Docs
PackagesRancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi
rancher2.PodSecurityPolicyTemplate
Explore with Pulumi AI
Provides a Rancher v2 PodSecurityPolicyTemplate resource. This can be used to create PodSecurityPolicyTemplates for Rancher v2 environments and retrieve their information.
Example Usage
# Create a new rancher2 PodSecurityPolicyTemplate
resource "rancher2_pod_security_policy_template" "foo" {
name = "foo"
description = "Terraform PodSecurityPolicyTemplate acceptance test - update"
allow_privilege_escalation = false
allowed_csi_driver {
name = "something"
}
allowed_csi_driver {
name = "something-else"
}
allowed_flex_volume {
driver = "something"
}
allowed_flex_volume {
driver = "something-else"
}
allowed_host_path {
path_prefix = "/"
read_only = true
}
allowed_host_path {
path_prefix = "//"
read_only = false
}
allowed_proc_mount_types = ["Default"]
default_allow_privilege_escalation = false
fs_group {
rule = "MustRunAs"
range {
min = 0
max = 100
}
range {
min = 0
max = 100
}
}
host_ipc = false
host_network = false
host_pid = false
host_port {
min = 0
max = 65535
}
host_port {
min = 1024
max = 8080
}
privileged = false
read_only_root_filesystem = false
required_drop_capabilities = ["something"]
run_as_user {
rule = "MustRunAs"
range {
min = 1
max = 100
}
range {
min = 2
max = 1024
}
}
run_as_group {
rule = "MustRunAs"
range {
min = 1
max = 100
}
range {
min = 2
max = 1024
}
}
runtime_class {
default_runtime_class_name = "something"
allowed_runtime_class_names = ["something"]
}
se_linux {
rule = "RunAsAny"
}
supplemental_group {
rule = "RunAsAny"
}
volumes = ["azureFile"]
}
Create PodSecurityPolicyTemplate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PodSecurityPolicyTemplate(name: string, args?: PodSecurityPolicyTemplateArgs, opts?: CustomResourceOptions);@overload
def PodSecurityPolicyTemplate(resource_name: str,
args: Optional[PodSecurityPolicyTemplateArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PodSecurityPolicyTemplate(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_privilege_escalation: Optional[bool] = None,
allowed_capabilities: Optional[Sequence[str]] = None,
allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
allowed_proc_mount_types: Optional[Sequence[str]] = None,
allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, Any]] = None,
default_add_capabilities: Optional[Sequence[str]] = None,
default_allow_privilege_escalation: Optional[bool] = None,
description: Optional[str] = None,
forbidden_sysctls: Optional[Sequence[str]] = None,
fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
host_ipc: Optional[bool] = None,
host_network: Optional[bool] = None,
host_pid: Optional[bool] = None,
host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
privileged: Optional[bool] = None,
read_only_root_filesystem: Optional[bool] = None,
required_drop_capabilities: Optional[Sequence[str]] = None,
run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
volumes: Optional[Sequence[str]] = None)func NewPodSecurityPolicyTemplate(ctx *Context, name string, args *PodSecurityPolicyTemplateArgs, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)public PodSecurityPolicyTemplate(string name, PodSecurityPolicyTemplateArgs? args = null, CustomResourceOptions? opts = null)
public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args)
public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args, CustomResourceOptions options)
type: rancher2:PodSecurityPolicyTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var podSecurityPolicyTemplateResource = new Rancher2.PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource", new()
{
AllowPrivilegeEscalation = false,
AllowedCapabilities = new[]
{
"string",
},
AllowedCsiDrivers = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedCsiDriverArgs
{
Name = "string",
},
},
AllowedFlexVolumes = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedFlexVolumeArgs
{
Driver = "string",
},
},
AllowedHostPaths = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedHostPathArgs
{
PathPrefix = "string",
ReadOnly = false,
},
},
AllowedProcMountTypes = new[]
{
"string",
},
AllowedUnsafeSysctls = new[]
{
"string",
},
Annotations =
{
{ "string", "any" },
},
DefaultAddCapabilities = new[]
{
"string",
},
DefaultAllowPrivilegeEscalation = false,
Description = "string",
ForbiddenSysctls = new[]
{
"string",
},
FsGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupArgs
{
Ranges = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupRangeArgs
{
Max = 0,
Min = 0,
},
},
Rule = "string",
},
HostIpc = false,
HostNetwork = false,
HostPid = false,
HostPorts = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateHostPortArgs
{
Max = 0,
Min = 0,
},
},
Labels =
{
{ "string", "any" },
},
Name = "string",
Privileged = false,
ReadOnlyRootFilesystem = false,
RequiredDropCapabilities = new[]
{
"string",
},
RunAsGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupArgs
