openshift: kmodules.xyz/openshift/apis/security/v1 Index | Files

package v1

import "kmodules.xyz/openshift/apis/security/v1"

+groupName=security.openshift.io Package v1 is the v1 version of the API.

Package v1 is a generated protocol buffer package.

It is generated from these files:
	kmodules.xyz/openshift/apis/security/v1/generated.proto

It has these top-level messages:
	AllowedFlexVolume
	FSGroupStrategyOptions
	IDRange
	PodSecurityPolicyReview
	PodSecurityPolicyReviewSpec
	PodSecurityPolicyReviewStatus
	PodSecurityPolicySelfSubjectReview
	PodSecurityPolicySelfSubjectReviewSpec
	PodSecurityPolicySubjectReview
	PodSecurityPolicySubjectReviewSpec
	PodSecurityPolicySubjectReviewStatus
	RangeAllocation
	RangeAllocationList
	RunAsUserStrategyOptions
	SELinuxContextStrategyOptions
	SecurityContextConstraints
	SecurityContextConstraintsList
	ServiceAccountPodSecurityPolicyReviewStatus
	SupplementalGroupsStrategyOptions

Index

Package Files

doc.go generated.pb.go legacy.go register.go types.go types_swagger_doc_generated.go zz_generated.deepcopy.go

Constants

const (
    // container must have SELinux labels of X applied.
    SELinuxStrategyMustRunAs SELinuxContextStrategyType = "MustRunAs"
    // container may make requests for any SELinux context labels.
    SELinuxStrategyRunAsAny SELinuxContextStrategyType = "RunAsAny"

    // container must run as a particular uid.
    RunAsUserStrategyMustRunAs RunAsUserStrategyType = "MustRunAs"
    // container must run as a particular uid.
    RunAsUserStrategyMustRunAsRange RunAsUserStrategyType = "MustRunAsRange"
    // container must run as a non-root uid
    RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategyType = "MustRunAsNonRoot"
    // container may make requests for any uid.
    RunAsUserStrategyRunAsAny RunAsUserStrategyType = "RunAsAny"

    // container must have FSGroup of X applied.
    FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
    // container may make requests for any FSGroup labels.
    FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"

    // container must run as a particular gid.
    SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
    // container may make requests for any gid.
    SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
)

Variables

var (
    ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
    ErrIntOverflowGenerated   = fmt.Errorf("proto: integer overflow")
)
var (
    GroupName    = "security.openshift.io"
    GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}

    // Install is a function which adds this version to a scheme
    Install = schemeBuilder.AddToScheme

    // SchemeGroupVersion generated code relies on this name
    // Deprecated
    SchemeGroupVersion = GroupVersion
    // AddToScheme exists solely to keep the old generators creating valid code
    // DEPRECATED
    AddToScheme = schemeBuilder.AddToScheme
)
var AllowAllCapabilities corev1.Capability = "*"

AllowAllCapabilities can be used as a value for the SecurityContextConstraints.AllowAllCapabilities field and means that any capabilities are allowed to be requested.

var (
    DeprecatedInstallWithoutGroup = legacySchemeBuilder.AddToScheme
)

func Resource Uses

func Resource(resource string) schema.GroupResource

Resource generated code relies on this being here, but it logically belongs to the group DEPRECATED

type AllowedFlexVolume Uses

type AllowedFlexVolume struct {
    // Driver is the name of the Flexvolume driver.
    Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
}

AllowedFlexVolume represents a single Flexvolume that is allowed to be used.

func (*AllowedFlexVolume) DeepCopy Uses

func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.

func (*AllowedFlexVolume) DeepCopyInto Uses

func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AllowedFlexVolume) Descriptor Uses

func (*AllowedFlexVolume) Descriptor() ([]byte, []int)

func (*AllowedFlexVolume) Marshal Uses

func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)

func (*AllowedFlexVolume) MarshalTo Uses

func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)

func (*AllowedFlexVolume) ProtoMessage Uses

func (*AllowedFlexVolume) ProtoMessage()

func (*AllowedFlexVolume) Reset Uses

func (m *AllowedFlexVolume) Reset()

func (*AllowedFlexVolume) Size Uses

func (m *AllowedFlexVolume) Size() (n int)

func (*AllowedFlexVolume) String Uses

func (this *AllowedFlexVolume) String() string

func (AllowedFlexVolume) SwaggerDoc Uses

func (AllowedFlexVolume) SwaggerDoc() map[string]string

func (*AllowedFlexVolume) Unmarshal Uses

func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error

type FSGroupStrategyOptions Uses

type FSGroupStrategyOptions struct {
    // Type is the strategy that will dictate what FSGroup is used in the SecurityContext.
    Type FSGroupStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=FSGroupStrategyType"`
    // Ranges are the allowed ranges of fs groups.  If you would like to force a single
    // fs group then supply a single range with the same start and end.
    Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

