Kazan v0.4.0 Kazan.Models.Apis.Extensions.V1beta1.PodSecurityPolicySpec View Source

Pod Security Policy Spec defines the policy enforced.

OpenAPI Definition: io.k8s.kubernetes.pkg.apis.extensions.v1beta1.PodSecurityPolicySpec

Properties

  • allowed_capabilities :: [ String ]

    • AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author’s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
  • default_add_capabilities :: [ String ]

    • DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.
  • fs_group :: Kazan.Models.Apis.Extensions.V1beta1.FSGroupStrategyOptions

    • FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
  • host_ipc :: Boolean

    • hostIPC determines if the policy allows the use of HostIPC in the pod spec.
  • host_network :: Boolean

    • hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
  • host_pid :: Boolean

    • hostPID determines if the policy allows the use of HostPID in the pod spec.
  • host_ports :: [ Kazan.Models.Apis.Extensions.V1beta1.HostPortRange ]

    • hostPorts determines which host port ranges are allowed to be exposed.
  • privileged :: Boolean

    • privileged determines if a pod can request to be run as privileged.
  • read_only_root_filesystem :: Boolean

    • ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
  • required_drop_capabilities :: [ String ]

    • RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.
  • run_as_user :: Kazan.Models.Apis.Extensions.V1beta1.RunAsUserStrategyOptions

    • runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
  • se_linux :: Kazan.Models.Apis.Extensions.V1beta1.SELinuxStrategyOptions

    • seLinux is the strategy that will dictate the allowable labels that may be set.
  • supplemental_groups :: Kazan.Models.Apis.Extensions.V1beta1.SupplementalGroupsStrategyOptions

    • SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
  • volumes :: [ String ]

    • volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.