{
Rule = "string",
Ranges = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupRangeArgs
{
Max = 0,
Min = 0,
},
},
},
RunAsUser = new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserArgs
{
Rule = "string",
Ranges = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserRangeArgs
{
Max = 0,
Min = 0,
},
},
},
RuntimeClass = new Rancher2.Inputs.PodSecurityPolicyTemplateRuntimeClassArgs
{
AllowedRuntimeClassNames = new[]
{
"string",
},
DefaultRuntimeClassName = "string",
},
SeLinux = new Rancher2.Inputs.PodSecurityPolicyTemplateSeLinuxArgs
{
Rule = "string",
SeLinuxOption = new Rancher2.Inputs.PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs
{
Level = "string",
Role = "string",
Type = "string",
User = "string",
},
},
SupplementalGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateSupplementalGroupArgs
{
Ranges = new[]
{
new Rancher2.Inputs.PodSecurityPolicyTemplateSupplementalGroupRangeArgs
{
Max = 0,
Min = 0,
},
},
Rule = "string",
},
Volumes = new[]
{
"string",
},
});
example, err := rancher2.NewPodSecurityPolicyTemplate(ctx, "podSecurityPolicyTemplateResource", &rancher2.PodSecurityPolicyTemplateArgs{
AllowPrivilegeEscalation: pulumi.Bool(false),
AllowedCapabilities: pulumi.StringArray{
pulumi.String("string"),
},
AllowedCsiDrivers: rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArray{
&rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs{
Name: pulumi.String("string"),
},
},
AllowedFlexVolumes: rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArray{
&rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs{
Driver: pulumi.String("string"),
},
},
AllowedHostPaths: rancher2.PodSecurityPolicyTemplateAllowedHostPathArray{
&rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs{
PathPrefix: pulumi.String("string"),
ReadOnly: pulumi.Bool(false),
},
},
AllowedProcMountTypes: pulumi.StringArray{
pulumi.String("string"),
},
AllowedUnsafeSysctls: pulumi.StringArray{
pulumi.String("string"),
},
Annotations: pulumi.Map{
"string": pulumi.Any("any"),
},
DefaultAddCapabilities: pulumi.StringArray{
pulumi.String("string"),
},
DefaultAllowPrivilegeEscalation: pulumi.Bool(false),
Description: pulumi.String("string"),
ForbiddenSysctls: pulumi.StringArray{
pulumi.String("string"),
},
FsGroup: &rancher2.PodSecurityPolicyTemplateFsGroupArgs{
Ranges: rancher2.PodSecurityPolicyTemplateFsGroupRangeArray{
&rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
Rule: pulumi.String("string"),
},
HostIpc: pulumi.Bool(false),
HostNetwork: pulumi.Bool(false),
HostPid: pulumi.Bool(false),
HostPorts: rancher2.PodSecurityPolicyTemplateHostPortArray{
&rancher2.PodSecurityPolicyTemplateHostPortArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
Labels: pulumi.Map{
"string": pulumi.Any("any"),
},
Name: pulumi.String("string"),
Privileged: pulumi.Bool(false),
ReadOnlyRootFilesystem: pulumi.Bool(false),
RequiredDropCapabilities: pulumi.StringArray{
pulumi.String("string"),
},
RunAsGroup: &rancher2.PodSecurityPolicyTemplateRunAsGroupArgs{
Rule: pulumi.String("string"),
Ranges: rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArray{
&rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
},
RunAsUser: &rancher2.PodSecurityPolicyTemplateRunAsUserArgs{
Rule: pulumi.String("string"),
Ranges: rancher2.PodSecurityPolicyTemplateRunAsUserRangeArray{
&rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
},
RuntimeClass: &rancher2.PodSecurityPolicyTemplateRuntimeClassArgs{
AllowedRuntimeClassNames: pulumi.StringArray{
pulumi.String("string"),
},
DefaultRuntimeClassName: pulumi.String("string"),
},
SeLinux: &rancher2.PodSecurityPolicyTemplateSeLinuxArgs{
Rule: pulumi.String("string"),
SeLinuxOption: &rancher2.PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs{
Level: pulumi.String("string"),
Role: pulumi.String("string"),
Type: pulumi.String("string"),
User: pulumi.String("string"),
},
},
SupplementalGroup: &rancher2.PodSecurityPolicyTemplateSupplementalGroupArgs{
Ranges: rancher2.PodSecurityPolicyTemplateSupplementalGroupRangeArray{
&rancher2.PodSecurityPolicyTemplateSupplementalGroupRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
Rule: pulumi.String("string"),
},
Volumes: pulumi.StringArray{
pulumi.String("string"),
},
})
var podSecurityPolicyTemplateResource = new PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource", PodSecurityPolicyTemplateArgs.builder()
.allowPrivilegeEscalation(false)
.allowedCapabilities("string")
.allowedCsiDrivers(PodSecurityPolicyTemplateAllowedCsiDriverArgs.builder()
.name("string")
.build())
.allowedFlexVolumes(PodSecurityPolicyTemplateAllowedFlexVolumeArgs.builder()
.driver("string")
.build())
.allowedHostPaths(PodSecurityPolicyTemplateAllowedHostPathArgs.builder()
.pathPrefix("string")
.readOnly(false)
.build())
.allowedProcMountTypes("string")
.allowedUnsafeSysctls("string")
.annotations(Map.of("string", "any"))
.defaultAddCapabilities("string")
.defaultAllowPrivilegeEscalation(false)
