manifests
-        that match any of the keys defined in the map
-        will be substituted with the set value.
-        Includes support for bash string replacement functions
-        e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
-    substituteFrom : [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuildSubstituteFromItems0], default is Undefined, optional
-        SubstituteFrom holds references to ConfigMaps and Secrets containing
-        the variables and their values to be substituted in the YAML manifests.
-        The ConfigMap and the Secret data keys represent the var names and they
-        must match the vars declared in the manifests for the substitution to happen.
-    """
-
-
-    substitute?: {str:str}
-
-    substituteFrom?: [KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuildSubstituteFromItems0]
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecPostBuildSubstituteFromItems0:
-    r"""
-    SubstituteReference contains a reference to a resource containing
-    the variables name and value.
-
-    Attributes
-    ----------
-    kind : str, default is Undefined, required
-        Kind of the values referent, valid values are ('Secret', 'ConfigMap').
-    name : str, default is Undefined, required
-        Name of the values referent. Should reside in the same namespace as the
-        referring resource.
-    """
-
-
-    kind: "Secret" | "ConfigMap"
-
-    name: str
-
-
-    check:
-        len(name) <= 253
-        len(name) >= 1
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationSpecSourceRef:
-    r"""
-    Reference of the source where the kustomization file is.
-
-    Attributes
-    ----------
-    apiVersion : str, default is Undefined, optional
-        API version of the referent
-    kind : str, default is Undefined, required
-        Kind of the referent
-    name : str, default is Undefined, required
-        Name of the referent
-    namespace : str, default is Undefined, optional
-        Namespace of the referent, defaults to the Kustomization namespace
-    """
-
-
-    apiVersion?: str
-
-    kind: "GitRepository" | "Bucket"
-
-    name: str
-
-    namespace?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationStatus:
-    r"""
-    KustomizationStatus defines the observed state of a kustomization.
-
-    Attributes
-    ----------
-    conditions : [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusConditionsItems0], default is Undefined, optional
-        conditions
-    lastAppliedRevision : str, default is Undefined, optional
-        The last successfully applied revision.
-        The revision format for Git sources is <branch|tag>/<commit-sha>.
-    lastAttemptedRevision : str, default is Undefined, optional
-        LastAttemptedRevision is the revision of the last reconciliation attempt.
-    lastHandledReconcileAt : str, default is Undefined, optional
-        LastHandledReconcileAt holds the value of the most recent
-        reconcile request value, so a change of the annotation value
-        can be detected.
-    observedGeneration : int, default is Undefined, optional
-        ObservedGeneration is the last reconciled generation.
-    snapshot : KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshot, default is Undefined, optional
-        snapshot
-    """
-
-
-    conditions?: [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusConditionsItems0]
-
-    lastAppliedRevision?: str
-
-    lastAttemptedRevision?: str
-
-    lastHandledReconcileAt?: str
-
-    observedGeneration?: int
-
-    snapshot?: KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshot
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationStatusConditionsItems0:
-    r"""
-    Condition contains details for one aspect of the current state of this API Resource.
-
-    Attributes
-    ----------
-    lastTransitionTime : str, default is Undefined, required
-        lastTransitionTime is the last time the condition transitioned from one status to another.
-        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-    message : str, default is Undefined, required
-        message is a human readable message indicating details about the transition.
-        This may be an empty string.
-    observedGeneration : int, default is Undefined, optional
-        observedGeneration represents the .metadata.generation that the condition was set based upon.
-        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-        with respect to the current state of the instance.
-    reason : str, default is Undefined, required
-        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-        Producers of specific condition types may define expected values and meanings for this field,
-        and whether the values are considered a guaranteed API.
-        The value should be a CamelCase string.
-        This field may not be empty.
-    status : str, default is Undefined, required
-        status of the condition, one of True, False, Unknown.
-    $type : str, default is Undefined, required
-        type of condition in CamelCase or in foo.example.com/CamelCase.
-    """
-
-
-    lastTransitionTime: str
-
-    message: str
-
-    observedGeneration?: int
-
-    reason: str
-
-    status: "True" | "False" | "Unknown"
-
-    $type: str
-
-
-    check:
-        len(message) <= 32768
-        observedGeneration >= 0 if observedGeneration not in [None, Undefined]
-        len(reason) <= 1024
-        len(reason) >= 1
-        _regex_match(str(reason), r"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$")
-        len($type) <= 316
-        _regex_match(str($type), r"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$")
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshot:
-    r"""
-    The last successfully applied revision metadata.
-
-    Attributes
-    ----------
-    checksum : str, default is Undefined, required
-        The manifests sha1 checksum.
-    entries : [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshotEntriesItems0], default is Undefined, required
-        A list of Kubernetes kinds grouped by namespace.
-    """
-
-
-    checksum: str
-
-    entries: [KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshotEntriesItems0]
-
-
-schema KustomizeToolkitFluxcdIoV1beta1KustomizationStatusSnapshotEntriesItems0:
-    r"""
-    Snapshot holds the metadata of namespaced
-    Kubernetes objects
-
-    Attributes
-    ----------
-    kinds : {str:str}, default is Undefined, required
-        The list of Kubernetes kinds.
-    namespace : str, default is Undefined, optional
-        The namespace of this entry.
-    """
-
-
-    kinds: {str:str}
-
-    namespace?: str
-
-
diff --git a/fluxcd-kustomize-controller/v1beta2/kustomize_toolkit_fluxcd_io_v1beta2_kustomization.k b/fluxcd-kustomize-controller/v1beta2/kustomize_toolkit_fluxcd_io_v1beta2_kustomization.k
deleted file mode 100644
index f33cb847..00000000
--- a/fluxcd-kustomize-controller/v1beta2/kustomize_toolkit_fluxcd_io_v1beta2_kustomization.k
+++ /dev/null
@@ -1,709 +0,0 @@
-"""
-This file was generated by the KCL auto-gen tool. DO NOT EDIT.
-Editing this file might prove futile when you re-run the KCL auto-gen generate command.
-"""
-import regex
-import k8s.apimachinery.pkg.apis.meta.v1
-_regex_match = regex.match
-
-
-schema Kustomization:
-    r"""
-    Kustomization is the Schema for the kustomizations API.
