Documentation ¶
Overview ¶
Package policy is for any kind of policy object. Suitable examples, even if they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, NetworkPolicy, etc.
Package v1beta1 is a generated protocol buffer package. It is generated from these files: k8s.io/kubernetes/vendor/k8s.io/api/policy/v1beta1/generated.proto It has these top-level messages: AllowedFlexVolume AllowedHostPath Eviction FSGroupStrategyOptions HostPortRange IDRange PodDisruptionBudget PodDisruptionBudgetList PodDisruptionBudgetSpec PodDisruptionBudgetStatus PodSecurityPolicy PodSecurityPolicyList PodSecurityPolicySpec RunAsGroupStrategyOptions RunAsUserStrategyOptions SELinuxStrategyOptions SupplementalGroupsStrategyOptions
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type AllowedFlexVolume
- func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume
- func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)
- func (*AllowedFlexVolume) Descriptor() ([]byte, []int)
- func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)
- func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)
- func (*AllowedFlexVolume) ProtoMessage()
- func (m *AllowedFlexVolume) Reset()
- func (m *AllowedFlexVolume) Size() (n int)
- func (this *AllowedFlexVolume) String() string
- func (AllowedFlexVolume) SwaggerDoc() map[string]string
- func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error
- type AllowedHostPath
- func (in *AllowedHostPath) DeepCopy() *AllowedHostPath
- func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath)
- func (*AllowedHostPath) Descriptor() ([]byte, []int)
- func (m *AllowedHostPath) Marshal() (dAtA []byte, err error)
- func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error)
- func (*AllowedHostPath) ProtoMessage()
- func (m *AllowedHostPath) Reset()
- func (m *AllowedHostPath) Size() (n int)
- func (this *AllowedHostPath) String() string
- func (AllowedHostPath) SwaggerDoc() map[string]string
- func (m *AllowedHostPath) Unmarshal(dAtA []byte) error
- type Eviction
- func (in *Eviction) DeepCopy() *Eviction
- func (in *Eviction) DeepCopyInto(out *Eviction)
- func (in *Eviction) DeepCopyObject() runtime.Object
- func (*Eviction) Descriptor() ([]byte, []int)
- func (m *Eviction) Marshal() (dAtA []byte, err error)
- func (m *Eviction) MarshalTo(dAtA []byte) (int, error)
- func (*Eviction) ProtoMessage()
- func (m *Eviction) Reset()
- func (m *Eviction) Size() (n int)
- func (this *Eviction) String() string
- func (Eviction) SwaggerDoc() map[string]string
- func (m *Eviction) Unmarshal(dAtA []byte) error
- type FSGroupStrategyOptions
- func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions
- func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)
- func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)
- func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (*FSGroupStrategyOptions) ProtoMessage()
- func (m *FSGroupStrategyOptions) Reset()
- func (m *FSGroupStrategyOptions) Size() (n int)
- func (this *FSGroupStrategyOptions) String() string
- func (FSGroupStrategyOptions) SwaggerDoc() map[string]string
- func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error
- type FSGroupStrategyType
- type FSType
- type HostPortRange
- func (in *HostPortRange) DeepCopy() *HostPortRange
- func (in *HostPortRange) DeepCopyInto(out *HostPortRange)
- func (*HostPortRange) Descriptor() ([]byte, []int)
- func (m *HostPortRange) Marshal() (dAtA []byte, err error)
- func (m *HostPortRange) MarshalTo(dAtA []byte) (int, error)
- func (*HostPortRange) ProtoMessage()
- func (m *HostPortRange) Reset()
- func (m *HostPortRange) Size() (n int)
- func (this *HostPortRange) String() string
- func (HostPortRange) SwaggerDoc() map[string]string
- func (m *HostPortRange) Unmarshal(dAtA []byte) error
- type IDRange
- func (in *IDRange) DeepCopy() *IDRange
- func (in *IDRange) DeepCopyInto(out *IDRange)
- func (*IDRange) Descriptor() ([]byte, []int)
- func (m *IDRange) Marshal() (dAtA []byte, err error)
- func (m *IDRange) MarshalTo(dAtA []byte) (int, error)
- func (*IDRange) ProtoMessage()
- func (m *IDRange) Reset()
- func (m *IDRange) Size() (n int)
- func (this *IDRange) String() string
- func (IDRange) SwaggerDoc() map[string]string
- func (m *IDRange) Unmarshal(dAtA []byte) error
- type PodDisruptionBudget
- func (in *PodDisruptionBudget) DeepCopy() *PodDisruptionBudget
- func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget)
- func (in *PodDisruptionBudget) DeepCopyObject() runtime.Object
- func (*PodDisruptionBudget) Descriptor() ([]byte, []int)
- func (m *PodDisruptionBudget) Marshal() (dAtA []byte, err error)
- func (m *PodDisruptionBudget) MarshalTo(dAtA []byte) (int, error)
- func (*PodDisruptionBudget) ProtoMessage()
- func (m *PodDisruptionBudget) Reset()
- func (m *PodDisruptionBudget) Size() (n int)
- func (this *PodDisruptionBudget) String() string
- func (PodDisruptionBudget) SwaggerDoc() map[string]string
- func (m *PodDisruptionBudget) Unmarshal(dAtA []byte) error
- type PodDisruptionBudgetList
- func (in *PodDisruptionBudgetList) DeepCopy() *PodDisruptionBudgetList
- func (in *PodDisruptionBudgetList) DeepCopyInto(out *PodDisruptionBudgetList)
- func (in *PodDisruptionBudgetList) DeepCopyObject() runtime.Object
- func (*PodDisruptionBudgetList) Descriptor() ([]byte, []int)
- func (m *PodDisruptionBudgetList) Marshal() (dAtA []byte, err error)
- func (m *PodDisruptionBudgetList) MarshalTo(dAtA []byte) (int, error)
- func (*PodDisruptionBudgetList) ProtoMessage()
- func (m *PodDisruptionBudgetList) Reset()
- func (m *PodDisruptionBudgetList) Size() (n int)
- func (this *PodDisruptionBudgetList) String() string
- func (PodDisruptionBudgetList) SwaggerDoc() map[string]string
- func (m *PodDisruptionBudgetList) Unmarshal(dAtA []byte) error
- type PodDisruptionBudgetSpec
- func (in *PodDisruptionBudgetSpec) DeepCopy() *PodDisruptionBudgetSpec
- func (in *PodDisruptionBudgetSpec) DeepCopyInto(out *PodDisruptionBudgetSpec)
- func (*PodDisruptionBudgetSpec) Descriptor() ([]byte, []int)
- func (m *PodDisruptionBudgetSpec) Marshal() (dAtA []byte, err error)
- func (m *PodDisruptionBudgetSpec) MarshalTo(dAtA []byte) (int, error)
- func (*PodDisruptionBudgetSpec) ProtoMessage()
- func (m *PodDisruptionBudgetSpec) Reset()
- func (m *PodDisruptionBudgetSpec) Size() (n int)
- func (this *PodDisruptionBudgetSpec) String() string
- func (PodDisruptionBudgetSpec) SwaggerDoc() map[string]string