.description("string")
.forbiddenSysctls("string")
.fsGroup(PodSecurityPolicyTemplateFsGroupArgs.builder()
.ranges(PodSecurityPolicyTemplateFsGroupRangeArgs.builder()
.max(0)
.min(0)
.build())
.rule("string")
.build())
.hostIpc(false)
.hostNetwork(false)
.hostPid(false)
.hostPorts(PodSecurityPolicyTemplateHostPortArgs.builder()
.max(0)
.min(0)
.build())
.labels(Map.of("string", "any"))
.name("string")
.privileged(false)
.readOnlyRootFilesystem(false)
.requiredDropCapabilities("string")
.runAsGroup(PodSecurityPolicyTemplateRunAsGroupArgs.builder()
.rule("string")
.ranges(PodSecurityPolicyTemplateRunAsGroupRangeArgs.builder()
.max(0)
.min(0)
.build())
.build())
.runAsUser(PodSecurityPolicyTemplateRunAsUserArgs.builder()
.rule("string")
.ranges(PodSecurityPolicyTemplateRunAsUserRangeArgs.builder()
.max(0)
.min(0)
.build())
.build())
.runtimeClass(PodSecurityPolicyTemplateRuntimeClassArgs.builder()
.allowedRuntimeClassNames("string")
.defaultRuntimeClassName("string")
.build())
.seLinux(PodSecurityPolicyTemplateSeLinuxArgs.builder()
.rule("string")
.seLinuxOption(PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs.builder()
.level("string")
.role("string")
.type("string")
.user("string")
.build())
.build())
.supplementalGroup(PodSecurityPolicyTemplateSupplementalGroupArgs.builder()
.ranges(PodSecurityPolicyTemplateSupplementalGroupRangeArgs.builder()
.max(0)
.min(0)
.build())
.rule("string")
.build())
.volumes("string")
.build());
pod_security_policy_template_resource = rancher2.PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource",
allow_privilege_escalation=False,
allowed_capabilities=["string"],
allowed_csi_drivers=[rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs(
name="string",
)],
allowed_flex_volumes=[rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs(
driver="string",
)],
allowed_host_paths=[rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs(
path_prefix="string",
read_only=False,
)],
allowed_proc_mount_types=["string"],
allowed_unsafe_sysctls=["string"],
annotations={
"string": "any",
},
default_add_capabilities=["string"],
default_allow_privilege_escalation=False,
description="string",
forbidden_sysctls=["string"],
fs_group=rancher2.PodSecurityPolicyTemplateFsGroupArgs(
ranges=[rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs(
max=0,
min=0,
)],
rule="string",
),
host_ipc=False,
host_network=False,
host_pid=False,
host_ports=[rancher2.PodSecurityPolicyTemplateHostPortArgs(
max=0,
min=0,
)],
labels={
"string": "any",
},
name="string",
privileged=False,
read_only_root_filesystem=False,
required_drop_capabilities=["string"],
run_as_group=rancher2.PodSecurityPolicyTemplateRunAsGroupArgs(
rule="string",
ranges=[rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs(
max=0,
min=0,
)],
),
run_as_user=rancher2.PodSecurityPolicyTemplateRunAsUserArgs(
rule="string",
ranges=[rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs(
max=0,
min=0,
)],
),
runtime_class=rancher2.PodSecurityPolicyTemplateRuntimeClassArgs(
allowed_runtime_class_names=["string"],
default_runtime_class_name="string",
),
se_linux=rancher2.PodSecurityPolicyTemplateSeLinuxArgs(
rule="string",
se_linux_option=rancher2.PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs(
level="string",
role="string",
type="string",
user="string",
),
),
supplemental_group=rancher2.PodSecurityPolicyTemplateSupplementalGroupArgs(
ranges=[rancher2.PodSecurityPolicyTemplateSupplementalGroupRangeArgs(
max=0,
min=0,
)],
rule="string",
),
volumes=["string"])
const podSecurityPolicyTemplateResource = new rancher2.PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource", {
allowPrivilegeEscalation: false,
allowedCapabilities: ["string"],
allowedCsiDrivers: [{
name: "string",
}],
allowedFlexVolumes: [{
driver: "string",
}],
allowedHostPaths: [{
pathPrefix: "string",
readOnly: false,
}],
allowedProcMountTypes: ["string"],
allowedUnsafeSysctls: ["string"],
annotations: {
string: "any",
},
defaultAddCapabilities: ["string"],
defaultAllowPrivilegeEscalation: false,
description: "string",
forbiddenSysctls: ["string"],
fsGroup: {
ranges: [{
max: 0,
min: 0,
}],
rule: "string",
},
hostIpc: false,
hostNetwork: false,
hostPid: false,
hostPorts: [{
max: 0,
min: 0,
}],
labels: {
string: "any",
},
name: "string",
privileged: false,
readOnlyRootFilesystem: false,
requiredDropCapabilities: ["string"],
runAsGroup: {
rule: "string",
ranges: [{
max: 0,
min: 0,
}],
},
runAsUser: {
rule: "string",
ranges: [{
max: 0,
min: 0,
}],
},
runtimeClass: {
allowedRuntimeClassNames: ["string"],
defaultRuntimeClassName: "string",
},
seLinux: {
rule: "string",
seLinuxOption: {
level: "string",
role: "string",
type: "string",
user: "string",
},
},
supplementalGroup: {
ranges: [{
max: 0,
min: 0,
}],
rule: "string",
},
volumes: ["string"],
});
type: rancher2:PodSecurityPolicyTemplate
properties:
allowPrivilegeEscalation: false
allowedCapabilities:
- string
allowedCsiDrivers:
- name: string
allowedFlexVolumes:
