api: k8s.io/api/policy/v1beta1 Index | Files

package v1beta1

import "k8s.io/api/policy/v1beta1"

Package policy is for any kind of policy object. Suitable examples, even if they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, NetworkPolicy, etc.

Index

Package Files

doc.go generated.pb.go register.go types.go types_swagger_doc_generated.go zz_generated.deepcopy.go zz_generated.prerelease-lifecycle.go

Constants

const AllowAllRuntimeClassNames = "*"

AllowAllRuntimeClassNames can be used as a value for the RuntimeClassStrategyOptions.AllowedRuntimeClassNames field and means that any RuntimeClassName is allowed.

const GroupName = "policy"

GroupName is the group name use in this package

Variables

var (
    ErrInvalidLengthGenerated        = fmt.Errorf("proto: negative length found during unmarshaling")
    ErrIntOverflowGenerated          = fmt.Errorf("proto: integer overflow")
    ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
var (
    // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
    // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
    SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

    AddToScheme = localSchemeBuilder.AddToScheme
)
var AllowAllCapabilities v1.Capability = "*"

AllowAllCapabilities can be used as a value for the PodSecurityPolicy.AllowAllCapabilities field and means that any capabilities are allowed to be requested.

var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}

SchemeGroupVersion is group version used to register these objects

func Resource Uses

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

type AllowedCSIDriver Uses

type AllowedCSIDriver struct {
    // Name is the registered name of the CSI driver
    Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
}

AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.

func (*AllowedCSIDriver) DeepCopy Uses

func (in *AllowedCSIDriver) DeepCopy() *AllowedCSIDriver

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedCSIDriver.

func (*AllowedCSIDriver) DeepCopyInto Uses

func (in *AllowedCSIDriver) DeepCopyInto(out *AllowedCSIDriver)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AllowedCSIDriver) Descriptor Uses

func (*AllowedCSIDriver) Descriptor() ([]byte, []int)

func (*AllowedCSIDriver) Marshal Uses

func (m *AllowedCSIDriver) Marshal() (dAtA []byte, err error)

func (*AllowedCSIDriver) MarshalTo Uses

func (m *AllowedCSIDriver) MarshalTo(dAtA []byte) (int, error)

func (*AllowedCSIDriver) MarshalToSizedBuffer Uses

func (m *AllowedCSIDriver) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AllowedCSIDriver) ProtoMessage Uses

func (*AllowedCSIDriver) ProtoMessage()

func (*AllowedCSIDriver) Reset Uses

func (m *AllowedCSIDriver) Reset()

func (*AllowedCSIDriver) Size Uses

func (m *AllowedCSIDriver) Size() (n int)

func (*AllowedCSIDriver) String Uses

func (this *AllowedCSIDriver) String() string

func (AllowedCSIDriver) SwaggerDoc Uses

func (AllowedCSIDriver) SwaggerDoc() map[string]string

func (*AllowedCSIDriver) Unmarshal Uses

func (m *AllowedCSIDriver) Unmarshal(dAtA []byte) error

func (*AllowedCSIDriver) XXX_DiscardUnknown Uses

func (m *AllowedCSIDriver) XXX_DiscardUnknown()

func (*AllowedCSIDriver) XXX_Marshal Uses

func (m *AllowedCSIDriver) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AllowedCSIDriver) XXX_Merge Uses

func (m *AllowedCSIDriver) XXX_Merge(src proto.Message)

func (*AllowedCSIDriver) XXX_Size Uses

func (m *AllowedCSIDriver) XXX_Size() int

func (*AllowedCSIDriver) XXX_Unmarshal Uses

func (m *AllowedCSIDriver) XXX_Unmarshal(b []byte) error

type AllowedFlexVolume Uses

type AllowedFlexVolume struct {
    // driver is the name of the Flexvolume driver.
    Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
}

AllowedFlexVolume represents a single Flexvolume that is allowed to be used.

func (*AllowedFlexVolume) DeepCopy Uses

func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.

func (*AllowedFlexVolume) DeepCopyInto Uses

func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AllowedFlexVolume) Descriptor Uses

func (*AllowedFlexVolume) Descriptor() ([]byte, []int)

func (*AllowedFlexVolume) Marshal Uses

func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)

func (*AllowedFlexVolume) MarshalTo Uses

func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)

func (*AllowedFlexVolume) MarshalToSizedBuffer Uses

func (m *AllowedFlexVolume) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AllowedFlexVolume) ProtoMessage Uses

func (*AllowedFlexVolume) ProtoMessage()

func (*AllowedFlexVolume) Reset Uses

func (m *AllowedFlexVolume) Reset()

func (*AllowedFlexVolume) Size Uses

func (m *AllowedFlexVolume) Size() (n int)

func (*AllowedFlexVolume) String Uses

func (this *AllowedFlexVolume) String() string

func (AllowedFlexVolume) SwaggerDoc Uses

func (AllowedFlexVolume) SwaggerDoc() map[string]string

func (*AllowedFlexVolume) Unmarshal Uses

func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error

func (*AllowedFlexVolume) XXX_DiscardUnknown Uses

func (m *AllowedFlexVolume) XXX_DiscardUnknown()

func (*AllowedFlexVolume) XXX_Marshal Uses

func (m *AllowedFlexVolume) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AllowedFlexVolume) XXX_Merge Uses

func (m *AllowedFlexVolume) XXX_Merge(src proto.Message)

func (*AllowedFlexVolume) XXX_Size Uses

func (m *AllowedFlexVolume) XXX_Size() int

func (*AllowedFlexVolume) XXX_Unmarshal Uses

func (m *AllowedFlexVolume) XXX_Unmarshal(b []byte) error

type AllowedHostPath Uses

type AllowedHostPath struct {
    // pathPrefix is the path prefix that the host volume must match.
    // It does not support `*`.
    // Trailing slashes are trimmed when validating the path prefix with a host path.
    //
    // Examples:
    // `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
    // `/foo` would not allow `/food` or `/etc/foo`
    PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"`

    // when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
    // +optional
    ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"`
}

AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.

func (*AllowedHostPath) DeepCopy Uses

func (in *AllowedHostPath) DeepCopy() *AllowedHostPath

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath.

