Kazan v0.4.0 Kazan.Models.Apis.Extensions.V1beta1.PodSecurityPolicySpec View Source
Pod Security Policy Spec defines the policy enforced.
OpenAPI Definition: io.k8s.kubernetes.pkg.apis.extensions.v1beta1.PodSecurityPolicySpec
Properties
allowed_capabilities
:: [String
]- AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author’s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
default_add_capabilities
:: [String
]- DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.
fs_group
::Kazan.Models.Apis.Extensions.V1beta1.FSGroupStrategyOptions
- FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
host_ipc
::Boolean
- hostIPC determines if the policy allows the use of HostIPC in the pod spec.
host_network
::Boolean
- hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
host_pid
::Boolean
- hostPID determines if the policy allows the use of HostPID in the pod spec.
host_ports
:: [Kazan.Models.Apis.Extensions.V1beta1.HostPortRange
]- hostPorts determines which host port ranges are allowed to be exposed.
privileged
::Boolean
- privileged determines if a pod can request to be run as privileged.
read_only_root_filesystem
::Boolean
- ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
required_drop_capabilities
:: [String
]- RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.
run_as_user
::Kazan.Models.Apis.Extensions.V1beta1.RunAsUserStrategyOptions
- runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
se_linux
::Kazan.Models.Apis.Extensions.V1beta1.SELinuxStrategyOptions
- seLinux is the strategy that will dictate the allowable labels that may be set.
supplemental_groups
::Kazan.Models.Apis.Extensions.V1beta1.SupplementalGroupsStrategyOptions
- SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
volumes
:: [String
]- volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.