- driver: string
allowedHostPaths:
- pathPrefix: string
readOnly: false
allowedProcMountTypes:
- string
allowedUnsafeSysctls:
- string
annotations:
string: any
defaultAddCapabilities:
- string
defaultAllowPrivilegeEscalation: false
description: string
forbiddenSysctls:
- string
fsGroup:
ranges:
- max: 0
min: 0
rule: string
hostIpc: false
hostNetwork: false
hostPid: false
hostPorts:
- max: 0
min: 0
labels:
string: any
name: string
privileged: false
readOnlyRootFilesystem: false
requiredDropCapabilities:
- string
runAsGroup:
ranges:
- max: 0
min: 0
rule: string
runAsUser:
ranges:
- max: 0
min: 0
rule: string
runtimeClass:
allowedRuntimeClassNames:
- string
defaultRuntimeClassName: string
seLinux:
rule: string
seLinuxOption:
level: string
role: string
type: string
user: string
supplementalGroup:
ranges:
- max: 0
min: 0
rule: string
volumes:
- string
PodSecurityPolicyTemplate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PodSecurityPolicyTemplate resource accepts the following input properties:
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities List<string> - (list)
- Allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- Allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- Allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- Allowed
Proc List<string>Mount Types - (list)
- Allowed
Unsafe List<string>Sysctls - (list)
- Annotations Dictionary<string, object>
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add List<string>Capabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls List<string> - (list)
- Fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports List<PodSecurity Policy Template Host Port> - (list)
- Labels Dictionary<string, object>
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop List<string>Capabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- Volumes List<string>
- (list)
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities []string - (list)
- Allowed
Csi []PodDrivers Security Policy Template Allowed Csi Driver Args - (list)
- Allowed
Flex []PodVolumes Security Policy Template Allowed Flex Volume Args - (list)
- Allowed
Host []PodPaths Security Policy Template Allowed Host Path Args - (list)
- Allowed
Proc []stringMount Types - (list)
- Allowed
Unsafe []stringSysctls - (list)
- Annotations map[string]interface{}
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add []stringCapabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls []string - (list)
- Fs
Group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports []PodSecurity Policy Template Host Port Args - (list)
- Labels map[string]interface{}
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop []stringCapabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group Args - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User Args - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- Volumes []string
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<String,Object>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<PodSecurity Policy Template Host Port> - (list)
- labels Map<String,Object>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes List<String>
- (list)
- allow
Privilege booleanEscalation - = (Optional)
- allowed
Capabilities string[] - (list)
- allowed
Csi PodDrivers Security Policy Template Allowed Csi Driver[] - (list)
- allowed
Flex PodVolumes Security Policy Template Allowed Flex Volume[] - (list)
- allowed
Host PodPaths Security Policy Template Allowed Host Path[] - (list)
- allowed
Proc string[]Mount Types - (list)
- allowed
Unsafe string[]Sysctls - (list)
- annotations {[key: string]: any}
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add string[]Capabilities - (list)
- default
Allow booleanPrivilege Escalation - (list)
- description string
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls string[] - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc boolean - (bool)
- host
Network boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid boolean - (bool)
- host
Ports PodSecurity Policy Template Host Port[] - (list)
- labels {[key: string]: any}
- Labels for PodSecurityPolicyTemplate object (map)
- name string
- The name of the PodSecurityPolicyTemplate (string)
- privileged boolean
- (bool)
- read
Only booleanRoot Filesystem - (bool)
- required
Drop string[]Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes string[]
- (list)
- allow_
privilege_ boolescalation - = (Optional)
- allowed_
capabilities Sequence[str] - (list)
- allowed_
csi_ Sequence[Poddrivers Security Policy Template Allowed Csi Driver Args] - (list)
- allowed_
flex_ Sequence[Podvolumes Security Policy Template Allowed Flex Volume Args] - (list)
- allowed_
host_ Sequence[Podpaths Security Policy Template Allowed Host Path Args] - (list)
- allowed_
proc_ Sequence[str]mount_ types - (list)
- allowed_
unsafe_ Sequence[str]sysctls - (list)
- annotations Mapping[str, Any]