FSGroupStrategyOptions defines the strategy type and options used to create the strategy.

func (*FSGroupStrategyOptions) DeepCopy Uses

func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.

func (*FSGroupStrategyOptions) DeepCopyInto Uses

func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FSGroupStrategyOptions) Descriptor Uses

func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)

func (*FSGroupStrategyOptions) Marshal Uses

func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)

func (*FSGroupStrategyOptions) MarshalTo Uses

func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*FSGroupStrategyOptions) ProtoMessage Uses

func (*FSGroupStrategyOptions) ProtoMessage()

func (*FSGroupStrategyOptions) Reset Uses

func (m *FSGroupStrategyOptions) Reset()

func (*FSGroupStrategyOptions) Size Uses

func (m *FSGroupStrategyOptions) Size() (n int)

func (*FSGroupStrategyOptions) String Uses

func (this *FSGroupStrategyOptions) String() string

func (FSGroupStrategyOptions) SwaggerDoc Uses

func (FSGroupStrategyOptions) SwaggerDoc() map[string]string

func (*FSGroupStrategyOptions) Unmarshal Uses

func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error

type FSGroupStrategyType Uses

type FSGroupStrategyType string

FSGroupStrategyType denotes strategy types for generating FSGroup values for a SecurityContext

type FSType Uses

type FSType string

FS Type gives strong typing to different file systems that are used by volumes.

var (
    FSTypeAzureFile             FSType = "azureFile"
    FSTypeAzureDisk             FSType = "azureDisk"
    FSTypeFlocker               FSType = "flocker"
    FSTypeFlexVolume            FSType = "flexVolume"
    FSTypeHostPath              FSType = "hostPath"
    FSTypeEmptyDir              FSType = "emptyDir"
    FSTypeGCEPersistentDisk     FSType = "gcePersistentDisk"
    FSTypeAWSElasticBlockStore  FSType = "awsElasticBlockStore"
    FSTypeGitRepo               FSType = "gitRepo"
    FSTypeSecret                FSType = "secret"
    FSTypeNFS                   FSType = "nfs"
    FSTypeISCSI                 FSType = "iscsi"
    FSTypeGlusterfs             FSType = "glusterfs"
    FSTypePersistentVolumeClaim FSType = "persistentVolumeClaim"
    FSTypeRBD                   FSType = "rbd"
    FSTypeCinder                FSType = "cinder"
    FSTypeCephFS                FSType = "cephFS"
    FSTypeDownwardAPI           FSType = "downwardAPI"
    FSTypeFC                    FSType = "fc"
    FSTypeConfigMap             FSType = "configMap"
    FSTypeVsphereVolume         FSType = "vsphere"
    FSTypeQuobyte               FSType = "quobyte"
    FSTypePhotonPersistentDisk  FSType = "photonPersistentDisk"
    FSProjected                 FSType = "projected"
    FSPortworxVolume            FSType = "portworxVolume"
    FSScaleIO                   FSType = "scaleIO"
    FSStorageOS                 FSType = "storageOS"
    FSTypeAll                   FSType = "*"
    FSTypeNone                  FSType = "none"
)

type IDRange Uses

type IDRange struct {
    // Min is the start of the range, inclusive.
    Min int64 `json:"min,omitempty" protobuf:"varint,1,opt,name=min"`
    // Max is the end of the range, inclusive.
    Max int64 `json:"max,omitempty" protobuf:"varint,2,opt,name=max"`
}

IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.

func (*IDRange) DeepCopy Uses

func (in *IDRange) DeepCopy() *IDRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.

func (*IDRange) DeepCopyInto Uses

func (in *IDRange) DeepCopyInto(out *IDRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IDRange) Descriptor Uses

func (*IDRange) Descriptor() ([]byte, []int)

func (*IDRange) Marshal Uses

func (m *IDRange) Marshal() (dAtA []byte, err error)

func (*IDRange) MarshalTo Uses

func (m *IDRange) MarshalTo(dAtA []byte) (int, error)

func (*IDRange) ProtoMessage Uses

func (*IDRange) ProtoMessage()

func (*IDRange) Reset Uses

func (m *IDRange) Reset()

func (*IDRange) Size Uses

func (m *IDRange) Size() (n int)

func (*IDRange) String Uses

func (this *IDRange) String() string

func (IDRange) SwaggerDoc Uses

func (IDRange) SwaggerDoc() map[string]string

func (*IDRange) Unmarshal Uses

func (m *IDRange) Unmarshal(dAtA []byte) error

type PodSecurityPolicyReview Uses

type PodSecurityPolicyReview struct {
    metav1.TypeMeta `json:",inline"`

    // spec is the PodSecurityPolicy to check.
    Spec PodSecurityPolicyReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"`