- func (m *PodDisruptionBudgetSpec) Unmarshal(dAtA []byte) error
- type PodDisruptionBudgetStatus
- func (in *PodDisruptionBudgetStatus) DeepCopy() *PodDisruptionBudgetStatus
- func (in *PodDisruptionBudgetStatus) DeepCopyInto(out *PodDisruptionBudgetStatus)
- func (*PodDisruptionBudgetStatus) Descriptor() ([]byte, []int)
- func (m *PodDisruptionBudgetStatus) Marshal() (dAtA []byte, err error)
- func (m *PodDisruptionBudgetStatus) MarshalTo(dAtA []byte) (int, error)
- func (*PodDisruptionBudgetStatus) ProtoMessage()
- func (m *PodDisruptionBudgetStatus) Reset()
- func (m *PodDisruptionBudgetStatus) Size() (n int)
- func (this *PodDisruptionBudgetStatus) String() string
- func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string
- func (m *PodDisruptionBudgetStatus) Unmarshal(dAtA []byte) error
- type PodSecurityPolicy
- func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy
- func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy)
- func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object
- func (*PodSecurityPolicy) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicy) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicy) MarshalTo(dAtA []byte) (int, error)
- func (*PodSecurityPolicy) ProtoMessage()
- func (m *PodSecurityPolicy) Reset()
- func (m *PodSecurityPolicy) Size() (n int)
- func (this *PodSecurityPolicy) String() string
- func (PodSecurityPolicy) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicy) Unmarshal(dAtA []byte) error
- type PodSecurityPolicyList
- func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList
- func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList)
- func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object
- func (*PodSecurityPolicyList) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicyList) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicyList) MarshalTo(dAtA []byte) (int, error)
- func (*PodSecurityPolicyList) ProtoMessage()
- func (m *PodSecurityPolicyList) Reset()
- func (m *PodSecurityPolicyList) Size() (n int)
- func (this *PodSecurityPolicyList) String() string
- func (PodSecurityPolicyList) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicyList) Unmarshal(dAtA []byte) error
- type PodSecurityPolicySpec
- func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec
- func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec)
- func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int)
- func (m *PodSecurityPolicySpec) Marshal() (dAtA []byte, err error)
- func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error)
- func (*PodSecurityPolicySpec) ProtoMessage()
- func (m *PodSecurityPolicySpec) Reset()
- func (m *PodSecurityPolicySpec) Size() (n int)
- func (this *PodSecurityPolicySpec) String() string
- func (PodSecurityPolicySpec) SwaggerDoc() map[string]string
- func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error
- type RunAsGroupStrategy
- type RunAsGroupStrategyOptions
- func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions
- func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions)
- func (*RunAsGroupStrategyOptions) Descriptor() ([]byte, []int)
- func (m *RunAsGroupStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *RunAsGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (*RunAsGroupStrategyOptions) ProtoMessage()
- func (m *RunAsGroupStrategyOptions) Reset()
- func (m *RunAsGroupStrategyOptions) Size() (n int)
- func (this *RunAsGroupStrategyOptions) String() string
- func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string
- func (m *RunAsGroupStrategyOptions) Unmarshal(dAtA []byte) error
- type RunAsUserStrategy
- type RunAsUserStrategyOptions
- func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions
- func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)
- func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)
- func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (*RunAsUserStrategyOptions) ProtoMessage()
- func (m *RunAsUserStrategyOptions) Reset()
- func (m *RunAsUserStrategyOptions) Size() (n int)
- func (this *RunAsUserStrategyOptions) String() string
- func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string
- func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error
- type SELinuxStrategy
- type SELinuxStrategyOptions
- func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions
- func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions)
- func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int)
- func (m *SELinuxStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (*SELinuxStrategyOptions) ProtoMessage()
- func (m *SELinuxStrategyOptions) Reset()
- func (m *SELinuxStrategyOptions) Size() (n int)
- func (this *SELinuxStrategyOptions) String() string
- func (SELinuxStrategyOptions) SwaggerDoc() map[string]string
- func (m *SELinuxStrategyOptions) Unmarshal(dAtA []byte) error
- type SupplementalGroupsStrategyOptions
- func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions
- func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions)
- func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)
- func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)
- func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)
- func (*SupplementalGroupsStrategyOptions) ProtoMessage()
- func (m *SupplementalGroupsStrategyOptions) Reset()
- func (m *SupplementalGroupsStrategyOptions) Size() (n int)
- func (this *SupplementalGroupsStrategyOptions) String() string
- func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string
- func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error
- type SupplementalGroupsStrategyType
Constants ¶
const GroupName = "policy"
GroupName is the group name use in this package
Variables ¶
var ( ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") )
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = localSchemeBuilder.AddToScheme )
var AllowAllCapabilities v1.Capability = "*"
AllowAllCapabilities can be used as a value for the PodSecurityPolicy.AllowAllCapabilities field and means that any capabilities are allowed to be requested.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type AllowedFlexVolume ¶
type AllowedFlexVolume struct { // driver is the name of the Flexvolume driver. Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"` }
AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
func (*AllowedFlexVolume) DeepCopy ¶
func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.