- Annotations for PodSecurityPolicyTemplate object (map)
- default_
add_ Sequence[str]capabilities - (list)
- default_
allow_ boolprivilege_ escalation - (list)
- description str
- The PodSecurityPolicyTemplate description (string)
- forbidden_
sysctls Sequence[str] - (list)
- fs_
group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- host_
ipc bool - (bool)
- host_
network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host_
pid bool - (bool)
- host_
ports Sequence[PodSecurity Policy Template Host Port Args] - (list)
- labels Mapping[str, Any]
- Labels for PodSecurityPolicyTemplate object (map)
- name str
- The name of the PodSecurityPolicyTemplate (string)
- privileged bool
- (bool)
- read_
only_ boolroot_ filesystem - (bool)
- required_
drop_ Sequence[str]capabilities - (list)
- run_
as_ Podgroup Security Policy Template Run As Group Args - (list maxitems:1)
- run_
as_ Poduser Security Policy Template Run As User Args - (list maxitems:1)
- runtime_
class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- se_
linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- supplemental_
group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- volumes Sequence[str]
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<Property Map>Drivers - (list)
- allowed
Flex List<Property Map>Volumes - (list)
- allowed
Host List<Property Map>Paths - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<Any>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group Property Map - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<Property Map> - (list)
- labels Map<Any>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As Property MapGroup - (list maxitems:1)
- run
As Property MapUser - (list maxitems:1)
- runtime
Class Property Map - (list maxitems:1)
- se
Linux Property Map - (list maxitems:1)
- supplemental
Group Property Map - (list maxitems:1)
- volumes List<String>
- (list)
Outputs
All input properties are implicitly available as output properties. Additionally, the PodSecurityPolicyTemplate resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PodSecurityPolicyTemplate Resource
Get an existing PodSecurityPolicyTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PodSecurityPolicyTemplateState, opts?: CustomResourceOptions): PodSecurityPolicyTemplate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_privilege_escalation: Optional[bool] = None,
allowed_capabilities: Optional[Sequence[str]] = None,
allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
allowed_proc_mount_types: Optional[Sequence[str]] = None,
allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, Any]] = None,
default_add_capabilities: Optional[Sequence[str]] = None,
default_allow_privilege_escalation: Optional[bool] = None,
description: Optional[str] = None,
forbidden_sysctls: Optional[Sequence[str]] = None,
fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
host_ipc: Optional[bool] = None,
host_network: Optional[bool] = None,
host_pid: Optional[bool] = None,
host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
privileged: Optional[bool] = None,
read_only_root_filesystem: Optional[bool] = None,
required_drop_capabilities: Optional[Sequence[str]] = None,
run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
volumes: Optional[Sequence[str]] = None) -> PodSecurityPolicyTemplatefunc GetPodSecurityPolicyTemplate(ctx *Context, name string, id IDInput, state *PodSecurityPolicyTemplateState, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)public static PodSecurityPolicyTemplate Get(string name, Input<string> id, PodSecurityPolicyTemplateState? state, CustomResourceOptions? opts = null)public static PodSecurityPolicyTemplate get(String name, Output<String> id, PodSecurityPolicyTemplateState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities List<string> - (list)
- Allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- Allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- Allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- Allowed
Proc List<string>Mount Types - (list)
- Allowed
Unsafe List<string>Sysctls - (list)
- Annotations Dictionary<string, object>
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add List<string>Capabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls List<string> - (list)
- Fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports List<PodSecurity Policy Template Host Port> - (list)
- Labels Dictionary<string, object>
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop List<string>Capabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- Volumes List<string>
- (list)
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities []string - (list)
- Allowed
Csi []PodDrivers Security Policy Template Allowed Csi Driver Args - (list)
- Allowed
Flex []PodVolumes Security Policy Template Allowed Flex Volume Args - (list)
- Allowed
Host []PodPaths Security Policy Template Allowed Host Path Args - (list)
- Allowed