-
-    Attributes
-    ----------
-    apiVersion : str, default is "kustomize.toolkit.fluxcd.io/v1beta2", required
-        APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-    kind : str, default is "Kustomization", required
-        Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-    metadata : v1.ObjectMeta, default is Undefined, optional
-        metadata
-    spec : KustomizeToolkitFluxcdIoV1beta2KustomizationSpec, default is Undefined, optional
-        spec
-    status : KustomizeToolkitFluxcdIoV1beta2KustomizationStatus, default is Undefined, optional
-        status
-    """
-
-
-    apiVersion: "kustomize.toolkit.fluxcd.io/v1beta2" = "kustomize.toolkit.fluxcd.io/v1beta2"
-
-    kind: "Kustomization" = "Kustomization"
-
-    metadata?: v1.ObjectMeta
-
-    spec?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpec
-
-    status?: KustomizeToolkitFluxcdIoV1beta2KustomizationStatus
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpec:
-    r"""
-    KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize.
-
-    Attributes
-    ----------
-    commonMetadata : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecCommonMetadata, default is Undefined, optional
-        common metadata
-    components : [str], default is Undefined, optional
-        Components specifies relative paths to specifications of other Components.
-    decryption : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryption, default is Undefined, optional
-        decryption
-    dependsOn : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDependsOnItems0], default is Undefined, optional
-        DependsOn may contain a meta.NamespacedObjectReference slice
-        with references to Kustomization resources that must be ready before this
-        Kustomization can be reconciled.
-    force : bool, default is Undefined, optional
-        Force instructs the controller to recreate resources
-        when patching fails due to an immutable field change.
-    healthChecks : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecHealthChecksItems0], default is Undefined, optional
-        A list of resources to be included in the health assessment.
-    images : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecImagesItems0], default is Undefined, optional
-        Images is a list of (image name, new name, new tag or digest)
-        for changing image names, tags or digests. This can also be achieved with a
-        patch, but this operator is simpler to specify.
-    interval : str, default is Undefined, required
-        The interval at which to reconcile the Kustomization.
-    kubeConfig : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfig, default is Undefined, optional
-        kube config
-    patches : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0], default is Undefined, optional
-        Strategic merge and JSON patches, defined as inline YAML objects,
-        capable of targeting objects based on kind, label and annotation selectors.
-    patchesJson6902 : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0], default is Undefined, optional
-        JSON 6902 patches, defined as inline YAML objects.
-        Deprecated: Use Patches instead.
-    patchesStrategicMerge : [any], default is Undefined, optional
-        Strategic merge patches, defined as inline YAML objects.
-        Deprecated: Use Patches instead.
-    path : str, default is Undefined, optional
-        Path to the directory containing the kustomization.yaml file, or the
-        set of plain YAMLs a kustomization.yaml should be generated for.
-        Defaults to 'None', which translates to the root path of the SourceRef.
-    postBuild : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuild, default is Undefined, optional
-        post build
-    prune : bool, default is Undefined, required
-        Prune enables garbage collection.
-    retryInterval : str, default is Undefined, optional
-        The interval at which to retry a previously failed reconciliation.
-        When not specified, the controller uses the KustomizationSpec.Interval
-        value to retry failures.
-    serviceAccountName : str, default is Undefined, optional
-        The name of the Kubernetes service account to impersonate
-        when reconciling this Kustomization.
-    sourceRef : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecSourceRef, default is Undefined, required
-        source ref
-    suspend : bool, default is Undefined, optional
-        This flag tells the controller to suspend subsequent kustomize executions,
-        it does not apply to already started executions. Defaults to false.
-    targetNamespace : str, default is Undefined, optional
-        TargetNamespace sets or overrides the namespace in the
-        kustomization.yaml file.
-    timeout : str, default is Undefined, optional
-        Timeout for validation, apply and health checking operations.
-        Defaults to 'Interval' duration.
-    validation : str, default is Undefined, optional
-        Deprecated: Not used in v1beta2.
-    wait : bool, default is Undefined, optional
-        Wait instructs the controller to check the health of all the reconciled resources.
-        When enabled, the HealthChecks are ignored. Defaults to false.
-    """
-
-
-    commonMetadata?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecCommonMetadata
-
-    components?: [str]
-
-    decryption?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryption
-
-    dependsOn?: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDependsOnItems0]
-
-    force?: bool = False
-
-    healthChecks?: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecHealthChecksItems0]
-
-    images?: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecImagesItems0]
-
-    interval: str
-
-    kubeConfig?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfig
-
-    patches?: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0]
-
-    patchesJson6902?: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0]
-
-    patchesStrategicMerge?: [any]
-
-    path?: str
-
-    postBuild?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuild
-
-    prune: bool
-
-    retryInterval?: str
-
-    serviceAccountName?: str
-
-    sourceRef: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecSourceRef
-
-    suspend?: bool
-
-    targetNamespace?: str
-
-    timeout?: str
-
-    validation?: "none" | "client" | "server"
-
-    wait?: bool
-
-
-    check:
-        _regex_match(str(interval), r"^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$")
-        _regex_match(str(retryInterval), r"^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$") if retryInterval
-        len(targetNamespace) <= 63 if targetNamespace
-        len(targetNamespace) >= 1 if targetNamespace
-        _regex_match(str(timeout), r"^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$") if timeout
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecCommonMetadata:
-    r"""
-    CommonMetadata specifies the common labels and annotations that are applied to all resources.
-    Any existing label or annotation will be overridden if its key matches a common one.
-
-    Attributes
-    ----------
-    annotations : {str:str}, default is Undefined, optional
-        Annotations to be added to the object's metadata.
-    labels : {str:str}, default is Undefined, optional
-        Labels to be added to the object's metadata.
-    """
-
-
-    annotations?: {str:str}
-
-    labels?: {str:str}
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryption:
-    r"""
-    Decrypt Kubernetes secrets before applying them on the cluster.
-
-    Attributes
-    ----------
-    provider : str, default is Undefined, required
-        Provider is the name of the decryption engine.
-    secretRef : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryptionSecretRef, default is Undefined, optional
-        secret ref
-    """
-
-
-    provider: "sops"
-
-    secretRef?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryptionSecretRef
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDecryptionSecretRef:
-    r"""
-    The secret name containing the private OpenPGP keys used for decryption.
-
-    Attributes
-    ----------
-    name : str, default is Undefined, required
-        Name of the referent.
-    """
-
-
-    name: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecDependsOnItems0:
-    r"""
-    NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any
-    namespace.
-
-    Attributes
-    ----------
-    name : str, default is Undefined, required
-        Name of the referent.
-    namespace : str, default is Undefined, optional
-        Namespace of the referent, when not specified it acts as LocalObjectReference.
-    """
-
-
-    name: str
-
-    namespace?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecHealthChecksItems0:
-    r"""
-    NamespacedObjectKindReference contains enough information to locate the typed referenced Kubernetes resource object
-    in any namespace.
-
-    Attributes
-    ----------
-    apiVersion : str, default is Undefined, optional
-        API version of the referent, if not specified the Kubernetes preferred version will be used.