    // status represents the current information/status for the PodSecurityPolicyReview.
    Status PodSecurityPolicyReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
}

PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.

func (*PodSecurityPolicyReview) DeepCopy Uses

func (in *PodSecurityPolicyReview) DeepCopy() *PodSecurityPolicyReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReview.

func (*PodSecurityPolicyReview) DeepCopyInto Uses

func (in *PodSecurityPolicyReview) DeepCopyInto(out *PodSecurityPolicyReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyReview) DeepCopyObject Uses

func (in *PodSecurityPolicyReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicyReview) Descriptor Uses

func (*PodSecurityPolicyReview) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyReview) Marshal Uses

func (m *PodSecurityPolicyReview) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyReview) MarshalTo Uses

func (m *PodSecurityPolicyReview) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyReview) ProtoMessage Uses

func (*PodSecurityPolicyReview) ProtoMessage()

func (*PodSecurityPolicyReview) Reset Uses

func (m *PodSecurityPolicyReview) Reset()

func (*PodSecurityPolicyReview) Size Uses

func (m *PodSecurityPolicyReview) Size() (n int)

func (*PodSecurityPolicyReview) String Uses

func (this *PodSecurityPolicyReview) String() string

func (PodSecurityPolicyReview) SwaggerDoc Uses

func (PodSecurityPolicyReview) SwaggerDoc() map[string]string

func (*PodSecurityPolicyReview) Unmarshal Uses

func (m *PodSecurityPolicyReview) Unmarshal(dAtA []byte) error

type PodSecurityPolicyReviewSpec Uses

type PodSecurityPolicyReviewSpec struct {
    // template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used
    // if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty,
    // in which case "default" is used.
    // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.
    Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"`

    // serviceAccountNames is an optional set of ServiceAccounts to run the check with.
    // If serviceAccountNames is empty, the template.spec.serviceAccountName is used,
    // unless it's empty, in which case "default" is used instead.
    // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.
    ServiceAccountNames []string `json:"serviceAccountNames,omitempty" protobuf:"bytes,2,rep,name=serviceAccountNames"` // TODO: find a way to express 'all service accounts'
}

PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview

func (*PodSecurityPolicyReviewSpec) DeepCopy Uses

func (in *PodSecurityPolicyReviewSpec) DeepCopy() *PodSecurityPolicyReviewSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReviewSpec.

func (*PodSecurityPolicyReviewSpec) DeepCopyInto Uses

func (in *PodSecurityPolicyReviewSpec) DeepCopyInto(out *PodSecurityPolicyReviewSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyReviewSpec) Descriptor Uses

func (*PodSecurityPolicyReviewSpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyReviewSpec) Marshal Uses

func (m *PodSecurityPolicyReviewSpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyReviewSpec) MarshalTo Uses

func (m *PodSecurityPolicyReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyReviewSpec) ProtoMessage Uses

func (*PodSecurityPolicyReviewSpec) ProtoMessage()

func (*PodSecurityPolicyReviewSpec) Reset Uses

func (m *PodSecurityPolicyReviewSpec) Reset()

func (*PodSecurityPolicyReviewSpec) Size Uses

func (m *PodSecurityPolicyReviewSpec) Size() (n int)

func (*PodSecurityPolicyReviewSpec) String Uses

func (this *PodSecurityPolicyReviewSpec) String() string

func (PodSecurityPolicyReviewSpec) SwaggerDoc Uses

func (PodSecurityPolicyReviewSpec) SwaggerDoc() map[string]string

func (*PodSecurityPolicyReviewSpec) Unmarshal Uses

func (m *PodSecurityPolicyReviewSpec) Unmarshal(dAtA []byte) error

type PodSecurityPolicyReviewStatus Uses

type PodSecurityPolicyReviewStatus struct {
    // allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.
    AllowedServiceAccounts []ServiceAccountPodSecurityPolicyReviewStatus `json:"allowedServiceAccounts" protobuf:"bytes,1,rep,name=allowedServiceAccounts"`
}

PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.

func (*PodSecurityPolicyReviewStatus) DeepCopy Uses

func (in *PodSecurityPolicyReviewStatus) DeepCopy() *PodSecurityPolicyReviewStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyReviewStatus.

func (*PodSecurityPolicyReviewStatus) DeepCopyInto Uses

func (in *PodSecurityPolicyReviewStatus) DeepCopyInto(out *PodSecurityPolicyReviewStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicyReviewStatus) Descriptor Uses

func (*PodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)

func (*PodSecurityPolicyReviewStatus) Marshal Uses

func (m *PodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicyReviewStatus) MarshalTo Uses

func (m *PodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicyReviewStatus) ProtoMessage Uses

func (*PodSecurityPolicyReviewStatus) ProtoMessage()

func (*PodSecurityPolicyReviewStatus) Reset Uses

func (m *PodSecurityPolicyReviewStatus) Reset()

func (*PodSecurityPolicyReviewStatus) Size Uses

func (m *PodSecurityPolicyReviewStatus) Size() (n int)

func (*PodSecurityPolicyReviewStatus) String Uses

func (this *PodSecurityPolicyReviewStatus) String() string

func (PodSecurityPolicyReviewStatus) SwaggerDoc Uses

func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string

func (*PodSecurityPolicyReviewStatus) Unmarshal Uses

func (m *PodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error

type PodSecurityPolicySelfSubjectReview Uses

type PodSecurityPolicySelfSubjectReview struct {
    metav1.TypeMeta `json:",inline"`

    // spec defines specification the PodSecurityPolicySelfSubjectReview.
    Spec PodSecurityPolicySelfSubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"`

    // status represents the current information/status for the PodSecurityPolicySelfSubjectReview.
    Status PodSecurityPolicySubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
}

PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec

func (*PodSecurityPolicySelfSubjectReview) DeepCopy Uses

func (in *PodSecurityPolicySelfSubjectReview) DeepCopy() *PodSecurityPolicySelfSubjectReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySelfSubjectReview.

func (*PodSecurityPolicySelfSubjectReview) DeepCopyInto Uses

func (in *PodSecurityPolicySelfSubjectReview) DeepCopyInto(out *PodSecurityPolicySelfSubjectReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySelfSubjectReview) DeepCopyObject Uses

func (in *PodSecurityPolicySelfSubjectReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicySelfSubjectReview) Descriptor Uses

func (*PodSecurityPolicySelfSubjectReview) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySelfSubjectReview) Marshal Uses

func (m *PodSecurityPolicySelfSubjectReview) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySelfSubjectReview) MarshalTo Uses

func (m *PodSecurityPolicySelfSubjectReview) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySelfSubjectReview) ProtoMessage Uses

func (*PodSecurityPolicySelfSubjectReview) ProtoMessage()

func (*PodSecurityPolicySelfSubjectReview) Reset Uses

func (m *PodSecurityPolicySelfSubjectReview) Reset()

func (*PodSecurityPolicySelfSubjectReview) Size Uses

func (m *PodSecurityPolicySelfSubjectReview) Size() (n int)

func (*PodSecurityPolicySelfSubjectReview) String Uses

func (this *PodSecurityPolicySelfSubjectReview) String() string

func (PodSecurityPolicySelfSubjectReview) SwaggerDoc Uses

func (PodSecurityPolicySelfSubjectReview) SwaggerDoc() map[string]string

func (*PodSecurityPolicySelfSubjectReview) Unmarshal Uses

func (m *PodSecurityPolicySelfSubjectReview) Unmarshal(dAtA []byte) error

type PodSecurityPolicySelfSubjectReviewSpec Uses

type PodSecurityPolicySelfSubjectReviewSpec struct {
    // template is the PodTemplateSpec to check.
    Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"`
}

PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.

func (*PodSecurityPolicySelfSubjectReviewSpec) DeepCopy Uses

func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopy() *PodSecurityPolicySelfSubjectReviewSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySelfSubjectReviewSpec.

func (*PodSecurityPolicySelfSubjectReviewSpec) DeepCopyInto Uses

func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopyInto(out *PodSecurityPolicySelfSubjectReviewSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor Uses

func (*PodSecurityPolicySelfSubjectReviewSpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySelfSubjectReviewSpec) Marshal Uses

func (m *PodSecurityPolicySelfSubjectReviewSpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySelfSubjectReviewSpec) MarshalTo Uses

func (m *PodSecurityPolicySelfSubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySelfSubjectReviewSpec) ProtoMessage Uses

func (*PodSecurityPolicySelfSubjectReviewSpec) ProtoMessage()

func (*PodSecurityPolicySelfSubjectReviewSpec) Reset Uses

func (m *PodSecurityPolicySelfSubjectReviewSpec) Reset()

func (*PodSecurityPolicySelfSubjectReviewSpec) Size Uses

func (m *PodSecurityPolicySelfSubjectReviewSpec) Size() (n int)

func (*PodSecurityPolicySelfSubjectReviewSpec) String Uses

func (this *PodSecurityPolicySelfSubjectReviewSpec) String() string

func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc Uses

func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc() map[string]string

func (*PodSecurityPolicySelfSubjectReviewSpec) Unmarshal Uses

func (m *PodSecurityPolicySelfSubjectReviewSpec) Unmarshal(dAtA []byte) error

type PodSecurityPolicySubjectReview Uses

type PodSecurityPolicySubjectReview struct {
    metav1.TypeMeta `json:",inline"`

    // spec defines specification for the PodSecurityPolicySubjectReview.
    Spec PodSecurityPolicySubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"`

    // status represents the current information/status for the PodSecurityPolicySubjectReview.
    Status PodSecurityPolicySubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
}

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.

func (*PodSecurityPolicySubjectReview) DeepCopy Uses

func (in *PodSecurityPolicySubjectReview) DeepCopy() *PodSecurityPolicySubjectReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReview.

func (*PodSecurityPolicySubjectReview) DeepCopyInto Uses

func (in *PodSecurityPolicySubjectReview) DeepCopyInto(out *PodSecurityPolicySubjectReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySubjectReview) DeepCopyObject Uses

func (in *PodSecurityPolicySubjectReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PodSecurityPolicySubjectReview) Descriptor Uses

func (*PodSecurityPolicySubjectReview) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySubjectReview) Marshal Uses

func (m *PodSecurityPolicySubjectReview) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySubjectReview) MarshalTo Uses

func (m *PodSecurityPolicySubjectReview) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReview) ProtoMessage Uses

func (*PodSecurityPolicySubjectReview) ProtoMessage()

func (*PodSecurityPolicySubjectReview) Reset Uses

func (m *PodSecurityPolicySubjectReview) Reset()

func (*PodSecurityPolicySubjectReview) Size Uses

func (m *PodSecurityPolicySubjectReview) Size() (n int)

func (*PodSecurityPolicySubjectReview) String Uses

func (this *PodSecurityPolicySubjectReview) String() string

func (PodSecurityPolicySubjectReview) SwaggerDoc Uses

func (PodSecurityPolicySubjectReview) SwaggerDoc() map[string]string

func (*PodSecurityPolicySubjectReview) Unmarshal Uses

func (m *PodSecurityPolicySubjectReview) Unmarshal(dAtA []byte) error

type PodSecurityPolicySubjectReviewSpec Uses

type PodSecurityPolicySubjectReviewSpec struct {
    // template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted.
    // If its non-empty, it will be checked.
    Template corev1.PodTemplateSpec `json:"template" protobuf:"bytes,1,opt,name=template"`

    // user is the user you're testing for.
    // If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups.
    // If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.
    User string `json:"user,omitempty" protobuf:"bytes,2,opt,name=user"`

    // groups is the groups you're testing for.
    Groups []string `json:"groups,omitempty" protobuf:"bytes,3,rep,name=groups"`
}

PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview

func (*PodSecurityPolicySubjectReviewSpec) DeepCopy Uses

func (in *PodSecurityPolicySubjectReviewSpec) DeepCopy() *PodSecurityPolicySubjectReviewSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReviewSpec.

func (*PodSecurityPolicySubjectReviewSpec) DeepCopyInto Uses

func (in *PodSecurityPolicySubjectReviewSpec) DeepCopyInto(out *PodSecurityPolicySubjectReviewSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySubjectReviewSpec) Descriptor Uses

func (*PodSecurityPolicySubjectReviewSpec) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySubjectReviewSpec) Marshal Uses

func (m *PodSecurityPolicySubjectReviewSpec) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySubjectReviewSpec) MarshalTo Uses

func (m *PodSecurityPolicySubjectReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage Uses

func (*PodSecurityPolicySubjectReviewSpec) ProtoMessage()

func (*PodSecurityPolicySubjectReviewSpec) Reset Uses

func (m *PodSecurityPolicySubjectReviewSpec) Reset()