Proc []stringMount Types - (list)
- Allowed
Unsafe []stringSysctls - (list)
- Annotations map[string]interface{}
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add []stringCapabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls []string - (list)
- Fs
Group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports []PodSecurity Policy Template Host Port Args - (list)
- Labels map[string]interface{}
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop []stringCapabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group Args - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User Args - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- Volumes []string
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<String,Object>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<PodSecurity Policy Template Host Port> - (list)
- labels Map<String,Object>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes List<String>
- (list)
- allow
Privilege booleanEscalation - = (Optional)
- allowed
Capabilities string[] - (list)
- allowed
Csi PodDrivers Security Policy Template Allowed Csi Driver[] - (list)
- allowed
Flex PodVolumes Security Policy Template Allowed Flex Volume[] - (list)
- allowed
Host PodPaths Security Policy Template Allowed Host Path[] - (list)
- allowed
Proc string[]Mount Types - (list)
- allowed
Unsafe string[]Sysctls - (list)
- annotations {[key: string]: any}
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add string[]Capabilities - (list)
- default
Allow booleanPrivilege Escalation - (list)
- description string
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls string[] - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc boolean - (bool)
- host
Network boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid boolean - (bool)
- host
Ports PodSecurity Policy Template Host Port[] - (list)
- labels {[key: string]: any}
- Labels for PodSecurityPolicyTemplate object (map)
- name string
- The name of the PodSecurityPolicyTemplate (string)
- privileged boolean
- (bool)
- read
Only booleanRoot Filesystem - (bool)
- required
Drop string[]Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes string[]
- (list)
- allow_
privilege_ boolescalation - = (Optional)
- allowed_
capabilities Sequence[str] - (list)
- allowed_
csi_ Sequence[Poddrivers Security Policy Template Allowed Csi Driver Args] - (list)
- allowed_
flex_ Sequence[Podvolumes Security Policy Template Allowed Flex Volume Args] - (list)
- allowed_
host_ Sequence[Podpaths Security Policy Template Allowed Host Path Args] - (list)
- allowed_
proc_ Sequence[str]mount_ types - (list)
- allowed_
unsafe_ Sequence[str]sysctls - (list)
- annotations Mapping[str, Any]
- Annotations for PodSecurityPolicyTemplate object (map)
- default_
add_ Sequence[str]capabilities - (list)
- default_
allow_ boolprivilege_ escalation - (list)
- description str
- The PodSecurityPolicyTemplate description (string)
- forbidden_
sysctls Sequence[str] - (list)
- fs_
group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- host_
ipc bool - (bool)
- host_
network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host_
pid bool - (bool)
- host_
ports Sequence[PodSecurity Policy Template Host Port Args] - (list)
- labels Mapping[str, Any]
- Labels for PodSecurityPolicyTemplate object (map)
- name str
- The name of the PodSecurityPolicyTemplate (string)
- privileged bool
- (bool)
- read_
only_ boolroot_ filesystem - (bool)
- required_
drop_ Sequence[str]capabilities - (list)
- run_
as_ Podgroup Security Policy Template Run As Group Args - (list maxitems:1)
- run_
as_ Poduser Security Policy Template Run As User Args - (list maxitems:1)
- runtime_
class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- se_
linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- supplemental_
group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- volumes Sequence[str]
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<Property Map>Drivers - (list)
- allowed
Flex List<Property Map>Volumes - (list)
- allowed
Host List<Property Map>Paths - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<Any>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group Property Map - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<Property Map> - (list)
- labels Map<Any>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As Property MapGroup - (list maxitems:1)
- run
As Property MapUser - (list maxitems:1)
- runtime
Class Property Map - (list maxitems:1)
- se
Linux Property Map - (list maxitems:1)
- supplemental
Group Property Map - (list maxitems:1)
- volumes List<String>
- (list)
Supporting Types
PodSecurityPolicyTemplateAllowedCsiDriver, PodSecurityPolicyTemplateAllowedCsiDriverArgs
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- name string
- The name of the PodSecurityPolicyTemplate (string)
- name str
- The name of the PodSecurityPolicyTemplate (string)
- name String
- The name of the PodSecurityPolicyTemplate (string)