-    kind : str, default is Undefined, required
-        Kind of the referent.
-    name : str, default is Undefined, required
-        Name of the referent.
-    namespace : str, default is Undefined, optional
-        Namespace of the referent, when not specified it acts as LocalObjectReference.
-    """
-
-
-    apiVersion?: str
-
-    kind: str
-
-    name: str
-
-    namespace?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecImagesItems0:
-    r"""
-    Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.
-
-    Attributes
-    ----------
-    digest : str, default is Undefined, optional
-        Digest is the value used to replace the original image tag.
-        If digest is present NewTag value is ignored.
-    name : str, default is Undefined, required
-        Name is a tag-less image name.
-    newName : str, default is Undefined, optional
-        NewName is the value used to replace the original name.
-    newTag : str, default is Undefined, optional
-        NewTag is the value used to replace the original tag.
-    """
-
-
-    digest?: str
-
-    name: str
-
-    newName?: str
-
-    newTag?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfig:
-    r"""
-    The KubeConfig for reconciling the Kustomization on a remote cluster.
-    When used in combination with KustomizationSpec.ServiceAccountName,
-    forces the controller to act on behalf of that Service Account at the
-    target cluster.
-    If the --default-service-account flag is set, its value will be used as
-    a controller level fallback for when KustomizationSpec.ServiceAccountName
-    is empty.
-
-    Attributes
-    ----------
-    secretRef : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfigSecretRef, default is Undefined, required
-        secret ref
-    """
-
-
-    secretRef: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfigSecretRef
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecKubeConfigSecretRef:
-    r"""
-    SecretRef holds the name of a secret that contains a key with
-    the kubeconfig file as the value. If no key is set, the key will default
-    to 'value'.
-    It is recommended that the kubeconfig is self-contained, and the secret
-    is regularly updated if credentials such as a cloud-access-token expire.
-    Cloud specific `cmd-path` auth helpers will not function without adding
-    binaries and credentials to the Pod that is responsible for reconciling
-    Kubernetes resources.
-
-    Attributes
-    ----------
-    key : str, default is Undefined, optional
-        Key in the Secret, when not specified an implementation-specific default key is used.
-    name : str, default is Undefined, required
-        Name of the Secret.
-    """
-
-
-    key?: str
-
-    name: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0:
-    r"""
-    Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should
-    be applied to.
-
-    Attributes
-    ----------
-    patch : str, default is Undefined, required
-        Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with
-        an array of operation objects.
-    target : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0Target, default is Undefined, optional
-        target
-    """
-
-
-    patch: str
-
-    target?: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0Target
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesItems0Target:
-    r"""
-    Target points to the resources that the patch document should be applied to.
-
-    Attributes
-    ----------
-    annotationSelector : str, default is Undefined, optional
-        AnnotationSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource annotations.
-    group : str, default is Undefined, optional
-        Group is the API group to select resources from.
-        Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    kind : str, default is Undefined, optional
-        Kind of the API Group to select resources from.
-        Together with Group and Version it is capable of unambiguously
-        identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    labelSelector : str, default is Undefined, optional
-        LabelSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource labels.
-    name : str, default is Undefined, optional
-        Name to match resources with.
-    namespace : str, default is Undefined, optional
-        Namespace to select resources from.
-    version : str, default is Undefined, optional
-        Version of the API Group to select resources from.
-        Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    """
-
-
-    annotationSelector?: str
-
-    group?: str
-
-    kind?: str
-
-    labelSelector?: str
-
-    name?: str
-
-    namespace?: str
-
-    version?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0:
-    r"""
-    JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.
-
-    Attributes
-    ----------
-    patch : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0PatchItems0], default is Undefined, required
-        Patch contains the JSON6902 patch document with an array of operation objects.
-    target : KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0Target, default is Undefined, required
-        target
-    """
-
-
-    patch: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0PatchItems0]
-
-    target: KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0Target
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0PatchItems0:
-    r"""
-    JSON6902 is a JSON6902 operation object.
-    https://datatracker.ietf.org/doc/html/rfc6902#section-4
-
-    Attributes
-    ----------
-    from : str, default is Undefined, optional
-        From contains a JSON-pointer value that references a location within the target document where the operation is
-        performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.
-    op : str, default is Undefined, required
-        Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or
-        "test".
-        https://datatracker.ietf.org/doc/html/rfc6902#section-4
-    path : str, default is Undefined, required
-        Path contains the JSON-pointer value that references a location within the target document where the operation
-        is performed. The meaning of the value depends on the value of Op.
-    value : any, default is Undefined, optional
-        Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into
-        account by all operations.
-    """
-
-
-    from?: str
-
-    op: "test" | "remove" | "add" | "replace" | "move" | "copy"
-
-    path: str
-
-    value?: any
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPatchesJson6902Items0Target:
-    r"""
-    Target points to the resources that the patch document should be applied to.
-
-    Attributes
-    ----------
-    annotationSelector : str, default is Undefined, optional
-        AnnotationSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource annotations.
-    group : str, default is Undefined, optional
-        Group is the API group to select resources from.
-        Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    kind : str, default is Undefined, optional
-        Kind of the API Group to select resources from.
-        Together with Group and Version it is capable of unambiguously
-        identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    labelSelector : str, default is Undefined, optional
-        LabelSelector is a string that follows the label selection expression
-        https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
-        It matches with the resource labels.
-    name : str, default is Undefined, optional
-        Name to match resources with.
-    namespace : str, default is Undefined, optional
-        Namespace to select resources from.
-    version : str, default is Undefined, optional
-        Version of the API Group to select resources from.
-        Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.
-        https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
-    """
-
-
-    annotationSelector?: str
-
-    group?: str
-
-    kind?: str
-
-    labelSelector?: str
-
-    name?: str
-
-    namespace?: str
-
-    version?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuild:
-    r"""
-    PostBuild describes which actions to perform on the YAML manifest
-    generated by building the kustomize overlay.
-
-    Attributes
-    ----------
-    substitute : {str:str}, default is Undefined, optional
-        Substitute holds a map of key/value pairs.
-        The variables defined in your YAML manifests
-        that match any of the keys defined in the map
-        will be substituted with the set value.
-        Includes support for bash string replacement functions
-        e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
-    substituteFrom : [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuildSubstituteFromItems0], default is Undefined, optional
-        SubstituteFrom holds references to ConfigMaps and Secrets containing
-        the variables and their values to be substituted in the YAML manifests.
-        The ConfigMap and the Secret data keys represent the var names and they
-        must match the vars declared in the manifests for the substitution to happen.
-    """
-
-
-    substitute?: {str:str}
-
-    substituteFrom?: [KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuildSubstituteFromItems0]
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecPostBuildSubstituteFromItems0:
-    r"""
-    SubstituteReference contains a reference to a resource containing
-    the variables name and value.