func (*AllowedHostPath) DeepCopyInto Uses

func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AllowedHostPath) Descriptor Uses

func (*AllowedHostPath) Descriptor() ([]byte, []int)

func (*AllowedHostPath) Marshal Uses

func (m *AllowedHostPath) Marshal() (dAtA []byte, err error)

func (*AllowedHostPath) MarshalTo Uses

func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error)

func (*AllowedHostPath) MarshalToSizedBuffer Uses

func (m *AllowedHostPath) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AllowedHostPath) ProtoMessage Uses

func (*AllowedHostPath) ProtoMessage()

func (*AllowedHostPath) Reset Uses

func (m *AllowedHostPath) Reset()

func (*AllowedHostPath) Size Uses

func (m *AllowedHostPath) Size() (n int)

func (*AllowedHostPath) String Uses

func (this *AllowedHostPath) String() string

func (AllowedHostPath) SwaggerDoc Uses

func (AllowedHostPath) SwaggerDoc() map[string]string

func (*AllowedHostPath) Unmarshal Uses

func (m *AllowedHostPath) Unmarshal(dAtA []byte) error

func (*AllowedHostPath) XXX_DiscardUnknown Uses

func (m *AllowedHostPath) XXX_DiscardUnknown()

func (*AllowedHostPath) XXX_Marshal Uses

func (m *AllowedHostPath) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AllowedHostPath) XXX_Merge Uses

func (m *AllowedHostPath) XXX_Merge(src proto.Message)

func (*AllowedHostPath) XXX_Size Uses

func (m *AllowedHostPath) XXX_Size() int

func (*AllowedHostPath) XXX_Unmarshal Uses

func (m *AllowedHostPath) XXX_Unmarshal(b []byte) error

type Eviction Uses

type Eviction struct {
    metav1.TypeMeta `json:",inline"`

    // ObjectMeta describes the pod that is being evicted.
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // DeleteOptions may be provided
    // +optional
    DeleteOptions *metav1.DeleteOptions `json:"deleteOptions,omitempty" protobuf:"bytes,2,opt,name=deleteOptions"`
}

Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods/<pod name>/evictions.

func (*Eviction) APILifecycleDeprecated Uses

func (in *Eviction) APILifecycleDeprecated() (major, minor int)

APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.

func (*Eviction) APILifecycleIntroduced Uses

func (in *Eviction) APILifecycleIntroduced() (major, minor int)

APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.

func (*Eviction) APILifecycleRemoved Uses

func (in *Eviction) APILifecycleRemoved() (major, minor int)

APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.

func (*Eviction) DeepCopy Uses

func (in *Eviction) DeepCopy() *Eviction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Eviction.

func (*Eviction) DeepCopyInto Uses

func (in *Eviction) DeepCopyInto(out *Eviction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Eviction) DeepCopyObject Uses

func (in *Eviction) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Eviction) Descriptor Uses

func (*Eviction) Descriptor() ([]byte, []int)

func (*Eviction) Marshal Uses

func (m *Eviction) Marshal() (dAtA []byte, err error)

func (*Eviction) MarshalTo Uses

func (m *Eviction) MarshalTo(dAtA []byte) (int, error)

func (*Eviction) MarshalToSizedBuffer Uses

func (m *Eviction) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Eviction) ProtoMessage Uses

func (*Eviction) ProtoMessage()

func (*Eviction) Reset Uses

func (m *Eviction) Reset()

func (*Eviction) Size Uses

func (m *Eviction) Size() (n int)

func (*Eviction) String Uses

func (this *Eviction) String() string

func (Eviction) SwaggerDoc Uses

func (Eviction) SwaggerDoc() map[string]string

func (*Eviction) Unmarshal Uses

func (m *Eviction) Unmarshal(dAtA []byte) error

func (*Eviction) XXX_DiscardUnknown Uses

func (m *Eviction) XXX_DiscardUnknown()

func (*Eviction) XXX_Marshal Uses

func (m *Eviction) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Eviction) XXX_Merge Uses

func (m *Eviction) XXX_Merge(src proto.Message)

func (*Eviction) XXX_Size Uses

func (m *Eviction) XXX_Size() int

func (*Eviction) XXX_Unmarshal Uses

func (m *Eviction) XXX_Unmarshal(b []byte) error

type FSGroupStrategyOptions Uses

type FSGroupStrategyOptions struct {
    // rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
    // +optional
    Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"`
    // ranges are the allowed ranges of fs groups.  If you would like to force a single
    // fs group then supply a single range with the same start and end. Required for MustRunAs.
    // +optional
    Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

FSGroupStrategyOptions defines the strategy type and options used to create the strategy.

func (*FSGroupStrategyOptions) DeepCopy Uses

func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.

func (*FSGroupStrategyOptions) DeepCopyInto Uses

func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FSGroupStrategyOptions) Descriptor Uses

func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)

func (*FSGroupStrategyOptions) Marshal Uses

func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)

func (*FSGroupStrategyOptions) MarshalTo Uses

func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*FSGroupStrategyOptions) MarshalToSizedBuffer Uses

func (m *FSGroupStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*FSGroupStrategyOptions) ProtoMessage Uses

func (*FSGroupStrategyOptions) ProtoMessage()

func (*FSGroupStrategyOptions) Reset Uses

func (m *FSGroupStrategyOptions) Reset()

func (*FSGroupStrategyOptions) Size Uses

func (m *FSGroupStrategyOptions) Size() (n int)

func (*FSGroupStrategyOptions) String Uses

func (this *FSGroupStrategyOptions) String() string

func (FSGroupStrategyOptions) SwaggerDoc Uses

func (FSGroupStrategyOptions) SwaggerDoc() map[string]string

func (*FSGroupStrategyOptions) Unmarshal Uses

func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error

func (*FSGroupStrategyOptions) XXX_DiscardUnknown Uses

func (m *FSGroupStrategyOptions) XXX_DiscardUnknown()

func (*FSGroupStrategyOptions) XXX_Marshal Uses

func (m *FSGroupStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FSGroupStrategyOptions) XXX_Merge Uses

func (m *FSGroupStrategyOptions) XXX_Merge(src proto.Message)

func (*FSGroupStrategyOptions) XXX_Size Uses

func (m *FSGroupStrategyOptions) XXX_Size() int

func (*FSGroupStrategyOptions) XXX_Unmarshal Uses

func (m *FSGroupStrategyOptions) XXX_Unmarshal(b []byte) error

type FSGroupStrategyType Uses

type FSGroupStrategyType string

FSGroupStrategyType denotes strategy types for generating FSGroup values for a SecurityContext

const (
    // FSGroupStrategyMayRunAs means that container does not need to have FSGroup of X applied.
    // However, when FSGroups are specified, they have to fall in the defined range.
    FSGroupStrategyMayRunAs FSGroupStrategyType = "MayRunAs"
    // FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied.
    FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
    // FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels.
    FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"
)

type FSType Uses

type FSType string

FSType gives strong typing to different file systems that are used by volumes.

const (
    AzureFile             FSType = "azureFile"
    Flocker               FSType = "flocker"
    FlexVolume            FSType = "flexVolume"
    HostPath              FSType = "hostPath"
    EmptyDir              FSType = "emptyDir"
    GCEPersistentDisk     FSType = "gcePersistentDisk"
    AWSElasticBlockStore  FSType = "awsElasticBlockStore"
    GitRepo               FSType = "gitRepo"
    Secret                FSType = "secret"
    NFS                   FSType = "nfs"
    ISCSI                 FSType = "iscsi"
    Glusterfs             FSType = "glusterfs"
    PersistentVolumeClaim FSType = "persistentVolumeClaim"
    RBD                   FSType = "rbd"
    Cinder                FSType = "cinder"
    CephFS                FSType = "cephFS"
    DownwardAPI           FSType = "downwardAPI"
    FC                    FSType = "fc"
    ConfigMap             FSType = "configMap"
    VsphereVolume         FSType = "vsphereVolume"
    Quobyte               FSType = "quobyte"
    AzureDisk             FSType = "azureDisk"
    PhotonPersistentDisk  FSType = "photonPersistentDisk"
    StorageOS             FSType = "storageos"
    Projected             FSType = "projected"
    PortworxVolume        FSType = "portworxVolume"
    ScaleIO               FSType = "scaleIO"
    CSI                   FSType = "csi"
    All                   FSType = "*"
)

type HostPortRange Uses

type HostPortRange struct {
    // min is the start of the range, inclusive.
    Min int32 `json:"min" protobuf:"varint,1,opt,name=min"`
    // max is the end of the range, inclusive.
    Max int32 `json:"max" protobuf:"varint,2,opt,name=max"`
}

HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.

func (*HostPortRange) DeepCopy Uses

func (in *HostPortRange) DeepCopy() *HostPortRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange.

func (*HostPortRange) DeepCopyInto Uses

func (in *HostPortRange) DeepCopyInto(out *HostPortRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*HostPortRange) Descriptor Uses

func (*HostPortRange) Descriptor() ([]byte, []int)

func (*HostPortRange) Marshal Uses

func (m *HostPortRange) Marshal() (dAtA []byte, err error)

func (*HostPortRange) MarshalTo Uses

func (m *HostPortRange) MarshalTo(dAtA []byte) (int, error)

func (*HostPortRange) MarshalToSizedBuffer Uses

func (m *HostPortRange) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*HostPortRange) ProtoMessage Uses

func (*HostPortRange) ProtoMessage()

func (*HostPortRange) Reset Uses

func (m *HostPortRange) Reset()

func (*HostPortRange) Size Uses

func (m *HostPortRange) Size() (n int)

func (*HostPortRange) String Uses

func (this *HostPortRange) String() string

func (HostPortRange) SwaggerDoc Uses

func (HostPortRange) SwaggerDoc() map[string]string

func (*HostPortRange) Unmarshal Uses

func (m *HostPortRange) Unmarshal(dAtA []byte) error

func (*HostPortRange) XXX_DiscardUnknown Uses

func (m *HostPortRange) XXX_DiscardUnknown()

func (*HostPortRange) XXX_Marshal Uses

func (m *HostPortRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*HostPortRange) XXX_Merge Uses

func (m *HostPortRange) XXX_Merge(src proto.Message)

func (*HostPortRange) XXX_Size Uses

func (m *HostPortRange) XXX_Size() int

func (*HostPortRange) XXX_Unmarshal Uses

func (m *HostPortRange) XXX_Unmarshal(b []byte) error

type IDRange Uses

type IDRange struct {
    // min is the start of the range, inclusive.
    Min int64 `json:"min" protobuf:"varint,1,opt,name=min"`
    // max is the end of the range, inclusive.
    Max int64 `json:"max" protobuf:"varint,2,opt,name=max"`
}

IDRange provides a min/max of an allowed range of IDs.

func (*IDRange) DeepCopy Uses

func (in *IDRange) DeepCopy() *IDRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.

func (*IDRange) DeepCopyInto Uses

func (in *IDRange) DeepCopyInto(out *IDRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IDRange) Descriptor Uses

func (*IDRange) Descriptor() ([]byte, []int)

func (*IDRange) Marshal Uses

func (m *IDRange) Marshal() (dAtA []byte, err error)

func (*IDRange) MarshalTo Uses

func (m *IDRange) MarshalTo(dAtA []byte) (int, error)

func (*IDRange) MarshalToSizedBuffer Uses

func (m *IDRange) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IDRange) ProtoMessage Uses

func (*IDRange) ProtoMessage()

func (*IDRange) Reset Uses

func (m *IDRange) Reset()

func (*IDRange) Size Uses

func (m *IDRange) Size() (n int)

func (*IDRange) String Uses

func (this *IDRange) String() string

func (IDRange) SwaggerDoc Uses

func (IDRange) SwaggerDoc() map[string]string

func (*IDRange) Unmarshal Uses

func (m *IDRange) Unmarshal(dAtA []byte) error

func (*IDRange) XXX_DiscardUnknown Uses

func (m *IDRange) XXX_DiscardUnknown()

func (*IDRange) XXX_Marshal Uses

func (m *IDRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IDRange) XXX_Merge Uses

func (m *IDRange) XXX_Merge(src proto.Message)

func (*IDRange) XXX_Size Uses

func (m *IDRange) XXX_Size() int

func (*IDRange) XXX_Unmarshal Uses

func (m *IDRange) XXX_Unmarshal(b []byte) error

type PodDisruptionBudget Uses

type PodDisruptionBudget struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // Specification of the desired behavior of the PodDisruptionBudget.
    // +optional
    Spec PodDisruptionBudgetSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
    // Most recently observed status of the PodDisruptionBudget.
    // +optional
    Status PodDisruptionBudgetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}

PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods

func (*PodDisruptionBudget) APILifecycleDeprecated Uses

func (in *PodDisruptionBudget) APILifecycleDeprecated() (major, minor int)

APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.

func (*PodDisruptionBudget) APILifecycleIntroduced Uses

func (in *PodDisruptionBudget) APILifecycleIntroduced() (major, minor int)

APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.

func (*PodDisruptionBudget) APILifecycleRemoved Uses

func (in *PodDisruptionBudget) APILifecycleRemoved() (major, minor int)

APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.

func (*PodDisruptionBudget) DeepCopy Uses

func (in *PodDisruptionBudget) DeepCopy() *PodDisruptionBudget

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudget.

func (*PodDisruptionBudget) DeepCopyInto Uses

func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodDisruptionBudget) DeepCopyObject Uses

func (in *PodDisruptionBudget) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodDisruptionBudget) Descriptor Uses

func (*PodDisruptionBudget) Descriptor() ([]byte, []int)

func (*PodDisruptionBudget) Marshal Uses

func (m *PodDisruptionBudget) Marshal() (dAtA []byte, err error)

func (*PodDisruptionBudget) MarshalTo Uses

func (m *PodDisruptionBudget) MarshalTo(dAtA []byte) (int, error)

func (*PodDisruptionBudget) MarshalToSizedBuffer Uses

func (m *PodDisruptionBudget) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodDisruptionBudget) ProtoMessage Uses

func (*PodDisruptionBudget) ProtoMessage()

func (*PodDisruptionBudget) Reset Uses

func (m *PodDisruptionBudget) Reset()

func (*PodDisruptionBudget) Size Uses

func (m *PodDisruptionBudget) Size() (n int)

func (*PodDisruptionBudget) String Uses

func (this *PodDisruptionBudget) String() string

func (PodDisruptionBudget) SwaggerDoc Uses

func (PodDisruptionBudget) SwaggerDoc() map[string]string

func (*PodDisruptionBudget) Unmarshal Uses

func (m *PodDisruptionBudget) Unmarshal(dAtA []byte) error

func (*PodDisruptionBudget) XXX_DiscardUnknown Uses

func (m *PodDisruptionBudget) XXX_DiscardUnknown()

func (*PodDisruptionBudget) XXX_Marshal Uses

func (m *PodDisruptionBudget) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodDisruptionBudget) XXX_Merge Uses

func (m *PodDisruptionBudget) XXX_Merge(src proto.Message)

func (*PodDisruptionBudget) XXX_Size Uses

func (m *PodDisruptionBudget) XXX_Size() int

func (*PodDisruptionBudget) XXX_Unmarshal Uses

func (m *PodDisruptionBudget) XXX_Unmarshal(b []byte) error

type PodDisruptionBudgetList Uses

type PodDisruptionBudgetList struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
    Items           []PodDisruptionBudget `json:"items" protobuf:"bytes,2,rep,name=items"`
}