PodSecurityPolicyTemplateAllowedFlexVolume, PodSecurityPolicyTemplateAllowedFlexVolumeArgs
- Driver string
- driver is the name of the Flexvolume driver.
- Driver string
- driver is the name of the Flexvolume driver.
- driver String
- driver is the name of the Flexvolume driver.
- driver string
- driver is the name of the Flexvolume driver.
- driver str
- driver is the name of the Flexvolume driver.
- driver String
- driver is the name of the Flexvolume driver.
PodSecurityPolicyTemplateAllowedHostPath, PodSecurityPolicyTemplateAllowedHostPathArgs
- Path
Prefix string - pathPrefix is the path prefix that the host volume must match. It does not support
*. Trailing slashes are trimmed when validating the path prefix with a host path. - Read
Only bool - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
- Path
Prefix string - pathPrefix is the path prefix that the host volume must match. It does not support
*. Trailing slashes are trimmed when validating the path prefix with a host path. - Read
Only bool - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
- path
Prefix String - pathPrefix is the path prefix that the host volume must match. It does not support
*. Trailing slashes are trimmed when validating the path prefix with a host path. - read
Only Boolean - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
- path
Prefix string - pathPrefix is the path prefix that the host volume must match. It does not support
*. Trailing slashes are trimmed when validating the path prefix with a host path. - read
Only boolean - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
- path_
prefix str - pathPrefix is the path prefix that the host volume must match. It does not support
*. Trailing slashes are trimmed when validating the path prefix with a host path. - read_
only bool - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
- path
Prefix String - pathPrefix is the path prefix that the host volume must match. It does not support
*. Trailing slashes are trimmed when validating the path prefix with a host path. - read
Only Boolean - when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
PodSecurityPolicyTemplateFsGroup, PodSecurityPolicyTemplateFsGroupArgs
- Ranges
List<Pod
Security Policy Template Fs Group Range> - ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
- Rule string
- rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
- Ranges
[]Pod
Security Policy Template Fs Group Range - ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
- Rule string
- rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
- ranges
List<Pod
Security Policy Template Fs Group Range> - ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
- ranges
Pod
Security Policy Template Fs Group Range[] - ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
- rule string
- rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
- ranges
Sequence[Pod
Security Policy Template Fs Group Range] - ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
- rule str
- rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
- ranges List<Property Map>
- ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
PodSecurityPolicyTemplateFsGroupRange, PodSecurityPolicyTemplateFsGroupRangeArgs
PodSecurityPolicyTemplateHostPort, PodSecurityPolicyTemplateHostPortArgs
PodSecurityPolicyTemplateRunAsGroup, PodSecurityPolicyTemplateRunAsGroupArgs
- Rule string
- rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
- Ranges
List<Pod
Security Policy Template Run As Group Range> - ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
- Rule string
- rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
- Ranges
[]Pod
Security Policy Template Run As Group Range - ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
- ranges
List<Pod
Security Policy Template Run As Group Range> - ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
- rule string
- rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
- ranges
Pod
Security Policy Template Run As Group Range[] - ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
- rule str
- rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
- ranges
Sequence[Pod
Security Policy Template Run As Group Range] - ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
- ranges List<Property Map>
- ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
PodSecurityPolicyTemplateRunAsGroupRange, PodSecurityPolicyTemplateRunAsGroupRangeArgs
PodSecurityPolicyTemplateRunAsUser, PodSecurityPolicyTemplateRunAsUserArgs
- Rule string
- rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- Ranges
List<Pod
Security Policy Template Run As User Range> - ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
- Rule string
- rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- Ranges
[]Pod
Security Policy Template Run As User Range - ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- ranges
List<Pod