-
-    Attributes
-    ----------
-    kind : str, default is Undefined, required
-        Kind of the values referent, valid values are ('Secret', 'ConfigMap').
-    name : str, default is Undefined, required
-        Name of the values referent. Should reside in the same namespace as the
-        referring resource.
-    optional : bool, default is Undefined, optional
-        Optional indicates whether the referenced resource must exist, or whether to
-        tolerate its absence. If true and the referenced resource is absent, proceed
-        as if the resource was present but empty, without any variables defined.
-    """
-
-
-    kind: "Secret" | "ConfigMap"
-
-    name: str
-
-    optional?: bool = False
-
-
-    check:
-        len(name) <= 253
-        len(name) >= 1
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationSpecSourceRef:
-    r"""
-    Reference of the source where the kustomization file is.
-
-    Attributes
-    ----------
-    apiVersion : str, default is Undefined, optional
-        API version of the referent.
-    kind : str, default is Undefined, required
-        Kind of the referent.
-    name : str, default is Undefined, required
-        Name of the referent.
-    namespace : str, default is Undefined, optional
-        Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.
-    """
-
-
-    apiVersion?: str
-
-    kind: "OCIRepository" | "GitRepository" | "Bucket"
-
-    name: str
-
-    namespace?: str
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationStatus:
-    r"""
-    KustomizationStatus defines the observed state of a kustomization.
-
-    Attributes
-    ----------
-    conditions : [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusConditionsItems0], default is Undefined, optional
-        conditions
-    inventory : KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventory, default is Undefined, optional
-        inventory
-    lastAppliedRevision : str, default is Undefined, optional
-        The last successfully applied revision.
-        Equals the Revision of the applied Artifact from the referenced Source.
-    lastAttemptedRevision : str, default is Undefined, optional
-        LastAttemptedRevision is the revision of the last reconciliation attempt.
-    lastHandledReconcileAt : str, default is Undefined, optional
-        LastHandledReconcileAt holds the value of the most recent
-        reconcile request value, so a change of the annotation value
-        can be detected.
-    observedGeneration : int, default is Undefined, optional
-        ObservedGeneration is the last reconciled generation.
-    """
-
-
-    conditions?: [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusConditionsItems0]
-
-    inventory?: KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventory
-
-    lastAppliedRevision?: str
-
-    lastAttemptedRevision?: str
-
-    lastHandledReconcileAt?: str
-
-    observedGeneration?: int
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationStatusConditionsItems0:
-    r"""
-    Condition contains details for one aspect of the current state of this API Resource.
-
-    Attributes
-    ----------
-    lastTransitionTime : str, default is Undefined, required
-        lastTransitionTime is the last time the condition transitioned from one status to another.
-        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-    message : str, default is Undefined, required
-        message is a human readable message indicating details about the transition.
-        This may be an empty string.
-    observedGeneration : int, default is Undefined, optional
-        observedGeneration represents the .metadata.generation that the condition was set based upon.
-        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-        with respect to the current state of the instance.
-    reason : str, default is Undefined, required
-        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-        Producers of specific condition types may define expected values and meanings for this field,
-        and whether the values are considered a guaranteed API.
-        The value should be a CamelCase string.
-        This field may not be empty.
-    status : str, default is Undefined, required
-        status of the condition, one of True, False, Unknown.
-    $type : str, default is Undefined, required
-        type of condition in CamelCase or in foo.example.com/CamelCase.
-    """
-
-
-    lastTransitionTime: str
-
-    message: str
-
-    observedGeneration?: int
-
-    reason: str
-
-    status: "True" | "False" | "Unknown"
-
-    $type: str
-
-
-    check:
-        len(message) <= 32768
-        observedGeneration >= 0 if observedGeneration not in [None, Undefined]
-        len(reason) <= 1024
-        len(reason) >= 1
-        _regex_match(str(reason), r"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$")
-        len($type) <= 316
-        _regex_match(str($type), r"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$")
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventory:
-    r"""
-    Inventory contains the list of Kubernetes resource object references that have been successfully applied.
-
-    Attributes
-    ----------
-    entries : [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventoryEntriesItems0], default is Undefined, required
-        Entries of Kubernetes resource object references.
-    """
-
-
-    entries: [KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventoryEntriesItems0]
-
-
-schema KustomizeToolkitFluxcdIoV1beta2KustomizationStatusInventoryEntriesItems0:
-    r"""
-    ResourceRef contains the information necessary to locate a resource within a cluster.
-
-    Attributes
-    ----------
-    id : str, default is Undefined, required
-        ID is the string representation of the Kubernetes resource object's metadata,
-        in the format '<namespace>_<name>_<group>_<kind>'.
-    v : str, default is Undefined, required
-        Version is the API version of the Kubernetes resource object's kind.
-    """
-
-
-    id: str
-
-    v: str
-
-
diff --git a/fluxcd-kustomize-controller/v2beta1/kyverno_io_v2beta1_cluster_cleanup_policy.k b/fluxcd-kustomize-controller/v2beta1/kyverno_io_v2beta1_cluster_cleanup_policy.k
new file mode 100644
index 00000000..8f80583b
--- /dev/null
+++ b/fluxcd-kustomize-controller/v2beta1/kyverno_io_v2beta1_cluster_cleanup_policy.k
@@ -0,0 +1,1345 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import regex
+import k8s.apimachinery.pkg.apis.meta.v1
+_regex_match = regex.match
+
+
+schema ClusterCleanupPolicy:
+    r"""
+    ClusterCleanupPolicy defines rule for resource cleanup.
+
+    Attributes
+    ----------
+    apiVersion : str, default is "kyverno.io/v2beta1", required
+        APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+    kind : str, default is "ClusterCleanupPolicy", required
+        Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+    metadata : v1.ObjectMeta, default is Undefined, optional
+        metadata
+    spec : KyvernoIoV2beta1ClusterCleanupPolicySpec, default is Undefined, required
+        spec
+    status : KyvernoIoV2beta1ClusterCleanupPolicyStatus, default is Undefined, optional
+        status
+    """
+
+
+    apiVersion: "kyverno.io/v2beta1" = "kyverno.io/v2beta1"
+
+    kind: "ClusterCleanupPolicy" = "ClusterCleanupPolicy"
+
+    metadata?: v1.ObjectMeta
+
+    spec: KyvernoIoV2beta1ClusterCleanupPolicySpec
+
+    status?: KyvernoIoV2beta1ClusterCleanupPolicyStatus
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpec:
+    r"""
+    Spec declares policy behaviors.