func (*AllowedFlexVolume) DeepCopyInto ¶
func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AllowedFlexVolume) Descriptor ¶
func (*AllowedFlexVolume) Descriptor() ([]byte, []int)
func (*AllowedFlexVolume) Marshal ¶
func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)
func (*AllowedFlexVolume) MarshalTo ¶
func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)
func (*AllowedFlexVolume) ProtoMessage ¶
func (*AllowedFlexVolume) ProtoMessage()
func (*AllowedFlexVolume) Reset ¶
func (m *AllowedFlexVolume) Reset()
func (*AllowedFlexVolume) Size ¶
func (m *AllowedFlexVolume) Size() (n int)
func (*AllowedFlexVolume) String ¶
func (this *AllowedFlexVolume) String() string
func (AllowedFlexVolume) SwaggerDoc ¶
func (AllowedFlexVolume) SwaggerDoc() map[string]string
func (*AllowedFlexVolume) Unmarshal ¶
func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error
type AllowedHostPath ¶
type AllowedHostPath struct { // pathPrefix is the path prefix that the host volume must match. // It does not support `*`. // Trailing slashes are trimmed when validating the path prefix with a host path. // // Examples: // `/foo` would allow `/foo`, `/foo/` and `/foo/bar` // `/foo` would not allow `/food` or `/etc/foo` PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"` // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly. // +optional ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"` }
AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.
func (*AllowedHostPath) DeepCopy ¶
func (in *AllowedHostPath) DeepCopy() *AllowedHostPath
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath.
func (*AllowedHostPath) DeepCopyInto ¶
func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AllowedHostPath) Descriptor ¶
func (*AllowedHostPath) Descriptor() ([]byte, []int)
func (*AllowedHostPath) Marshal ¶
func (m *AllowedHostPath) Marshal() (dAtA []byte, err error)
func (*AllowedHostPath) MarshalTo ¶
func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error)
func (*AllowedHostPath) ProtoMessage ¶
func (*AllowedHostPath) ProtoMessage()
func (*AllowedHostPath) Reset ¶
func (m *AllowedHostPath) Reset()
func (*AllowedHostPath) Size ¶
func (m *AllowedHostPath) Size() (n int)
func (*AllowedHostPath) String ¶
func (this *AllowedHostPath) String() string
func (AllowedHostPath) SwaggerDoc ¶
func (AllowedHostPath) SwaggerDoc() map[string]string
func (*AllowedHostPath) Unmarshal ¶
func (m *AllowedHostPath) Unmarshal(dAtA []byte) error
type Eviction ¶
type Eviction struct { metav1.TypeMeta `json:",inline"` // ObjectMeta describes the pod that is being evicted. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // DeleteOptions may be provided // +optional DeleteOptions *metav1.DeleteOptions `json:"deleteOptions,omitempty" protobuf:"bytes,2,opt,name=deleteOptions"` }
Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods/<pod name>/evictions.
func (*Eviction) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Eviction.
func (*Eviction) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Eviction) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FSGroupStrategyOptions ¶
type FSGroupStrategyOptions struct { // rule is the strategy that will dictate what FSGroup is used in the SecurityContext. // +optional Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"` // ranges are the allowed ranges of fs groups. If you would like to force a single // fs group then supply a single range with the same start and end. Required for MustRunAs. // +optional Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` }
FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
func (*FSGroupStrategyOptions) DeepCopy ¶
func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.
