Kazan v0.6.0 Kazan.Apis.Extensions.V1beta1.PodSecurityPolicySpec View Source

Pod Security Policy Spec defines the policy enforced.

OpenAPI Definition: io.k8s.api.extensions.v1beta1.PodSecurityPolicySpec

Properties

  • allow_privilege_escalation :: Boolean

    • AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
  • allowed_capabilities :: [ String ]

    • AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author’s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
  • allowed_host_paths :: [ Kazan.Apis.Extensions.V1beta1.AllowedHostPath ]

    • is a white list of allowed host paths. Empty indicates that all host paths may be used.
  • default_add_capabilities :: [ String ]

    • DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.
  • default_allow_privilege_escalation :: Boolean

    • DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
  • fs_group :: Kazan.Apis.Extensions.V1beta1.FSGroupStrategyOptions

    • Deprecated. Please use io.k8s.api.extensions.v1beta1.FSGroupStrategyOptions instead.
  • host_ipc :: Boolean

    • hostIPC determines if the policy allows the use of HostIPC in the pod spec.
  • host_network :: Boolean

    • hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
  • host_pid :: Boolean

    • hostPID determines if the policy allows the use of HostPID in the pod spec.
  • host_ports :: [ Kazan.Apis.Extensions.V1beta1.HostPortRange ]

    • hostPorts determines which host port ranges are allowed to be exposed.
  • privileged :: Boolean

    • privileged determines if a pod can request to be run as privileged.
  • read_only_root_filesystem :: Boolean

    • ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
  • required_drop_capabilities :: [ String ]

    • RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.
  • run_as_user :: Kazan.Apis.Extensions.V1beta1.RunAsUserStrategyOptions

    • Deprecated. Please use io.k8s.api.extensions.v1beta1.RunAsUserStrategyOptions instead.
  • se_linux :: Kazan.Apis.Extensions.V1beta1.SELinuxStrategyOptions

    • Deprecated. Please use io.k8s.api.extensions.v1beta1.SELinuxStrategyOptions instead.
  • supplemental_groups :: Kazan.Apis.Extensions.V1beta1.SupplementalGroupsStrategyOptions

    • Deprecated. Please use io.k8s.api.extensions.v1beta1.SupplementalGroupsStrategyOptions instead.
  • volumes :: [ String ]

    • volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.