+
+    Attributes
+    ----------
+    conditions : KyvernoIoV2beta1ClusterCleanupPolicySpecConditions, default is Undefined, optional
+        conditions
+    context : [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0], default is Undefined, optional
+        Context defines variables and data sources that can be used during rule execution.
+    exclude : KyvernoIoV2beta1ClusterCleanupPolicySpecExclude, default is Undefined, optional
+        exclude
+    match : KyvernoIoV2beta1ClusterCleanupPolicySpecMatch, default is Undefined, required
+        match
+    schedule : str, default is Undefined, required
+        The schedule in Cron format
+    """
+
+
+    conditions?: KyvernoIoV2beta1ClusterCleanupPolicySpecConditions
+
+    context?: [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0]
+
+    exclude?: KyvernoIoV2beta1ClusterCleanupPolicySpecExclude
+
+    match: KyvernoIoV2beta1ClusterCleanupPolicySpecMatch
+
+    schedule: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecConditions:
+    r"""
+    Conditions defines the conditions used to select the resources which will be cleaned up.
+
+    Attributes
+    ----------
+    $all : [KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAllItems0], default is Undefined, optional
+        AllConditions enable variable-based conditional rule execution. This is useful for
+        finer control of when an rule is applied. A condition can reference object data
+        using JMESPath notation.
+        Here, all of the conditions need to pass.
+    any : [KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAnyItems0], default is Undefined, optional
+        AnyConditions enable variable-based conditional rule execution. This is useful for
+        finer control of when an rule is applied. A condition can reference object data
+        using JMESPath notation.
+        Here, at least one of the conditions need to pass.
+    """
+
+
+    $all?: [KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAllItems0]
+
+    any?: [KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAnyItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAllItems0:
+    r"""
+    kyverno io v2beta1 cluster cleanup policy spec conditions all items0
+
+    Attributes
+    ----------
+    key : any, default is Undefined, optional
+        Key is the context entry (using JMESPath) for conditional rule evaluation.
+    message : str, default is Undefined, optional
+        Message is an optional display message
+    operator : str, default is Undefined, optional
+        Operator is the conditional operation to perform. Valid operators are:
+        Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
+        GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,
+        DurationLessThanOrEquals, DurationLessThan
+    value : any, default is Undefined, optional
+        Value is the conditional value, or set of values. The values can be fixed set
+        or can be variables declared using JMESPath.
+    """
+
+
+    key?: any
+
+    message?: str
+
+    operator?: "Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"
+
+    value?: any
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecConditionsAnyItems0:
+    r"""
+    kyverno io v2beta1 cluster cleanup policy spec conditions any items0
+
+    Attributes
+    ----------
+    key : any, default is Undefined, optional
+        Key is the context entry (using JMESPath) for conditional rule evaluation.
+    message : str, default is Undefined, optional
+        Message is an optional display message
+    operator : str, default is Undefined, optional
+        Operator is the conditional operation to perform. Valid operators are:
+        Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
+        GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,
+        DurationLessThanOrEquals, DurationLessThan
+    value : any, default is Undefined, optional
+        Value is the conditional value, or set of values. The values can be fixed set
+        or can be variables declared using JMESPath.
+    """
+
+
+    key?: any
+
+    message?: str
+
+    operator?: "Equals" | "NotEquals" | "AnyIn" | "AllIn" | "AnyNotIn" | "AllNotIn" | "GreaterThanOrEquals" | "GreaterThan" | "LessThanOrEquals" | "LessThan" | "DurationGreaterThanOrEquals" | "DurationGreaterThan" | "DurationLessThanOrEquals" | "DurationLessThan"
+
+    value?: any
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0:
+    r"""
+    ContextEntry adds variables and data sources to a rule Context. Either a
+    ConfigMap reference or a APILookup must be provided.
+
+    Attributes
+    ----------
+    apiCall : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICall, default is Undefined, optional
+        api call
+    configMap : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ConfigMap, default is Undefined, optional
+        config map
+    globalReference : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0GlobalReference, default is Undefined, optional
+        global reference
+    imageRegistry : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistry, default is Undefined, optional
+        image registry
+    name : str, default is Undefined, required
+        Name is the variable name.
+    variable : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0Variable, default is Undefined, optional
+        variable
+    """
+
+
+    apiCall?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICall
+
+    configMap?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ConfigMap
+
+    globalReference?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0GlobalReference
+
+    imageRegistry?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistry
+
+    name: str
+
+    variable?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0Variable
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICall:
+    r"""
+    APICall is an HTTP request to the Kubernetes API server, or other JSON web service.
+    The data returned is stored in the context with the name for the context entry.
+
+    Attributes
+    ----------
+    data : [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallDataItems0], default is Undefined, optional
+        The data object specifies the POST data sent to the server.
+        Only applicable when the method field is set to POST.
+    default : any, default is Undefined, optional
+        Default is an optional arbitrary JSON object that the context
+        value is set to, if the apiCall returns error.
+    jmesPath : str, default is Undefined, optional
+        JMESPath is an optional JSON Match Expression that can be used to
+        transform the JSON response returned from the server. For example
+        a JMESPath of "items | length(@)" applied to the API server response
+        for the URLPath "/apis/apps/v1/deployments" will return the total count
+        of deployments across all namespaces.
+    method : str, default is "GET", optional
+        Method is the HTTP request type (GET or POST). Defaults to GET.
+    service : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallService, default is Undefined, optional
+        service
+    urlPath : str, default is Undefined, optional
+        URLPath is the URL path to be used in the HTTP GET or POST request to the
+        Kubernetes API server (e.g. "/api/v1/namespaces" or  "/apis/apps/v1/deployments").
+        The format required is the same format used by the `kubectl get --raw` command.
+        See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
+        for details.
+        It's mutually exclusive with the Service field.
+    """
+
+
+    data?: [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallDataItems0]
+
+    default?: any
+
+    jmesPath?: str
+
+    method?: "GET" | "POST" = "GET"
+
+    service?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallService
+
+    urlPath?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallDataItems0:
+    r"""
+    RequestData contains the HTTP POST data
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        Key is a unique identifier for the data value
+    value : any, default is Undefined, required
+        Value is the data value
+    """
+
+
+    key: str
+
+    value: any
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallService:
+    r"""
+    Service is an API call to a JSON web service.
+    This is used for non-Kubernetes API server calls.
+    It's mutually exclusive with the URLPath field.
+
+    Attributes
+    ----------
+    caBundle : str, default is Undefined, optional
+        CABundle is a PEM encoded CA bundle which will be used to validate
+        the server certificate.
+    headers : [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0], default is Undefined, optional
+        Headers is a list of optional HTTP headers to be included in the request.