func (*FSGroupStrategyOptions) DeepCopyInto ¶
func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FSGroupStrategyOptions) Descriptor ¶
func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)
func (*FSGroupStrategyOptions) Marshal ¶
func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)
func (*FSGroupStrategyOptions) MarshalTo ¶
func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*FSGroupStrategyOptions) ProtoMessage ¶
func (*FSGroupStrategyOptions) ProtoMessage()
func (*FSGroupStrategyOptions) Reset ¶
func (m *FSGroupStrategyOptions) Reset()
func (*FSGroupStrategyOptions) Size ¶
func (m *FSGroupStrategyOptions) Size() (n int)
func (*FSGroupStrategyOptions) String ¶
func (this *FSGroupStrategyOptions) String() string
func (FSGroupStrategyOptions) SwaggerDoc ¶
func (FSGroupStrategyOptions) SwaggerDoc() map[string]string
func (*FSGroupStrategyOptions) Unmarshal ¶
func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error
type FSGroupStrategyType ¶
type FSGroupStrategyType string
FSGroupStrategyType denotes strategy types for generating FSGroup values for a SecurityContext
const ( // FSGroupStrategyMayRunAs means that container does not need to have FSGroup of X applied. // However, when FSGroups are specified, they have to fall in the defined range. FSGroupStrategyMayRunAs FSGroupStrategyType = "MayRunAs" // FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied. FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs" // FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels. FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny" )
type FSType ¶
type FSType string
FSType gives strong typing to different file systems that are used by volumes.
var ( AzureFile FSType = "azureFile" Flocker FSType = "flocker" FlexVolume FSType = "flexVolume" HostPath FSType = "hostPath" EmptyDir FSType = "emptyDir" GCEPersistentDisk FSType = "gcePersistentDisk" AWSElasticBlockStore FSType = "awsElasticBlockStore" GitRepo FSType = "gitRepo" Secret FSType = "secret" NFS FSType = "nfs" ISCSI FSType = "iscsi" Glusterfs FSType = "glusterfs" PersistentVolumeClaim FSType = "persistentVolumeClaim" RBD FSType = "rbd" Cinder FSType = "cinder" CephFS FSType = "cephFS" DownwardAPI FSType = "downwardAPI" FC FSType = "fc" ConfigMap FSType = "configMap" VsphereVolume FSType = "vsphereVolume" Quobyte FSType = "quobyte" AzureDisk FSType = "azureDisk" PhotonPersistentDisk FSType = "photonPersistentDisk" StorageOS FSType = "storageos" Projected FSType = "projected" PortworxVolume FSType = "portworxVolume" ScaleIO FSType = "scaleIO" CSI FSType = "csi" All FSType = "*" )
type HostPortRange ¶
type HostPortRange struct { // min is the start of the range, inclusive. Min int32 `json:"min" protobuf:"varint,1,opt,name=min"` // max is the end of the range, inclusive. Max int32 `json:"max" protobuf:"varint,2,opt,name=max"` }
HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.
func (*HostPortRange) DeepCopy ¶
func (in *HostPortRange) DeepCopy() *HostPortRange
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange.
func (*HostPortRange) DeepCopyInto ¶
func (in *HostPortRange) DeepCopyInto(out *HostPortRange)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*HostPortRange) Descriptor ¶
func (*HostPortRange) Descriptor() ([]byte, []int)
func (*HostPortRange) Marshal ¶
func (m *HostPortRange) Marshal() (dAtA []byte, err error)
func (*HostPortRange) MarshalTo ¶
func (m *HostPortRange) MarshalTo(dAtA []byte) (int, error)
func (*HostPortRange) ProtoMessage ¶
func (*HostPortRange) ProtoMessage()
func (*HostPortRange) Reset ¶
func (m *HostPortRange) Reset()
func (*HostPortRange) Size ¶
func (m *HostPortRange) Size() (n int)
func (*HostPortRange) String ¶
func (this *HostPortRange) String() string
func (HostPortRange) SwaggerDoc ¶
func (HostPortRange) SwaggerDoc() map[string]string
func (*HostPortRange) Unmarshal ¶
func (m *HostPortRange) Unmarshal(dAtA []byte) error
type IDRange ¶
type IDRange struct { // min is the start of the range, inclusive. Min int64 `json:"min" protobuf:"varint,1,opt,name=min"` // max is the end of the range, inclusive. Max int64 `json:"max" protobuf:"varint,2,opt,name=max"` }
IDRange provides a min/max of an allowed range of IDs.
func (*IDRange) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.
func (*IDRange) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodDisruptionBudget ¶
type PodDisruptionBudget struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Specification of the desired behavior of the PodDisruptionBudget. // +optional Spec PodDisruptionBudgetSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` // Most recently observed status of the PodDisruptionBudget. // +optional Status PodDisruptionBudgetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` }
PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
func (*PodDisruptionBudget) DeepCopy ¶
func (in *PodDisruptionBudget) DeepCopy() *PodDisruptionBudget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudget.
func (*PodDisruptionBudget) DeepCopyInto ¶
func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodDisruptionBudget) DeepCopyObject ¶
func (in *PodDisruptionBudget) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodDisruptionBudget) Descriptor ¶
func (*PodDisruptionBudget) Descriptor() ([]byte, []int)
func (*PodDisruptionBudget) Marshal ¶
func (m *PodDisruptionBudget) Marshal() (dAtA []byte, err error)
func (*PodDisruptionBudget) MarshalTo ¶
func (m *PodDisruptionBudget) MarshalTo(dAtA []byte) (int, error)
func (*PodDisruptionBudget) ProtoMessage ¶
func (*PodDisruptionBudget) ProtoMessage()
func (*PodDisruptionBudget) Reset ¶
func (m *PodDisruptionBudget) Reset()
func (*PodDisruptionBudget) Size ¶
func (m *PodDisruptionBudget) Size() (n int)
func (*PodDisruptionBudget) String ¶
func (this *PodDisruptionBudget) String() string
func (PodDisruptionBudget) SwaggerDoc ¶
func (PodDisruptionBudget) SwaggerDoc() map[string]string
func (*PodDisruptionBudget) Unmarshal ¶
func (m *PodDisruptionBudget) Unmarshal(dAtA []byte) error
type PodDisruptionBudgetList ¶
type PodDisruptionBudgetList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []PodDisruptionBudget `json:"items" protobuf:"bytes,2,rep,name=items"` }
PodDisruptionBudgetList is a collection of PodDisruptionBudgets.