Security Policy Template Run As User Range> - ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
- rule string
- rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- ranges
Pod
Security Policy Template Run As User Range[] - ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
- rule str
- rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- ranges
Sequence[Pod
Security Policy Template Run As User Range] - ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate the allowable RunAsUser values that may be set.
- ranges List<Property Map>
- ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
PodSecurityPolicyTemplateRunAsUserRange, PodSecurityPolicyTemplateRunAsUserRangeArgs
PodSecurityPolicyTemplateRuntimeClass, PodSecurityPolicyTemplateRuntimeClassArgs
- Allowed
Runtime List<string>Class Names - allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
- Default
Runtime stringClass Name - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
- Allowed
Runtime []stringClass Names - allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
- Default
Runtime stringClass Name - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
- allowed
Runtime List<String>Class Names - allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
- default
Runtime StringClass Name - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
- allowed
Runtime string[]Class Names - allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
- default
Runtime stringClass Name - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
- allowed_
runtime_ Sequence[str]class_ names - allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
- default_
runtime_ strclass_ name - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
- allowed
Runtime List<String>Class Names - allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
- default
Runtime StringClass Name - defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
PodSecurityPolicyTemplateSeLinux, PodSecurityPolicyTemplateSeLinuxArgs
- Rule string
- rule is the strategy that will dictate the allowable labels that may be set.
- Se
Linux PodOption Security Policy Template Se Linux Se Linux Option - seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- Rule string
- rule is the strategy that will dictate the allowable labels that may be set.
- Se
Linux PodOption Security Policy Template Se Linux Se Linux Option - seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- rule String
- rule is the strategy that will dictate the allowable labels that may be set.
- se
Linux PodOption Security Policy Template Se Linux Se Linux Option - seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- rule string
- rule is the strategy that will dictate the allowable labels that may be set.
- se
Linux PodOption Security Policy Template Se Linux Se Linux Option - seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- rule str
- rule is the strategy that will dictate the allowable labels that may be set.
- se_
linux_ Podoption Security Policy Template Se Linux Se Linux Option - seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- rule String
- rule is the strategy that will dictate the allowable labels that may be set.
- se
Linux Property MapOption - seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
PodSecurityPolicyTemplateSeLinuxSeLinuxOption, PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs
PodSecurityPolicyTemplateSupplementalGroup, PodSecurityPolicyTemplateSupplementalGroupArgs
- Ranges
List<Pod
Security Policy Template Supplemental Group Range> - ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
- Rule string
- rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
- Ranges
[]Pod
Security Policy Template Supplemental Group Range - ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
- Rule string
- rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
- ranges
List<Pod
Security Policy Template Supplemental Group Range> - ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
- ranges
Pod
Security Policy Template Supplemental Group Range[] - ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
- rule string
- rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
- ranges
Sequence[Pod
Security Policy Template Supplemental Group Range] - ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
- rule str
- rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
- ranges List<Property Map>
- ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
- rule String
- rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
PodSecurityPolicyTemplateSupplementalGroupRange, PodSecurityPolicyTemplateSupplementalGroupRangeArgs
Import
PodSecurityPolicyTemplate can be imported using the Rancher PodSecurityPolicyTemplate Name
$ pulumi import rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate foo <pod_security_policy_name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Rancher2 pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
rancher2Terraform Provider.