+    url : str, default is Undefined, required
+        URL is the JSON web service URL. A typical form is
+        `https://{service}.{namespace}:{port}/{path}`.
+    """
+
+
+    caBundle?: str
+
+    headers?: [KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0]
+
+    url: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0APICallServiceHeadersItems0:
+    r"""
+    kyverno io v2beta1 cluster cleanup policy spec context items0 API call service headers items0
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        Key is the header key
+    value : str, default is Undefined, required
+        Value is the header value
+    """
+
+
+    key: str
+
+    value: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ConfigMap:
+    r"""
+    ConfigMap is the ConfigMap reference.
+
+    Attributes
+    ----------
+    name : str, default is Undefined, required
+        Name is the ConfigMap name.
+    namespace : str, default is Undefined, optional
+        Namespace is the ConfigMap namespace.
+    """
+
+
+    name: str
+
+    namespace?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0GlobalReference:
+    r"""
+    GlobalContextEntryReference is a reference to a cached global context entry.
+
+    Attributes
+    ----------
+    jmesPath : str, default is Undefined, optional
+        JMESPath is an optional JSON Match Expression that can be used to
+        transform the JSON response returned from the server. For example
+        a JMESPath of "items | length(@)" applied to the API server response
+        for the URLPath "/apis/apps/v1/deployments" will return the total count
+        of deployments across all namespaces.
+    name : str, default is Undefined, required
+        Name of the global context entry
+    """
+
+
+    jmesPath?: str
+
+    name: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistry:
+    r"""
+    ImageRegistry defines requests to an OCI/Docker V2 registry to fetch image
+    details.
+
+    Attributes
+    ----------
+    imageRegistryCredentials : KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials, default is Undefined, optional
+        image registry credentials
+    jmesPath : str, default is Undefined, optional
+        JMESPath is an optional JSON Match Expression that can be used to
+        transform the ImageData struct returned as a result of processing
+        the image reference.
+    reference : str, default is Undefined, required
+        Reference is image reference to a container image in the registry.
+        Example: ghcr.io/kyverno/kyverno:latest
+    """
+
+
+    imageRegistryCredentials?: KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials
+
+    jmesPath?: str
+
+    reference: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0ImageRegistryImageRegistryCredentials:
+    r"""
+    ImageRegistryCredentials provides credentials that will be used for authentication with registry
+
+    Attributes
+    ----------
+    allowInsecureRegistry : bool, default is Undefined, optional
+        AllowInsecureRegistry allows insecure access to a registry.
+    providers : [str], default is Undefined, optional
+        Providers specifies a list of OCI Registry names, whose authentication providers are provided.
+        It can be of one of these values: default,google,azure,amazon,github.
+    secrets : [str], default is Undefined, optional
+        Secrets specifies a list of secrets that are provided for credentials.
+        Secrets must live in the Kyverno namespace.
+    """
+
+
+    allowInsecureRegistry?: bool
+
+    providers?: [str]
+
+    secrets?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecContextItems0Variable:
+    r"""
+    Variable defines an arbitrary JMESPath context variable that can be defined inline.
+
+    Attributes
+    ----------
+    default : any, default is Undefined, optional
+        Default is an optional arbitrary JSON object that the variable may take if the JMESPath
+        expression evaluates to nil
+    jmesPath : str, default is Undefined, optional
+        JMESPath is an optional JMESPath Expression that can be used to
+        transform the variable.
+    value : any, default is Undefined, optional
+        Value is any arbitrary JSON object representable in YAML or JSON form.
+    """
+
+
+    default?: any
+
+    jmesPath?: str
+
+    value?: any
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExclude:
+    r"""
+    ExcludeResources defines when cleanuppolicy should not be applied. The exclude
+    criteria can include resource information (e.g. kind, name, namespace, labels)
+    and admission review request information like the name or role.
+
+    Attributes
+    ----------
+    $all : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0], default is Undefined, optional
+        All allows specifying resources which will be ANDed
+    any : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0], default is Undefined, optional
+        Any allows specifying resources which will be ORed
+    """
+
+
+    $all?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0]
+
+    any?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0:
+    r"""
+    ResourceFilter allow users to "AND" or "OR" between resources
+
+    Attributes
+    ----------
+    clusterRoles : [str], default is Undefined, optional
+        ClusterRoles is the list of cluster-wide role names for the user.
+    resources : KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0Resources, default is Undefined, optional
+        resources
+    roles : [str], default is Undefined, optional
+        Roles is the list of namespaced role names for the user.
+    subjects : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0], default is Undefined, optional
+        Subjects is the list of subject names like users, user groups, and service accounts.
+    """
+
+
+    clusterRoles?: [str]
+
+    resources?: KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0Resources
+
+    roles?: [str]
+
+    subjects?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0Resources:
+    r"""
+    ResourceDescription contains information about the resource being created or modified.
+
+    Attributes
+    ----------
+    annotations : {str:str}, default is Undefined, optional
+        Annotations is a  map of annotations (key-value pairs of type string). Annotation keys
+        and values support the wildcard characters "*" (matches zero or many characters) and
+        "?" (matches at least one character).
+    kinds : [str], default is Undefined, optional
+        Kinds is a list of resource kinds.
+    name : str, default is Undefined, optional
+        Name is the name of the resource. The name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+        NOTE: "Name" is being deprecated in favor of "Names".
+    names : [str], default is Undefined, optional
+        Names are the names of the resources. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    namespaceSelector : KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector, default is Undefined, optional
+        namespace selector
+    namespaces : [str], default is Undefined, optional
+        Namespaces is a list of namespaces names. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    operations : [str], default is Undefined, optional
+        Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.
+    selector : KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector, default is Undefined, optional
+        selector
+    """
+
+
+    annotations?: {str:str}
+
+    kinds?: [str]
+
+    name?: str
+
+    names?: [str]
+
+    namespaceSelector?: KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector
+
+    namespaces?: [str]
+
+    operations?: [str]
+
+    selector?: KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelector:
+    r"""
+    NamespaceSelector is a label selector for the resource namespace. Label keys and values
+    in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
+    and `?` (matches one character).Wildcards allows writing label selectors like
+    ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
+    does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelector:
+    r"""
+    Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
+    characters `*` (matches zero or many characters) and `?` (matches one character).
+    Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
+    using ["*" : "*"] matches any key and value but does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0ResourcesSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAllItems0SubjectsItems0:
+    r"""
+    Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference,
+    or a value for non-objects such as user and group names.
+
+    Attributes
+    ----------
+    apiGroup : str, default is Undefined, optional
+        APIGroup holds the API group of the referenced subject.
+        Defaults to "" for ServiceAccount subjects.