PodDisruptionBudgetList is a collection of PodDisruptionBudgets.

func (*PodDisruptionBudgetList) APILifecycleDeprecated Uses

func (in *PodDisruptionBudgetList) APILifecycleDeprecated() (major, minor int)

APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.

func (*PodDisruptionBudgetList) APILifecycleIntroduced Uses

func (in *PodDisruptionBudgetList) APILifecycleIntroduced() (major, minor int)

APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.

func (*PodDisruptionBudgetList) APILifecycleRemoved Uses

func (in *PodDisruptionBudgetList) APILifecycleRemoved() (major, minor int)

APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.

func (*PodDisruptionBudgetList) DeepCopy Uses

func (in *PodDisruptionBudgetList) DeepCopy() *PodDisruptionBudgetList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetList.

func (*PodDisruptionBudgetList) DeepCopyInto Uses

func (in *PodDisruptionBudgetList) DeepCopyInto(out *PodDisruptionBudgetList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodDisruptionBudgetList) DeepCopyObject Uses

func (in *PodDisruptionBudgetList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodDisruptionBudgetList) Descriptor Uses

func (*PodDisruptionBudgetList) Descriptor() ([]byte, []int)

func (*PodDisruptionBudgetList) Marshal Uses

func (m *PodDisruptionBudgetList) Marshal() (dAtA []byte, err error)

func (*PodDisruptionBudgetList) MarshalTo Uses

func (m *PodDisruptionBudgetList) MarshalTo(dAtA []byte) (int, error)

func (*PodDisruptionBudgetList) MarshalToSizedBuffer Uses

func (m *PodDisruptionBudgetList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodDisruptionBudgetList) ProtoMessage Uses

func (*PodDisruptionBudgetList) ProtoMessage()

func (*PodDisruptionBudgetList) Reset Uses

func (m *PodDisruptionBudgetList) Reset()

func (*PodDisruptionBudgetList) Size Uses

func (m *PodDisruptionBudgetList) Size() (n int)

func (*PodDisruptionBudgetList) String Uses

func (this *PodDisruptionBudgetList) String() string

func (PodDisruptionBudgetList) SwaggerDoc Uses

func (PodDisruptionBudgetList) SwaggerDoc() map[string]string

func (*PodDisruptionBudgetList) Unmarshal Uses

func (m *PodDisruptionBudgetList) Unmarshal(dAtA []byte) error

func (*PodDisruptionBudgetList) XXX_DiscardUnknown Uses

func (m *PodDisruptionBudgetList) XXX_DiscardUnknown()

func (*PodDisruptionBudgetList) XXX_Marshal Uses

func (m *PodDisruptionBudgetList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodDisruptionBudgetList) XXX_Merge Uses

func (m *PodDisruptionBudgetList) XXX_Merge(src proto.Message)

func (*PodDisruptionBudgetList) XXX_Size Uses

func (m *PodDisruptionBudgetList) XXX_Size() int

func (*PodDisruptionBudgetList) XXX_Unmarshal Uses

func (m *PodDisruptionBudgetList) XXX_Unmarshal(b []byte) error

type PodDisruptionBudgetSpec Uses

type PodDisruptionBudgetSpec struct {
    // An eviction is allowed if at least "minAvailable" pods selected by
    // "selector" will still be available after the eviction, i.e. even in the
    // absence of the evicted pod.  So for example you can prevent all voluntary
    // evictions by specifying "100%".
    // +optional
    MinAvailable *intstr.IntOrString `json:"minAvailable,omitempty" protobuf:"bytes,1,opt,name=minAvailable"`

    // Label query over pods whose evictions are managed by the disruption
    // budget.
    // +optional
    Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,2,opt,name=selector"`

    // An eviction is allowed if at most "maxUnavailable" pods selected by
    // "selector" are unavailable after the eviction, i.e. even in absence of
    // the evicted pod. For example, one can prevent all voluntary evictions
    // by specifying 0. This is a mutually exclusive setting with "minAvailable".
    // +optional
    MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,3,opt,name=maxUnavailable"`
}

PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.

func (*PodDisruptionBudgetSpec) DeepCopy Uses

func (in *PodDisruptionBudgetSpec) DeepCopy() *PodDisruptionBudgetSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetSpec.

func (*PodDisruptionBudgetSpec) DeepCopyInto Uses

func (in *PodDisruptionBudgetSpec) DeepCopyInto(out *PodDisruptionBudgetSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodDisruptionBudgetSpec) Descriptor Uses

func (*PodDisruptionBudgetSpec) Descriptor() ([]byte, []int)

func (*PodDisruptionBudgetSpec) Marshal Uses

func (m *PodDisruptionBudgetSpec) Marshal() (dAtA []byte, err error)

func (*PodDisruptionBudgetSpec) MarshalTo Uses

func (m *PodDisruptionBudgetSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodDisruptionBudgetSpec) MarshalToSizedBuffer Uses

func (m *PodDisruptionBudgetSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodDisruptionBudgetSpec) ProtoMessage Uses

func (*PodDisruptionBudgetSpec) ProtoMessage()

func (*PodDisruptionBudgetSpec) Reset Uses

func (m *PodDisruptionBudgetSpec) Reset()

func (*PodDisruptionBudgetSpec) Size Uses

func (m *PodDisruptionBudgetSpec) Size() (n int)

func (*PodDisruptionBudgetSpec) String Uses

func (this *PodDisruptionBudgetSpec) String() string

func (PodDisruptionBudgetSpec) SwaggerDoc Uses

func (PodDisruptionBudgetSpec) SwaggerDoc() map[string]string

func (*PodDisruptionBudgetSpec) Unmarshal Uses

func (m *PodDisruptionBudgetSpec) Unmarshal(dAtA []byte) error

func (*PodDisruptionBudgetSpec) XXX_DiscardUnknown Uses

func (m *PodDisruptionBudgetSpec) XXX_DiscardUnknown()

func (*PodDisruptionBudgetSpec) XXX_Marshal Uses

func (m *PodDisruptionBudgetSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodDisruptionBudgetSpec) XXX_Merge Uses

func (m *PodDisruptionBudgetSpec) XXX_Merge(src proto.Message)

func (*PodDisruptionBudgetSpec) XXX_Size Uses

func (m *PodDisruptionBudgetSpec) XXX_Size() int

func (*PodDisruptionBudgetSpec) XXX_Unmarshal Uses

func (m *PodDisruptionBudgetSpec) XXX_Unmarshal(b []byte) error

type PodDisruptionBudgetStatus Uses

type PodDisruptionBudgetStatus struct {
    // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other
    // status information is valid only if observedGeneration equals to PDB's object generation.
    // +optional
    ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"`

