Documentation ¶
Overview ¶
Package group contains code for validating and defaulting the FSGroup and supplemental groups of a pod according to a security policy.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GroupStrategy ¶
type GroupStrategy interface { // Generate creates the group based on policy rules. The underlying implementation can // decide whether it will return a full range of values or a subset of values from the // configured ranges. Generate(pod *api.Pod) ([]int64, error) // Generate a single value to be applied. The underlying implementation decides which // value to return if configured with multiple ranges. This is used for FSGroup. GenerateSingle(pod *api.Pod) (*int64, error) // Validate ensures that the specified values fall within the range of the strategy. Validate(pod *api.Pod, groups []int64) field.ErrorList }
GroupStrategy defines the interface for all group constraint strategies.
func NewMustRunAs ¶
func NewMustRunAs(ranges []policy.GroupIDRange, field string) (GroupStrategy, error)
NewMustRunAs provides a new MustRunAs strategy based on ranges.
func NewRunAsAny ¶
func NewRunAsAny() (GroupStrategy, error)
NewRunAsAny provides a new RunAsAny strategy.
Click to show internal directories.
Click to hide internal directories.