func (*PodDisruptionBudgetList) DeepCopy ¶
func (in *PodDisruptionBudgetList) DeepCopy() *PodDisruptionBudgetList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetList.
func (*PodDisruptionBudgetList) DeepCopyInto ¶
func (in *PodDisruptionBudgetList) DeepCopyInto(out *PodDisruptionBudgetList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodDisruptionBudgetList) DeepCopyObject ¶
func (in *PodDisruptionBudgetList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodDisruptionBudgetList) Descriptor ¶
func (*PodDisruptionBudgetList) Descriptor() ([]byte, []int)
func (*PodDisruptionBudgetList) Marshal ¶
func (m *PodDisruptionBudgetList) Marshal() (dAtA []byte, err error)
func (*PodDisruptionBudgetList) MarshalTo ¶
func (m *PodDisruptionBudgetList) MarshalTo(dAtA []byte) (int, error)
func (*PodDisruptionBudgetList) ProtoMessage ¶
func (*PodDisruptionBudgetList) ProtoMessage()
func (*PodDisruptionBudgetList) Reset ¶
func (m *PodDisruptionBudgetList) Reset()
func (*PodDisruptionBudgetList) Size ¶
func (m *PodDisruptionBudgetList) Size() (n int)
func (*PodDisruptionBudgetList) String ¶
func (this *PodDisruptionBudgetList) String() string
func (PodDisruptionBudgetList) SwaggerDoc ¶
func (PodDisruptionBudgetList) SwaggerDoc() map[string]string
func (*PodDisruptionBudgetList) Unmarshal ¶
func (m *PodDisruptionBudgetList) Unmarshal(dAtA []byte) error
type PodDisruptionBudgetSpec ¶
type PodDisruptionBudgetSpec struct { // An eviction is allowed if at least "minAvailable" pods selected by // "selector" will still be available after the eviction, i.e. even in the // absence of the evicted pod. So for example you can prevent all voluntary // evictions by specifying "100%". // +optional MinAvailable *intstr.IntOrString `json:"minAvailable,omitempty" protobuf:"bytes,1,opt,name=minAvailable"` // Label query over pods whose evictions are managed by the disruption // budget. // +optional Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,2,opt,name=selector"` // "selector" are unavailable after the eviction, i.e. even in absence of // the evicted pod. For example, one can prevent all voluntary evictions // by specifying 0. This is a mutually exclusive setting with "minAvailable". // +optional MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,3,opt,name=maxUnavailable"` }
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
func (*PodDisruptionBudgetSpec) DeepCopy ¶
func (in *PodDisruptionBudgetSpec) DeepCopy() *PodDisruptionBudgetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetSpec.
func (*PodDisruptionBudgetSpec) DeepCopyInto ¶
func (in *PodDisruptionBudgetSpec) DeepCopyInto(out *PodDisruptionBudgetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodDisruptionBudgetSpec) Descriptor ¶
func (*PodDisruptionBudgetSpec) Descriptor() ([]byte, []int)
func (*PodDisruptionBudgetSpec) Marshal ¶
func (m *PodDisruptionBudgetSpec) Marshal() (dAtA []byte, err error)
func (*PodDisruptionBudgetSpec) MarshalTo ¶
func (m *PodDisruptionBudgetSpec) MarshalTo(dAtA []byte) (int, error)
func (*PodDisruptionBudgetSpec) ProtoMessage ¶
func (*PodDisruptionBudgetSpec) ProtoMessage()
func (*PodDisruptionBudgetSpec) Reset ¶
func (m *PodDisruptionBudgetSpec) Reset()
func (*PodDisruptionBudgetSpec) Size ¶
func (m *PodDisruptionBudgetSpec) Size() (n int)
func (*PodDisruptionBudgetSpec) String ¶
func (this *PodDisruptionBudgetSpec) String() string
func (PodDisruptionBudgetSpec) SwaggerDoc ¶
func (PodDisruptionBudgetSpec) SwaggerDoc() map[string]string
func (*PodDisruptionBudgetSpec) Unmarshal ¶
func (m *PodDisruptionBudgetSpec) Unmarshal(dAtA []byte) error
type PodDisruptionBudgetStatus ¶
type PodDisruptionBudgetStatus struct { // Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other // status informatio is valid only if observedGeneration equals to PDB's object generation. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"` // DisruptedPods contains information about pods whose eviction was // processed by the API server eviction subresource handler but has not // yet been observed by the PodDisruptionBudget controller. // A pod will be in this map from the time when the API server processed the // eviction request to the time when the pod is seen by PDB controller // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod // and the value is the time when the API server processed the eviction request. If // the deletion didn't occur and a pod is still there it will be removed from // the list automatically by PodDisruptionBudget controller after some time. // If everything goes smooth this map should be empty for the most of the time. // Large number of entries in the map may indicate problems with pod deletions. // +optional DisruptedPods map[string]metav1.Time `json:"disruptedPods,omitempty" protobuf:"bytes,2,rep,name=disruptedPods"` // Number of pod disruptions that are currently allowed. PodDisruptionsAllowed int32 `json:"disruptionsAllowed" protobuf:"varint,3,opt,name=disruptionsAllowed"` // current number of healthy pods CurrentHealthy int32 `json:"currentHealthy" protobuf:"varint,4,opt,name=currentHealthy"` // minimum desired number of healthy pods DesiredHealthy int32 `json:"desiredHealthy" protobuf:"varint,5,opt,name=desiredHealthy"` // total number of pods counted by this disruption budget ExpectedPods int32 `json:"expectedPods" protobuf:"varint,6,opt,name=expectedPods"` }
PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
func (*PodDisruptionBudgetStatus) DeepCopy ¶
func (in *PodDisruptionBudgetStatus) DeepCopy() *PodDisruptionBudgetStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetStatus.