    // DisruptedPods contains information about pods whose eviction was
    // processed by the API server eviction subresource handler but has not
    // yet been observed by the PodDisruptionBudget controller.
    // A pod will be in this map from the time when the API server processed the
    // eviction request to the time when the pod is seen by PDB controller
    // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod
    // and the value is the time when the API server processed the eviction request. If
    // the deletion didn't occur and a pod is still there it will be removed from
    // the list automatically by PodDisruptionBudget controller after some time.
    // If everything goes smooth this map should be empty for the most of the time.
    // Large number of entries in the map may indicate problems with pod deletions.
    // +optional
    DisruptedPods map[string]metav1.Time `json:"disruptedPods,omitempty" protobuf:"bytes,2,rep,name=disruptedPods"`

    // Number of pod disruptions that are currently allowed.
    DisruptionsAllowed int32 `json:"disruptionsAllowed" protobuf:"varint,3,opt,name=disruptionsAllowed"`

    // current number of healthy pods
    CurrentHealthy int32 `json:"currentHealthy" protobuf:"varint,4,opt,name=currentHealthy"`

    // minimum desired number of healthy pods
    DesiredHealthy int32 `json:"desiredHealthy" protobuf:"varint,5,opt,name=desiredHealthy"`

    // total number of pods counted by this disruption budget
    ExpectedPods int32 `json:"expectedPods" protobuf:"varint,6,opt,name=expectedPods"`
}

PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.

func (*PodDisruptionBudgetStatus) DeepCopy Uses

func (in *PodDisruptionBudgetStatus) DeepCopy() *PodDisruptionBudgetStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetStatus.

func (*PodDisruptionBudgetStatus) DeepCopyInto Uses

func (in *PodDisruptionBudgetStatus) DeepCopyInto(out *PodDisruptionBudgetStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodDisruptionBudgetStatus) Descriptor Uses

func (*PodDisruptionBudgetStatus) Descriptor() ([]byte, []int)

func (*PodDisruptionBudgetStatus) Marshal Uses

func (m *PodDisruptionBudgetStatus) Marshal() (dAtA []byte, err error)

func (*PodDisruptionBudgetStatus) MarshalTo Uses

func (m *PodDisruptionBudgetStatus) MarshalTo(dAtA []byte) (int, error)

func (*PodDisruptionBudgetStatus) MarshalToSizedBuffer Uses

func (m *PodDisruptionBudgetStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodDisruptionBudgetStatus) ProtoMessage Uses

func (*PodDisruptionBudgetStatus) ProtoMessage()

func (*PodDisruptionBudgetStatus) Reset Uses

func (m *PodDisruptionBudgetStatus) Reset()

func (*PodDisruptionBudgetStatus) Size Uses

func (m *PodDisruptionBudgetStatus) Size() (n int)

func (*PodDisruptionBudgetStatus) String Uses

func (this *PodDisruptionBudgetStatus) String() string

func (PodDisruptionBudgetStatus) SwaggerDoc Uses

func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string

func (*PodDisruptionBudgetStatus) Unmarshal Uses

func (m *PodDisruptionBudgetStatus) Unmarshal(dAtA []byte) error

func (*PodDisruptionBudgetStatus) XXX_DiscardUnknown Uses

func (m *PodDisruptionBudgetStatus) XXX_DiscardUnknown()

func (*PodDisruptionBudgetStatus) XXX_Marshal Uses

func (m *PodDisruptionBudgetStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodDisruptionBudgetStatus) XXX_Merge Uses

func (m *PodDisruptionBudgetStatus) XXX_Merge(src proto.Message)

func (*PodDisruptionBudgetStatus) XXX_Size Uses

func (m *PodDisruptionBudgetStatus) XXX_Size() int

func (*PodDisruptionBudgetStatus) XXX_Unmarshal Uses

func (m *PodDisruptionBudgetStatus) XXX_Unmarshal(b []byte) error

type PodSecurityPolicy Uses

type PodSecurityPolicy struct {
    metav1.TypeMeta `json:",inline"`
    // Standard object's metadata.
    // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // spec defines the policy enforced.
    // +optional
    Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}

PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.

func (*PodSecurityPolicy) APILifecycleDeprecated Uses

func (in *PodSecurityPolicy) APILifecycleDeprecated() (major, minor int)

APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.

func (*PodSecurityPolicy) APILifecycleIntroduced Uses

func (in *PodSecurityPolicy) APILifecycleIntroduced() (major, minor int)

APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.

func (*PodSecurityPolicy) APILifecycleRemoved Uses

func (in *PodSecurityPolicy) APILifecycleRemoved() (major, minor int)

APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.

func (*PodSecurityPolicy) DeepCopy Uses

func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy.

func (*PodSecurityPolicy) DeepCopyInto Uses

func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicy) DeepCopyObject Uses

func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicy) Descriptor Uses

func (*PodSecurityPolicy) Descriptor() ([]byte, []int)

func (*PodSecurityPolicy) Marshal Uses

func (m *PodSecurityPolicy) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicy) MarshalTo Uses

func (m *PodSecurityPolicy) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicy) MarshalToSizedBuffer Uses

func (m *PodSecurityPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicy) ProtoMessage Uses

func (*PodSecurityPolicy) ProtoMessage()

func (*PodSecurityPolicy) Reset Uses

func (m *PodSecurityPolicy) Reset()

func (*PodSecurityPolicy) Size Uses

func (m *PodSecurityPolicy) Size() (n int)

func (*PodSecurityPolicy) String Uses

func (this *PodSecurityPolicy) String() string

func (PodSecurityPolicy) SwaggerDoc Uses

func (PodSecurityPolicy) SwaggerDoc() map[string]string

func (*PodSecurityPolicy) Unmarshal Uses

func (m *PodSecurityPolicy) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicy) XXX_DiscardUnknown Uses

func (m *PodSecurityPolicy) XXX_DiscardUnknown()

func (*PodSecurityPolicy) XXX_Marshal Uses

func (m *PodSecurityPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicy) XXX_Merge Uses

func (m *PodSecurityPolicy) XXX_Merge(src proto.Message)

func (*PodSecurityPolicy) XXX_Size Uses

func (m *PodSecurityPolicy) XXX_Size() int

func (*PodSecurityPolicy) XXX_Unmarshal Uses

func (m *PodSecurityPolicy) XXX_Unmarshal(b []byte) error

type PodSecurityPolicyList Uses

type PodSecurityPolicyList struct {
    metav1.TypeMeta `json:",inline"`
    // Standard list metadata.
    // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // items is a list of schema objects.
    Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"`
}

PodSecurityPolicyList is a list of PodSecurityPolicy objects.

func (*PodSecurityPolicyList) APILifecycleDeprecated Uses

func (in *PodSecurityPolicyList) APILifecycleDeprecated() (major, minor int)

APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.

func (*PodSecurityPolicyList) APILifecycleIntroduced Uses

func (in *PodSecurityPolicyList) APILifecycleIntroduced() (major, minor int)

APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.

func (*PodSecurityPolicyList) APILifecycleRemoved Uses

func (in *PodSecurityPolicyList) APILifecycleRemoved() (major, minor int)

APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.

func (*PodSecurityPolicyList) DeepCopy Uses

func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList.