+        Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+    kind : str, default is Undefined, required
+        Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
+        If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+    name : str, default is Undefined, required
+        Name of the object being referenced.
+    namespace : str, default is Undefined, optional
+        Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
+        the Authorizer should report an error.
+    """
+
+
+    apiGroup?: str
+
+    kind: str
+
+    name: str
+
+    namespace?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0:
+    r"""
+    ResourceFilter allow users to "AND" or "OR" between resources
+
+    Attributes
+    ----------
+    clusterRoles : [str], default is Undefined, optional
+        ClusterRoles is the list of cluster-wide role names for the user.
+    resources : KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0Resources, default is Undefined, optional
+        resources
+    roles : [str], default is Undefined, optional
+        Roles is the list of namespaced role names for the user.
+    subjects : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0], default is Undefined, optional
+        Subjects is the list of subject names like users, user groups, and service accounts.
+    """
+
+
+    clusterRoles?: [str]
+
+    resources?: KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0Resources
+
+    roles?: [str]
+
+    subjects?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0Resources:
+    r"""
+    ResourceDescription contains information about the resource being created or modified.
+
+    Attributes
+    ----------
+    annotations : {str:str}, default is Undefined, optional
+        Annotations is a  map of annotations (key-value pairs of type string). Annotation keys
+        and values support the wildcard characters "*" (matches zero or many characters) and
+        "?" (matches at least one character).
+    kinds : [str], default is Undefined, optional
+        Kinds is a list of resource kinds.
+    name : str, default is Undefined, optional
+        Name is the name of the resource. The name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+        NOTE: "Name" is being deprecated in favor of "Names".
+    names : [str], default is Undefined, optional
+        Names are the names of the resources. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    namespaceSelector : KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector, default is Undefined, optional
+        namespace selector
+    namespaces : [str], default is Undefined, optional
+        Namespaces is a list of namespaces names. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    operations : [str], default is Undefined, optional
+        Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.
+    selector : KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector, default is Undefined, optional
+        selector
+    """
+
+
+    annotations?: {str:str}
+
+    kinds?: [str]
+
+    name?: str
+
+    names?: [str]
+
+    namespaceSelector?: KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector
+
+    namespaces?: [str]
+
+    operations?: [str]
+
+    selector?: KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelector:
+    r"""
+    NamespaceSelector is a label selector for the resource namespace. Label keys and values
+    in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
+    and `?` (matches one character).Wildcards allows writing label selectors like
+    ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
+    does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelector:
+    r"""
+    Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
+    characters `*` (matches zero or many characters) and `?` (matches one character).
+    Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
+    using ["*" : "*"] matches any key and value but does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0ResourcesSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecExcludeAnyItems0SubjectsItems0:
+    r"""
+    Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference,
+    or a value for non-objects such as user and group names.
+
+    Attributes
+    ----------
+    apiGroup : str, default is Undefined, optional
+        APIGroup holds the API group of the referenced subject.
+        Defaults to "" for ServiceAccount subjects.
+        Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+    kind : str, default is Undefined, required
+        Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
+        If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+    name : str, default is Undefined, required
+        Name of the object being referenced.
+    namespace : str, default is Undefined, optional
+        Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
+        the Authorizer should report an error.
+    """
+
+
+    apiGroup?: str
+
+    kind: str
+
+    name: str
+
+    namespace?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatch:
+    r"""
+    MatchResources defines when cleanuppolicy should be applied. The match
+    criteria can include resource information (e.g. kind, name, namespace, labels)
+    and admission review request information like the user name or role.
+    At least one kind is required.
+
+    Attributes
+    ----------
+    $all : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0], default is Undefined, optional
+        All allows specifying resources which will be ANDed
+    any : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0], default is Undefined, optional
+        Any allows specifying resources which will be ORed
+    """
+
+
+    $all?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0]
+
+    any?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0:
+    r"""
+    ResourceFilter allow users to "AND" or "OR" between resources
+
+    Attributes
+    ----------
+    clusterRoles : [str], default is Undefined, optional
+        ClusterRoles is the list of cluster-wide role names for the user.
+    resources : KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0Resources, default is Undefined, optional
+        resources
+    roles : [str], default is Undefined, optional
+        Roles is the list of namespaced role names for the user.
+    subjects : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0], default is Undefined, optional
+        Subjects is the list of subject names like users, user groups, and service accounts.
+    """
+
+
+    clusterRoles?: [str]
+
+    resources?: KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0Resources
+
+    roles?: [str]
+
+    subjects?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0Resources:
+    r"""
+    ResourceDescription contains information about the resource being created or modified.
+
+    Attributes
+    ----------
+    annotations : {str:str}, default is Undefined, optional
+        Annotations is a  map of annotations (key-value pairs of type string). Annotation keys
+        and values support the wildcard characters "*" (matches zero or many characters) and
+        "?" (matches at least one character).
+    kinds : [str], default is Undefined, optional
+        Kinds is a list of resource kinds.
+    name : str, default is Undefined, optional
+        Name is the name of the resource. The name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+        NOTE: "Name" is being deprecated in favor of "Names".
+    names : [str], default is Undefined, optional
+        Names are the names of the resources. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    namespaceSelector : KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector, default is Undefined, optional
+        namespace selector
+    namespaces : [str], default is Undefined, optional
+        Namespaces is a list of namespaces names. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    operations : [str], default is Undefined, optional
+        Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.
+    selector : KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector, default is Undefined, optional
+        selector
+    """
+
+
+    annotations?: {str:str}
+
+    kinds?: [str]
+
+    name?: str
+
+    names?: [str]
+
+    namespaceSelector?: KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector
+
+    namespaces?: [str]
+
+    operations?: [str]
+
+    selector?: KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelector:
+    r"""
+    NamespaceSelector is a label selector for the resource namespace. Label keys and values
+    in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
+    and `?` (matches one character).Wildcards allows writing label selectors like
+    ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
+    does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesNamespaceSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelector:
+    r"""
+    Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
+    characters `*` (matches zero or many characters) and `?` (matches one character).
+    Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
+    using ["*" : "*"] matches any key and value but does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0ResourcesSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAllItems0SubjectsItems0:
+    r"""
+    Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference,
+    or a value for non-objects such as user and group names.
+
+    Attributes
+    ----------
+    apiGroup : str, default is Undefined, optional
+        APIGroup holds the API group of the referenced subject.
+        Defaults to "" for ServiceAccount subjects.
+        Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+    kind : str, default is Undefined, required
+        Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
+        If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+    name : str, default is Undefined, required
+        Name of the object being referenced.
+    namespace : str, default is Undefined, optional
+        Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
+        the Authorizer should report an error.