func (*PodDisruptionBudgetStatus) DeepCopyInto ¶
func (in *PodDisruptionBudgetStatus) DeepCopyInto(out *PodDisruptionBudgetStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodDisruptionBudgetStatus) Descriptor ¶
func (*PodDisruptionBudgetStatus) Descriptor() ([]byte, []int)
func (*PodDisruptionBudgetStatus) Marshal ¶
func (m *PodDisruptionBudgetStatus) Marshal() (dAtA []byte, err error)
func (*PodDisruptionBudgetStatus) MarshalTo ¶
func (m *PodDisruptionBudgetStatus) MarshalTo(dAtA []byte) (int, error)
func (*PodDisruptionBudgetStatus) ProtoMessage ¶
func (*PodDisruptionBudgetStatus) ProtoMessage()
func (*PodDisruptionBudgetStatus) Reset ¶
func (m *PodDisruptionBudgetStatus) Reset()
func (*PodDisruptionBudgetStatus) Size ¶
func (m *PodDisruptionBudgetStatus) Size() (n int)
func (*PodDisruptionBudgetStatus) String ¶
func (this *PodDisruptionBudgetStatus) String() string
func (PodDisruptionBudgetStatus) SwaggerDoc ¶
func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string
func (*PodDisruptionBudgetStatus) Unmarshal ¶
func (m *PodDisruptionBudgetStatus) Unmarshal(dAtA []byte) error
type PodSecurityPolicy ¶
type PodSecurityPolicy struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // spec defines the policy enforced. // +optional Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.
func (*PodSecurityPolicy) DeepCopy ¶
func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy.
func (*PodSecurityPolicy) DeepCopyInto ¶
func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicy) DeepCopyObject ¶
func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodSecurityPolicy) Descriptor ¶
func (*PodSecurityPolicy) Descriptor() ([]byte, []int)
func (*PodSecurityPolicy) Marshal ¶
func (m *PodSecurityPolicy) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicy) MarshalTo ¶
func (m *PodSecurityPolicy) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicy) ProtoMessage ¶
func (*PodSecurityPolicy) ProtoMessage()
func (*PodSecurityPolicy) Reset ¶
func (m *PodSecurityPolicy) Reset()
func (*PodSecurityPolicy) Size ¶
func (m *PodSecurityPolicy) Size() (n int)
func (*PodSecurityPolicy) String ¶
func (this *PodSecurityPolicy) String() string
func (PodSecurityPolicy) SwaggerDoc ¶
func (PodSecurityPolicy) SwaggerDoc() map[string]string
func (*PodSecurityPolicy) Unmarshal ¶
func (m *PodSecurityPolicy) Unmarshal(dAtA []byte) error
type PodSecurityPolicyList ¶
type PodSecurityPolicyList struct { metav1.TypeMeta `json:",inline"` // Standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // items is a list of schema objects. Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"` }
PodSecurityPolicyList is a list of PodSecurityPolicy objects.
func (*PodSecurityPolicyList) DeepCopy ¶
func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList.
func (*PodSecurityPolicyList) DeepCopyInto ¶
func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicyList) DeepCopyObject ¶
func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodSecurityPolicyList) Descriptor ¶
func (*PodSecurityPolicyList) Descriptor() ([]byte, []int)
func (*PodSecurityPolicyList) Marshal ¶
func (m *PodSecurityPolicyList) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicyList) MarshalTo ¶
func (m *PodSecurityPolicyList) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicyList) ProtoMessage ¶
func (*PodSecurityPolicyList) ProtoMessage()
func (*PodSecurityPolicyList) Reset ¶
func (m *PodSecurityPolicyList) Reset()
func (*PodSecurityPolicyList) Size ¶
func (m *PodSecurityPolicyList) Size() (n int)
func (*PodSecurityPolicyList) String ¶
func (this *PodSecurityPolicyList) String() string
func (PodSecurityPolicyList) SwaggerDoc ¶
func (PodSecurityPolicyList) SwaggerDoc() map[string]string
func (*PodSecurityPolicyList) Unmarshal ¶
func (m *PodSecurityPolicyList) Unmarshal(dAtA []byte) error
type PodSecurityPolicySpec ¶
type PodSecurityPolicySpec struct { // privileged determines if a pod can request to be run as privileged. // +optional Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"` // defaultAddCapabilities is the default set of capabilities that will be added to the container // unless the pod spec specifically drops the capability. You may not list a capability in both // defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly // allowed, and need not be included in the allowedCapabilities list. // +optional DefaultAddCapabilities []v1.Capability `` /* 129-byte string literal not displayed */ // requiredDropCapabilities are the capabilities that will be dropped from the container. These // are required to be dropped and cannot be added. // +optional RequiredDropCapabilities []v1.Capability `` /* 133-byte string literal not displayed */ // allowedCapabilities is a list of capabilities that can be requested to add to the container. // Capabilities in this field may be added at the pod author's discretion. // You must not list a capability in both allowedCapabilities and requiredDropCapabilities. // +optional AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"` // volumes is a white list of allowed volume plugins. Empty indicates that // no volumes may be used. To allow all volumes you may use '*'. // +optional Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"` // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec. // +optional HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,6,opt,name=hostNetwork"` // hostPorts determines which host port ranges are allowed to be exposed. // +optional HostPorts []HostPortRange `json:"hostPorts,omitempty" protobuf:"bytes,7,rep,name=hostPorts"` // hostPID determines if the policy allows the use of HostPID in the pod spec. // +optional HostPID bool `json:"hostPID,omitempty" protobuf:"varint,8,opt,name=hostPID"` // hostIPC determines if the policy allows the use of HostIPC in the pod spec. // +optional HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,9,opt,name=hostIPC"` // seLinux is the strategy that will dictate the allowable labels that may be set. SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"` // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set. RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"` // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the // RunAsGroup feature gate to be enabled. // +optional RunAsGroup *RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,22,opt,name=runAsGroup"` // supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"` // fsGroup is the strategy that will dictate what fs group is used by the SecurityContext. FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"` // readOnlyRootFilesystem when set to true will force containers to run with a read only root file // system. If the container specifically requests to run with a non-read only root file system // the PSP should deny the pod. // If set to false the container may run with a read only root file system if it wishes but it // will not be forced to. // +optional ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"` // defaultAllowPrivilegeEscalation controls the default setting for whether a // process can gain more privileges than its parent process. // +optional DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"` // allowPrivilegeEscalation determines if a pod can request to allow // privilege escalation. If unspecified, defaults to true. // +optional AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"` // allowedHostPaths is a white list of allowed host paths. Empty indicates // that all host paths may be used. // +optional AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"` // allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes // is allowed in the "volumes" field. // +optional AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"` // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. // Each entry is either a plain sysctl name or ends in "*" in which case it is considered // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. // // Examples: // e.g. "foo/*" allows "foo/bar", "foo/baz", etc. // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. // +optional AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"` // forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. // Each entry is either a plain sysctl name or ends in "*" in which case it is considered // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. // // Examples: // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. // +optional ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"` // AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. // Empty or nil indicates that only the DefaultProcMountType may be used. // This requires the ProcMountType feature flag to be enabled. // +optional AllowedProcMountTypes []v1.ProcMountType `json:"allowedProcMountTypes,omitempty" protobuf:"bytes,21,opt,name=allowedProcMountTypes"` }
PodSecurityPolicySpec defines the policy enforced.
func (*PodSecurityPolicySpec) DeepCopy ¶
func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec.
func (*PodSecurityPolicySpec) DeepCopyInto ¶
func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodSecurityPolicySpec) Descriptor ¶
func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int)
func (*PodSecurityPolicySpec) Marshal ¶
func (m *PodSecurityPolicySpec) Marshal() (dAtA []byte, err error)
func (*PodSecurityPolicySpec) MarshalTo ¶
func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error)
func (*PodSecurityPolicySpec) ProtoMessage ¶
func (*PodSecurityPolicySpec) ProtoMessage()
func (*PodSecurityPolicySpec) Reset ¶
func (m *PodSecurityPolicySpec) Reset()
func (*PodSecurityPolicySpec) Size ¶
func (m *PodSecurityPolicySpec) Size() (n int)
func (*PodSecurityPolicySpec) String ¶
func (this *PodSecurityPolicySpec) String() string
func (PodSecurityPolicySpec) SwaggerDoc ¶
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string
func (*PodSecurityPolicySpec) Unmarshal ¶
func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error
type RunAsGroupStrategy ¶
type RunAsGroupStrategy string
RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a Security Context.
const ( // RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid. // However, when RunAsGroup are specified, they have to fall in the defined range. RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs" // RunAsGroupStrategyMustRunAs means that container must run as a particular gid. RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs" // RunAsUserStrategyRunAsAny means that container may make requests for any gid. RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny" )
type RunAsGroupStrategyOptions ¶
type RunAsGroupStrategyOptions struct { // rule is the strategy that will dictate the allowable RunAsGroup values that may be set. Rule RunAsGroupStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsGroupStrategy"` // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid // then supply a single range with the same start and end. Required for MustRunAs. // +optional Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` }
RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
func (*RunAsGroupStrategyOptions) DeepCopy ¶
func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.
func (*RunAsGroupStrategyOptions) DeepCopyInto ¶
func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RunAsGroupStrategyOptions) Descriptor ¶
func (*RunAsGroupStrategyOptions) Descriptor() ([]byte, []int)
func (*RunAsGroupStrategyOptions) Marshal ¶
func (m *RunAsGroupStrategyOptions) Marshal() (dAtA []byte, err error)
func (*RunAsGroupStrategyOptions) MarshalTo ¶
func (m *RunAsGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*RunAsGroupStrategyOptions) ProtoMessage ¶
func (*RunAsGroupStrategyOptions) ProtoMessage()
func (*RunAsGroupStrategyOptions) Reset ¶
func (m *RunAsGroupStrategyOptions) Reset()
func (*RunAsGroupStrategyOptions) Size ¶
func (m *RunAsGroupStrategyOptions) Size() (n int)
func (*RunAsGroupStrategyOptions) String ¶
func (this *RunAsGroupStrategyOptions) String() string
func (RunAsGroupStrategyOptions) SwaggerDoc ¶
func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string
func (*RunAsGroupStrategyOptions) Unmarshal ¶
func (m *RunAsGroupStrategyOptions) Unmarshal(dAtA []byte) error
type RunAsUserStrategy ¶
type RunAsUserStrategy string
RunAsUserStrategy denotes strategy types for generating RunAsUser values for a Security Context.