func (*PodSecurityPolicyList) DeepCopyInto Uses

func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyList) DeepCopyObject Uses

func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicyList) Descriptor Uses

func (*PodSecurityPolicyList) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyList) Marshal Uses

func (m *PodSecurityPolicyList) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyList) MarshalTo Uses

func (m *PodSecurityPolicyList) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyList) MarshalToSizedBuffer Uses

func (m *PodSecurityPolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicyList) ProtoMessage Uses

func (*PodSecurityPolicyList) ProtoMessage()

func (*PodSecurityPolicyList) Reset Uses

func (m *PodSecurityPolicyList) Reset()

func (*PodSecurityPolicyList) Size Uses

func (m *PodSecurityPolicyList) Size() (n int)

func (*PodSecurityPolicyList) String Uses

func (this *PodSecurityPolicyList) String() string

func (PodSecurityPolicyList) SwaggerDoc Uses

func (PodSecurityPolicyList) SwaggerDoc() map[string]string

func (*PodSecurityPolicyList) Unmarshal Uses

func (m *PodSecurityPolicyList) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicyList) XXX_DiscardUnknown Uses

func (m *PodSecurityPolicyList) XXX_DiscardUnknown()

func (*PodSecurityPolicyList) XXX_Marshal Uses

func (m *PodSecurityPolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicyList) XXX_Merge Uses

func (m *PodSecurityPolicyList) XXX_Merge(src proto.Message)

func (*PodSecurityPolicyList) XXX_Size Uses

func (m *PodSecurityPolicyList) XXX_Size() int

func (*PodSecurityPolicyList) XXX_Unmarshal Uses

func (m *PodSecurityPolicyList) XXX_Unmarshal(b []byte) error

type PodSecurityPolicySpec Uses

type PodSecurityPolicySpec struct {
    // privileged determines if a pod can request to be run as privileged.
    // +optional
    Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"`
    // defaultAddCapabilities is the default set of capabilities that will be added to the container
    // unless the pod spec specifically drops the capability.  You may not list a capability in both
    // defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
    // allowed, and need not be included in the allowedCapabilities list.
    // +optional
    DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty" protobuf:"bytes,2,rep,name=defaultAddCapabilities,casttype=k8s.io/api/core/v1.Capability"`
    // requiredDropCapabilities are the capabilities that will be dropped from the container.  These
    // are required to be dropped and cannot be added.
    // +optional
    RequiredDropCapabilities []v1.Capability `json:"requiredDropCapabilities,omitempty" protobuf:"bytes,3,rep,name=requiredDropCapabilities,casttype=k8s.io/api/core/v1.Capability"`
    // allowedCapabilities is a list of capabilities that can be requested to add to the container.
    // Capabilities in this field may be added at the pod author's discretion.
    // You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
    // +optional
    AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"`
    // volumes is a white list of allowed volume plugins. Empty indicates that
    // no volumes may be used. To allow all volumes you may use '*'.
    // +optional
    Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"`
    // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    // +optional
    HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,6,opt,name=hostNetwork"`
    // hostPorts determines which host port ranges are allowed to be exposed.
    // +optional
    HostPorts []HostPortRange `json:"hostPorts,omitempty" protobuf:"bytes,7,rep,name=hostPorts"`
    // hostPID determines if the policy allows the use of HostPID in the pod spec.
    // +optional
    HostPID bool `json:"hostPID,omitempty" protobuf:"varint,8,opt,name=hostPID"`
    // hostIPC determines if the policy allows the use of HostIPC in the pod spec.
    // +optional
    HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,9,opt,name=hostIPC"`
    // seLinux is the strategy that will dictate the allowable labels that may be set.
    SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
    // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
    RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
    // RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
    // If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
    // RunAsGroup feature gate to be enabled.
    // +optional
    RunAsGroup *RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,22,opt,name=runAsGroup"`
    // supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
    SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
    // fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
    FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"`
    // readOnlyRootFilesystem when set to true will force containers to run with a read only root file
    // system.  If the container specifically requests to run with a non-read only root file system
    // the PSP should deny the pod.
    // If set to false the container may run with a read only root file system if it wishes but it
    // will not be forced to.
    // +optional
    ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
    // defaultAllowPrivilegeEscalation controls the default setting for whether a
    // process can gain more privileges than its parent process.
    // +optional
    DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
    // allowPrivilegeEscalation determines if a pod can request to allow
    // privilege escalation. If unspecified, defaults to true.
    // +optional
    AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`
    // allowedHostPaths is a white list of allowed host paths. Empty indicates
    // that all host paths may be used.
    // +optional
    AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"`
    // allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all
    // Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
    // is allowed in the "volumes" field.
    // +optional
    AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"`
    // AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
    // An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
    // This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
    // +optional
    AllowedCSIDrivers []AllowedCSIDriver `json:"allowedCSIDrivers,omitempty" protobuf:"bytes,23,rep,name=allowedCSIDrivers"`
    // allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
    // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
    // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
    // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
    //
    // Examples:
    // e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
    // e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
    // +optional
    AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"`
    // forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
    // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
    // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
    //
    // Examples:
    // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
    // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
    // +optional
    ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"`
    // AllowedProcMountTypes is a whitelist of allowed ProcMountTypes.
    // Empty or nil indicates that only the DefaultProcMountType may be used.
    // This requires the ProcMountType feature flag to be enabled.
    // +optional
    AllowedProcMountTypes []v1.ProcMountType `json:"allowedProcMountTypes,omitempty" protobuf:"bytes,21,opt,name=allowedProcMountTypes"`
    // runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
    // If this field is omitted, the pod's runtimeClassName field is unrestricted.
    // Enforcement of this field depends on the RuntimeClass feature gate being enabled.
    // +optional
    RuntimeClass *RuntimeClassStrategyOptions `json:"runtimeClass,omitempty" protobuf:"bytes,24,opt,name=runtimeClass"`
}

PodSecurityPolicySpec defines the policy enforced.

func (*PodSecurityPolicySpec) DeepCopy Uses

func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec.

func (*PodSecurityPolicySpec) DeepCopyInto Uses

func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySpec) Descriptor Uses

func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySpec) Marshal Uses

func (m *PodSecurityPolicySpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySpec) MarshalTo Uses

func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySpec) MarshalToSizedBuffer Uses

func (m *PodSecurityPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PodSecurityPolicySpec) ProtoMessage Uses

func (*PodSecurityPolicySpec) ProtoMessage()

func (*PodSecurityPolicySpec) Reset Uses

func (m *PodSecurityPolicySpec) Reset()

func (*PodSecurityPolicySpec) Size Uses

func (m *PodSecurityPolicySpec) Size() (n int)

func (*PodSecurityPolicySpec) String Uses

func (this *PodSecurityPolicySpec) String() string

func (PodSecurityPolicySpec) SwaggerDoc Uses

func (PodSecurityPolicySpec) SwaggerDoc() map[string]string

func (*PodSecurityPolicySpec) Unmarshal Uses

func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error

func (*PodSecurityPolicySpec) XXX_DiscardUnknown Uses

func (m *PodSecurityPolicySpec) XXX_DiscardUnknown()

func (*PodSecurityPolicySpec) XXX_Marshal Uses

func (m *PodSecurityPolicySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PodSecurityPolicySpec) XXX_Merge Uses

func (m *PodSecurityPolicySpec) XXX_Merge(src proto.Message)

func (*PodSecurityPolicySpec) XXX_Size Uses

func (m *PodSecurityPolicySpec) XXX_Size() int

func (*PodSecurityPolicySpec) XXX_Unmarshal Uses

func (m *PodSecurityPolicySpec) XXX_Unmarshal(b []byte) error

type RunAsGroupStrategy Uses

type RunAsGroupStrategy string

RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a Security Context.

