type Capabilities struct {
AllowPrivileged bool// Pod sources from which to allow privileged capabilities like host networking, sharing the host// IPC namespace, and sharing the host PID namespace.
PrivilegedSources PrivilegedSources// PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach) PerConnectionBandwidthLimitBytesPerSec int64
}
Capabilities defines the set of capabilities available within the system.
For now these are global. Eventually they may be per-user
type PrivilegedSources struct {
// List of pod sources for which using host network is allowed. HostNetworkSources []string// List of pod sources for which using host pid namespace is allowed. HostPIDSources []string// List of pod sources for which using host ipc is allowed. HostIPCSources []string
}
PrivilegedSources defines the pod sources allowed to make privileged requests for certain types
of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.