const ( // RunAsUserStrategyMustRunAs means that container must run as a particular uid. RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs" // RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid. RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot" // RunAsUserStrategyRunAsAny means that container may make requests for any uid. RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny" )
type RunAsUserStrategyOptions ¶
type RunAsUserStrategyOptions struct { // rule is the strategy that will dictate the allowable RunAsUser values that may be set. Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"` // ranges are the allowed ranges of uids that may be used. If you would like to force a single uid // then supply a single range with the same start and end. Required for MustRunAs. // +optional Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` }
RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
func (*RunAsUserStrategyOptions) DeepCopy ¶
func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.
func (*RunAsUserStrategyOptions) DeepCopyInto ¶
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RunAsUserStrategyOptions) Descriptor ¶
func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)
func (*RunAsUserStrategyOptions) Marshal ¶
func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)
func (*RunAsUserStrategyOptions) MarshalTo ¶
func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*RunAsUserStrategyOptions) ProtoMessage ¶
func (*RunAsUserStrategyOptions) ProtoMessage()
func (*RunAsUserStrategyOptions) Reset ¶
func (m *RunAsUserStrategyOptions) Reset()
func (*RunAsUserStrategyOptions) Size ¶
func (m *RunAsUserStrategyOptions) Size() (n int)
func (*RunAsUserStrategyOptions) String ¶
func (this *RunAsUserStrategyOptions) String() string
func (RunAsUserStrategyOptions) SwaggerDoc ¶
func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string
func (*RunAsUserStrategyOptions) Unmarshal ¶
func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error
type SELinuxStrategy ¶
type SELinuxStrategy string
SELinuxStrategy denotes strategy types for generating SELinux options for a Security Context.
const ( // SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied. SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs" // SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels. SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny" )
type SELinuxStrategyOptions ¶
type SELinuxStrategyOptions struct { // rule is the strategy that will dictate the allowable labels that may be set. Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"` // seLinuxOptions required to run as; required for MustRunAs // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ // +optional SELinuxOptions *v1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"` }
SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
func (*SELinuxStrategyOptions) DeepCopy ¶
func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions.
func (*SELinuxStrategyOptions) DeepCopyInto ¶
func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SELinuxStrategyOptions) Descriptor ¶
func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int)
func (*SELinuxStrategyOptions) Marshal ¶
func (m *SELinuxStrategyOptions) Marshal() (dAtA []byte, err error)
func (*SELinuxStrategyOptions) MarshalTo ¶
func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*SELinuxStrategyOptions) ProtoMessage ¶
func (*SELinuxStrategyOptions) ProtoMessage()
func (*SELinuxStrategyOptions) Reset ¶
func (m *SELinuxStrategyOptions) Reset()
func (*SELinuxStrategyOptions) Size ¶
func (m *SELinuxStrategyOptions) Size() (n int)
func (*SELinuxStrategyOptions) String ¶
func (this *SELinuxStrategyOptions) String() string
func (SELinuxStrategyOptions) SwaggerDoc ¶
func (SELinuxStrategyOptions) SwaggerDoc() map[string]string
func (*SELinuxStrategyOptions) Unmarshal ¶
func (m *SELinuxStrategyOptions) Unmarshal(dAtA []byte) error
type SupplementalGroupsStrategyOptions ¶
type SupplementalGroupsStrategyOptions struct { // rule is the strategy that will dictate what supplemental groups is used in the SecurityContext. // +optional Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"` // ranges are the allowed ranges of supplemental groups. If you would like to force a single // supplemental group then supply a single range with the same start and end. Required for MustRunAs. // +optional Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` }
SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
func (*SupplementalGroupsStrategyOptions) DeepCopy ¶
func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.
func (*SupplementalGroupsStrategyOptions) DeepCopyInto ¶
func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SupplementalGroupsStrategyOptions) Descriptor ¶
func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)
func (*SupplementalGroupsStrategyOptions) Marshal ¶
func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)
func (*SupplementalGroupsStrategyOptions) MarshalTo ¶
func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)
func (*SupplementalGroupsStrategyOptions) ProtoMessage ¶
func (*SupplementalGroupsStrategyOptions) ProtoMessage()
func (*SupplementalGroupsStrategyOptions) Reset ¶
func (m *SupplementalGroupsStrategyOptions) Reset()
func (*SupplementalGroupsStrategyOptions) Size ¶
func (m *SupplementalGroupsStrategyOptions) Size() (n int)
func (*SupplementalGroupsStrategyOptions) String ¶
func (this *SupplementalGroupsStrategyOptions) String() string
func (SupplementalGroupsStrategyOptions) SwaggerDoc ¶
func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string
func (*SupplementalGroupsStrategyOptions) Unmarshal ¶
func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error
type SupplementalGroupsStrategyType ¶
type SupplementalGroupsStrategyType string
SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental groups for a SecurityContext.
const ( // SupplementalGroupsStrategyMayRunAs means that container does not need to run with a particular gid. // However, when gids are specified, they have to fall in the defined range. SupplementalGroupsStrategyMayRunAs SupplementalGroupsStrategyType = "MayRunAs" // SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid. SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs" // SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid. SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny" )