const (
    // RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid.
    // However, when RunAsGroup are specified, they have to fall in the defined range.
    RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs"
    // RunAsGroupStrategyMustRunAs means that container must run as a particular gid.
    RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs"
    // RunAsUserStrategyRunAsAny means that container may make requests for any gid.
    RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny"
)

type RunAsGroupStrategyOptions Uses

type RunAsGroupStrategyOptions struct {
    // rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    Rule RunAsGroupStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsGroupStrategy"`
    // ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
    // then supply a single range with the same start and end. Required for MustRunAs.
    // +optional
    Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.

func (*RunAsGroupStrategyOptions) DeepCopy Uses

func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.

func (*RunAsGroupStrategyOptions) DeepCopyInto Uses

func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RunAsGroupStrategyOptions) Descriptor Uses

func (*RunAsGroupStrategyOptions) Descriptor() ([]byte, []int)

func (*RunAsGroupStrategyOptions) Marshal Uses

func (m *RunAsGroupStrategyOptions) Marshal() (dAtA []byte, err error)

func (*RunAsGroupStrategyOptions) MarshalTo Uses

func (m *RunAsGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*RunAsGroupStrategyOptions) MarshalToSizedBuffer Uses

func (m *RunAsGroupStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RunAsGroupStrategyOptions) ProtoMessage Uses

func (*RunAsGroupStrategyOptions) ProtoMessage()

func (*RunAsGroupStrategyOptions) Reset Uses

func (m *RunAsGroupStrategyOptions) Reset()

func (*RunAsGroupStrategyOptions) Size Uses

func (m *RunAsGroupStrategyOptions) Size() (n int)

func (*RunAsGroupStrategyOptions) String Uses

func (this *RunAsGroupStrategyOptions) String() string

func (RunAsGroupStrategyOptions) SwaggerDoc Uses

func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string

func (*RunAsGroupStrategyOptions) Unmarshal Uses

func (m *RunAsGroupStrategyOptions) Unmarshal(dAtA []byte) error

func (*RunAsGroupStrategyOptions) XXX_DiscardUnknown Uses

func (m *RunAsGroupStrategyOptions) XXX_DiscardUnknown()

func (*RunAsGroupStrategyOptions) XXX_Marshal Uses

func (m *RunAsGroupStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RunAsGroupStrategyOptions) XXX_Merge Uses

func (m *RunAsGroupStrategyOptions) XXX_Merge(src proto.Message)

func (*RunAsGroupStrategyOptions) XXX_Size Uses

func (m *RunAsGroupStrategyOptions) XXX_Size() int

func (*RunAsGroupStrategyOptions) XXX_Unmarshal Uses

func (m *RunAsGroupStrategyOptions) XXX_Unmarshal(b []byte) error

type RunAsUserStrategy Uses

type RunAsUserStrategy string

RunAsUserStrategy denotes strategy types for generating RunAsUser values for a Security Context.

const (
    // RunAsUserStrategyMustRunAs means that container must run as a particular uid.
    RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs"
    // RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid.
    RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot"
    // RunAsUserStrategyRunAsAny means that container may make requests for any uid.
    RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)

type RunAsUserStrategyOptions Uses

type RunAsUserStrategyOptions struct {
    // rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"`
    // ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
    // then supply a single range with the same start and end. Required for MustRunAs.
    // +optional
    Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.

func (*RunAsUserStrategyOptions) DeepCopy Uses

func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.

func (*RunAsUserStrategyOptions) DeepCopyInto Uses

func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RunAsUserStrategyOptions) Descriptor Uses

func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)

func (*RunAsUserStrategyOptions) Marshal Uses

func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)

func (*RunAsUserStrategyOptions) MarshalTo Uses

func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*RunAsUserStrategyOptions) MarshalToSizedBuffer Uses

func (m *RunAsUserStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RunAsUserStrategyOptions) ProtoMessage Uses

func (*RunAsUserStrategyOptions) ProtoMessage()

func (*RunAsUserStrategyOptions) Reset Uses

func (m *RunAsUserStrategyOptions) Reset()

func (*RunAsUserStrategyOptions) Size Uses

func (m *RunAsUserStrategyOptions) Size() (n int)

func (*RunAsUserStrategyOptions) String Uses

func (this *RunAsUserStrategyOptions) String() string

func (RunAsUserStrategyOptions) SwaggerDoc Uses

func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string

func (*RunAsUserStrategyOptions) Unmarshal Uses

func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error

func (*RunAsUserStrategyOptions) XXX_DiscardUnknown Uses

func (m *RunAsUserStrategyOptions) XXX_DiscardUnknown()

func (*RunAsUserStrategyOptions) XXX_Marshal Uses

func (m *RunAsUserStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RunAsUserStrategyOptions) XXX_Merge Uses

func (m *RunAsUserStrategyOptions) XXX_Merge(src proto.Message)

func (*RunAsUserStrategyOptions) XXX_Size Uses

func (m *RunAsUserStrategyOptions) XXX_Size() int

func (*RunAsUserStrategyOptions) XXX_Unmarshal Uses

func (m *RunAsUserStrategyOptions) XXX_Unmarshal(b []byte) error

type RuntimeClassStrategyOptions Uses

type RuntimeClassStrategyOptions struct {
    // allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod.
    // A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the
    // list. An empty list requires the RuntimeClassName field to be unset.
    AllowedRuntimeClassNames []string `json:"allowedRuntimeClassNames" protobuf:"bytes,1,rep,name=allowedRuntimeClassNames"`
    // defaultRuntimeClassName is the default RuntimeClassName to set on the pod.
    // The default MUST be allowed by the allowedRuntimeClassNames list.
    // A value of nil does not mutate the Pod.
    // +optional
    DefaultRuntimeClassName *string `json:"defaultRuntimeClassName,omitempty" protobuf:"bytes,2,opt,name=defaultRuntimeClassName"`
}

RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.

func (*RuntimeClassStrategyOptions) DeepCopy Uses

func (in *RuntimeClassStrategyOptions) DeepCopy() *RuntimeClassStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuntimeClassStrategyOptions.

func (*RuntimeClassStrategyOptions) DeepCopyInto Uses

func (in *RuntimeClassStrategyOptions) DeepCopyInto(out *RuntimeClassStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RuntimeClassStrategyOptions) Descriptor Uses

func (*RuntimeClassStrategyOptions) Descriptor() ([]byte, []int)

func (*RuntimeClassStrategyOptions) Marshal Uses

func (m *RuntimeClassStrategyOptions) Marshal() (dAtA []byte, err error)

func (*RuntimeClassStrategyOptions) MarshalTo Uses

func (m *RuntimeClassStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*RuntimeClassStrategyOptions) MarshalToSizedBuffer Uses

func (m *RuntimeClassStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RuntimeClassStrategyOptions) ProtoMessage Uses

func (*RuntimeClassStrategyOptions) ProtoMessage()

func (*RuntimeClassStrategyOptions) Reset Uses

func (m *RuntimeClassStrategyOptions) Reset()

func (*RuntimeClassStrategyOptions) Size Uses

func (m *RuntimeClassStrategyOptions) Size() (n int)

func (*RuntimeClassStrategyOptions) String Uses

func (this *RuntimeClassStrategyOptions) String() string

func (RuntimeClassStrategyOptions) SwaggerDoc Uses

func (RuntimeClassStrategyOptions) SwaggerDoc() map[string]string

func (*RuntimeClassStrategyOptions) Unmarshal Uses

func (m *RuntimeClassStrategyOptions) Unmarshal(dAtA []byte) error

func (*RuntimeClassStrategyOptions) XXX_DiscardUnknown Uses

func (m *RuntimeClassStrategyOptions) XXX_DiscardUnknown()

func (*RuntimeClassStrategyOptions) XXX_Marshal Uses

func (m *RuntimeClassStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RuntimeClassStrategyOptions) XXX_Merge Uses

func (m *RuntimeClassStrategyOptions) XXX_Merge(src proto.Message)

func (*RuntimeClassStrategyOptions) XXX_Size Uses

func (m *RuntimeClassStrategyOptions) XXX_Size() int

func (*RuntimeClassStrategyOptions) XXX_Unmarshal Uses

func (m *RuntimeClassStrategyOptions) XXX_Unmarshal(b []byte) error

type SELinuxStrategy Uses

type SELinuxStrategy string

SELinuxStrategy denotes strategy types for generating SELinux options for a Security Context.

const (
    // SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied.
    SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs"
    // SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels.
    SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny"
)

type SELinuxStrategyOptions Uses

type SELinuxStrategyOptions struct {
    // rule is the strategy that will dictate the allowable labels that may be set.
    Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"`
    // seLinuxOptions required to run as; required for MustRunAs
    // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    // +optional
    SELinuxOptions *v1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"`
}

SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.

func (*SELinuxStrategyOptions) DeepCopy Uses

func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions.

func (*SELinuxStrategyOptions) DeepCopyInto Uses

func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SELinuxStrategyOptions) Descriptor Uses

func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int)

func (*SELinuxStrategyOptions) Marshal Uses

func (m *SELinuxStrategyOptions) Marshal() (dAtA []byte, err error)

func (*SELinuxStrategyOptions) MarshalTo Uses

func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*SELinuxStrategyOptions) MarshalToSizedBuffer Uses

func (m *SELinuxStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SELinuxStrategyOptions) ProtoMessage Uses

func (*SELinuxStrategyOptions) ProtoMessage()

func (*SELinuxStrategyOptions) Reset Uses

func (m *SELinuxStrategyOptions) Reset()

func (*SELinuxStrategyOptions) Size Uses

func (m *SELinuxStrategyOptions) Size() (n int)

func (*SELinuxStrategyOptions) String Uses

func (this *SELinuxStrategyOptions) String() string

func (SELinuxStrategyOptions) SwaggerDoc Uses

func (SELinuxStrategyOptions) SwaggerDoc() map[string]string

func (*SELinuxStrategyOptions) Unmarshal Uses

func (m *SELinuxStrategyOptions) Unmarshal(dAtA []byte) error

func (*SELinuxStrategyOptions) XXX_DiscardUnknown Uses

func (m *SELinuxStrategyOptions) XXX_DiscardUnknown()

func (*SELinuxStrategyOptions) XXX_Marshal Uses

func (m *SELinuxStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SELinuxStrategyOptions) XXX_Merge Uses

func (m *SELinuxStrategyOptions) XXX_Merge(src proto.Message)

func (*SELinuxStrategyOptions) XXX_Size Uses

func (m *SELinuxStrategyOptions) XXX_Size() int

func (*SELinuxStrategyOptions) XXX_Unmarshal Uses

func (m *SELinuxStrategyOptions) XXX_Unmarshal(b []byte) error

type SupplementalGroupsStrategyOptions Uses

type SupplementalGroupsStrategyOptions struct {
    // rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    // +optional
    Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"`
    // ranges are the allowed ranges of supplemental groups.  If you would like to force a single
    // supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    // +optional
    Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.

func (*SupplementalGroupsStrategyOptions) DeepCopy Uses

func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.

func (*SupplementalGroupsStrategyOptions) DeepCopyInto Uses

func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SupplementalGroupsStrategyOptions) Descriptor Uses

func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)

func (*SupplementalGroupsStrategyOptions) Marshal Uses

func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)

func (*SupplementalGroupsStrategyOptions) MarshalTo Uses

func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*SupplementalGroupsStrategyOptions) MarshalToSizedBuffer Uses

func (m *SupplementalGroupsStrategyOptions) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SupplementalGroupsStrategyOptions) ProtoMessage Uses

func (*SupplementalGroupsStrategyOptions) ProtoMessage()

func (*SupplementalGroupsStrategyOptions) Reset Uses

func (m *SupplementalGroupsStrategyOptions) Reset()

func (*SupplementalGroupsStrategyOptions) Size Uses

func (m *SupplementalGroupsStrategyOptions) Size() (n int)

func (*SupplementalGroupsStrategyOptions) String Uses

func (this *SupplementalGroupsStrategyOptions) String() string

func (SupplementalGroupsStrategyOptions) SwaggerDoc Uses

func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string

func (*SupplementalGroupsStrategyOptions) Unmarshal Uses

func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error

func (*SupplementalGroupsStrategyOptions) XXX_DiscardUnknown Uses

func (m *SupplementalGroupsStrategyOptions) XXX_DiscardUnknown()

func (*SupplementalGroupsStrategyOptions) XXX_Marshal Uses

func (m *SupplementalGroupsStrategyOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SupplementalGroupsStrategyOptions) XXX_Merge Uses

func (m *SupplementalGroupsStrategyOptions) XXX_Merge(src proto.Message)

func (*SupplementalGroupsStrategyOptions) XXX_Size Uses

func (m *SupplementalGroupsStrategyOptions) XXX_Size() int

func (*SupplementalGroupsStrategyOptions) XXX_Unmarshal Uses

func (m *SupplementalGroupsStrategyOptions) XXX_Unmarshal(b []byte) error

type SupplementalGroupsStrategyType Uses

type SupplementalGroupsStrategyType string

SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental groups for a SecurityContext.

const (
    // SupplementalGroupsStrategyMayRunAs means that container does not need to run with a particular gid.
    // However, when gids are specified, they have to fall in the defined range.
    SupplementalGroupsStrategyMayRunAs SupplementalGroupsStrategyType = "MayRunAs"
    // SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid.
    SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
    // SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid.
    SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
)

Package v1beta1 imports 13 packages (graph) and is imported by 941 packages. Updated 2020-05-06. Refresh now. Tools for package owners.