+    """
+
+
+    apiGroup?: str
+
+    kind: str
+
+    name: str
+
+    namespace?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0:
+    r"""
+    ResourceFilter allow users to "AND" or "OR" between resources
+
+    Attributes
+    ----------
+    clusterRoles : [str], default is Undefined, optional
+        ClusterRoles is the list of cluster-wide role names for the user.
+    resources : KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0Resources, default is Undefined, optional
+        resources
+    roles : [str], default is Undefined, optional
+        Roles is the list of namespaced role names for the user.
+    subjects : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0], default is Undefined, optional
+        Subjects is the list of subject names like users, user groups, and service accounts.
+    """
+
+
+    clusterRoles?: [str]
+
+    resources?: KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0Resources
+
+    roles?: [str]
+
+    subjects?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0Resources:
+    r"""
+    ResourceDescription contains information about the resource being created or modified.
+
+    Attributes
+    ----------
+    annotations : {str:str}, default is Undefined, optional
+        Annotations is a  map of annotations (key-value pairs of type string). Annotation keys
+        and values support the wildcard characters "*" (matches zero or many characters) and
+        "?" (matches at least one character).
+    kinds : [str], default is Undefined, optional
+        Kinds is a list of resource kinds.
+    name : str, default is Undefined, optional
+        Name is the name of the resource. The name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+        NOTE: "Name" is being deprecated in favor of "Names".
+    names : [str], default is Undefined, optional
+        Names are the names of the resources. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    namespaceSelector : KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector, default is Undefined, optional
+        namespace selector
+    namespaces : [str], default is Undefined, optional
+        Namespaces is a list of namespaces names. Each name supports wildcard characters
+        "*" (matches zero or many characters) and "?" (at least one character).
+    operations : [str], default is Undefined, optional
+        Operations can contain values ["CREATE, "UPDATE", "CONNECT", "DELETE"], which are used to match a specific action.
+    selector : KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector, default is Undefined, optional
+        selector
+    """
+
+
+    annotations?: {str:str}
+
+    kinds?: [str]
+
+    name?: str
+
+    names?: [str]
+
+    namespaceSelector?: KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector
+
+    namespaces?: [str]
+
+    operations?: [str]
+
+    selector?: KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelector:
+    r"""
+    NamespaceSelector is a label selector for the resource namespace. Label keys and values
+    in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
+    and `?` (matches one character).Wildcards allows writing label selectors like
+    ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
+    does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesNamespaceSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelector:
+    r"""
+    Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
+    characters `*` (matches zero or many characters) and `?` (matches one character).
+    Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
+    using ["*" : "*"] matches any key and value but does not match an empty label set.
+
+    Attributes
+    ----------
+    matchExpressions : [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0], default is Undefined, optional
+        matchExpressions is a list of label selector requirements. The requirements are ANDed.
+    matchLabels : {str:str}, default is Undefined, optional
+        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+        map is equivalent to an element of matchExpressions, whose key field is "key", the
+        operator is "In", and the values array contains only "value". The requirements are ANDed.
+    """
+
+
+    matchExpressions?: [KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0]
+
+    matchLabels?: {str:str}
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0ResourcesSelectorMatchExpressionsItems0:
+    r"""
+    A label selector requirement is a selector that contains values, a key, and an operator that
+    relates the key and values.
+
+    Attributes
+    ----------
+    key : str, default is Undefined, required
+        key is the label key that the selector applies to.
+    operator : str, default is Undefined, required
+        operator represents a key's relationship to a set of values.
+        Valid operators are In, NotIn, Exists and DoesNotExist.
+    values : [str], default is Undefined, optional
+        values is an array of string values. If the operator is In or NotIn,
+        the values array must be non-empty. If the operator is Exists or DoesNotExist,
+        the values array must be empty. This array is replaced during a strategic
+        merge patch.
+    """
+
+
+    key: str
+
+    operator: str
+
+    values?: [str]
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicySpecMatchAnyItems0SubjectsItems0:
+    r"""
+    Subject contains a reference to the object or user identities a role binding applies to.  This can either hold a direct API object reference,
+    or a value for non-objects such as user and group names.
+
+    Attributes
+    ----------
+    apiGroup : str, default is Undefined, optional
+        APIGroup holds the API group of the referenced subject.
+        Defaults to "" for ServiceAccount subjects.
+        Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
+    kind : str, default is Undefined, required
+        Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
+        If the Authorizer does not recognized the kind value, the Authorizer should report an error.
+    name : str, default is Undefined, required
+        Name of the object being referenced.
+    namespace : str, default is Undefined, optional
+        Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
+        the Authorizer should report an error.
+    """
+
+
+    apiGroup?: str
+
+    kind: str
+
+    name: str
+
+    namespace?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicyStatus:
+    r"""
+    Status contains policy runtime data.
+
+    Attributes
+    ----------
+    conditions : [KyvernoIoV2beta1ClusterCleanupPolicyStatusConditionsItems0], default is Undefined, optional
+        conditions
+    lastExecutionTime : str, default is Undefined, optional
+        last execution time
+    """
+
+
+    conditions?: [KyvernoIoV2beta1ClusterCleanupPolicyStatusConditionsItems0]
+
+    lastExecutionTime?: str
+
+
+schema KyvernoIoV2beta1ClusterCleanupPolicyStatusConditionsItems0:
+    r"""
+    Condition contains details for one aspect of the current state of this API Resource.
+
+    Attributes
+    ----------
+    lastTransitionTime : str, default is Undefined, required
+        lastTransitionTime is the last time the condition transitioned from one status to another.
+        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+    message : str, default is Undefined, required
+        message is a human readable message indicating details about the transition.
+        This may be an empty string.
+    observedGeneration : int, default is Undefined, optional
+        observedGeneration represents the .metadata.generation that the condition was set based upon.
+        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+        with respect to the current state of the instance.
+    reason : str, default is Undefined, required
+        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+        Producers of specific condition types may define expected values and meanings for this field,
+        and whether the values are considered a guaranteed API.
+        The value should be a CamelCase string.
+        This field may not be empty.
+    status : str, default is Undefined, required
+        status of the condition, one of True, False, Unknown.
+    $type : str, default is Undefined, required
+        type of condition in CamelCase or in foo.example.com/CamelCase.
+    """
+
+
+    lastTransitionTime: str
+
+    message: str
+
+    observedGeneration?: int
+
+    reason: str
+
+    status: "True" | "False" | "Unknown"
+
+    $type: str
+
+
+    check:
+        len(message) <= 32768
+        observedGeneration >= 0 if observedGeneration not in [None, Undefined]
+        len(reason) <= 1024
+        len(reason) >= 1
+        _regex_match(str(reason), r"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$")
+        len($type) <= 316
+        _regex_match(str($type), r"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$")
+
+