func (*PodSecurityPolicySubjectReviewSpec) Size Uses

func (m *PodSecurityPolicySubjectReviewSpec) Size() (n int)

func (*PodSecurityPolicySubjectReviewSpec) String Uses

func (this *PodSecurityPolicySubjectReviewSpec) String() string

func (PodSecurityPolicySubjectReviewSpec) SwaggerDoc Uses

func (PodSecurityPolicySubjectReviewSpec) SwaggerDoc() map[string]string

func (*PodSecurityPolicySubjectReviewSpec) Unmarshal Uses

func (m *PodSecurityPolicySubjectReviewSpec) Unmarshal(dAtA []byte) error

type PodSecurityPolicySubjectReviewStatus Uses

type PodSecurityPolicySubjectReviewStatus struct {
    // allowedBy is a reference to the rule that allows the PodTemplateSpec.
    // A rule can be a SecurityContextConstraint or a PodSecurityPolicy
    // A `nil`, indicates that it was denied.
    AllowedBy *corev1.ObjectReference `json:"allowedBy,omitempty" protobuf:"bytes,1,opt,name=allowedBy"`

    // A machine-readable description of why this operation is in the
    // "Failure" status. If this value is empty there
    // is no information available.
    Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`

    // template is the PodTemplateSpec after the defaulting is applied.
    Template corev1.PodTemplateSpec `json:"template,omitempty" protobuf:"bytes,3,opt,name=template"`
}

PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.

func (*PodSecurityPolicySubjectReviewStatus) DeepCopy Uses

func (in *PodSecurityPolicySubjectReviewStatus) DeepCopy() *PodSecurityPolicySubjectReviewStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySubjectReviewStatus.

func (*PodSecurityPolicySubjectReviewStatus) DeepCopyInto Uses

func (in *PodSecurityPolicySubjectReviewStatus) DeepCopyInto(out *PodSecurityPolicySubjectReviewStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PodSecurityPolicySubjectReviewStatus) Descriptor Uses

func (*PodSecurityPolicySubjectReviewStatus) Descriptor() ([]byte, []int)

func (*PodSecurityPolicySubjectReviewStatus) Marshal Uses

func (m *PodSecurityPolicySubjectReviewStatus) Marshal() (dAtA []byte, err error)

func (*PodSecurityPolicySubjectReviewStatus) MarshalTo Uses

func (m *PodSecurityPolicySubjectReviewStatus) MarshalTo(dAtA []byte) (int, error)

func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage Uses

func (*PodSecurityPolicySubjectReviewStatus) ProtoMessage()

func (*PodSecurityPolicySubjectReviewStatus) Reset Uses

func (m *PodSecurityPolicySubjectReviewStatus) Reset()

func (*PodSecurityPolicySubjectReviewStatus) Size Uses

func (m *PodSecurityPolicySubjectReviewStatus) Size() (n int)

func (*PodSecurityPolicySubjectReviewStatus) String Uses

func (this *PodSecurityPolicySubjectReviewStatus) String() string

func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc Uses

func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc() map[string]string

func (*PodSecurityPolicySubjectReviewStatus) Unmarshal Uses

func (m *PodSecurityPolicySubjectReviewStatus) Unmarshal(dAtA []byte) error

type RangeAllocation Uses

type RangeAllocation struct {
    metav1.TypeMeta `json:",inline"`
    // Standard object's metadata.
    // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000".
    Range string `json:"range" protobuf:"bytes,2,opt,name=range"`

    // data is a byte array representing the serialized state of a range allocation.  It is a bitmap
    // with each bit set to one to represent a range is taken.
    Data []byte `json:"data" protobuf:"bytes,3,opt,name=data"`
}

RangeAllocation is used so we can easily expose a RangeAllocation typed for security group

func (*RangeAllocation) DeepCopy Uses

func (in *RangeAllocation) DeepCopy() *RangeAllocation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocation.

func (*RangeAllocation) DeepCopyInto Uses

func (in *RangeAllocation) DeepCopyInto(out *RangeAllocation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RangeAllocation) DeepCopyObject Uses

func (in *RangeAllocation) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RangeAllocation) Descriptor Uses

func (*RangeAllocation) Descriptor() ([]byte, []int)

func (*RangeAllocation) Marshal Uses

func (m *RangeAllocation) Marshal() (dAtA []byte, err error)

func (*RangeAllocation) MarshalTo Uses

func (m *RangeAllocation) MarshalTo(dAtA []byte) (int, error)

func (*RangeAllocation) ProtoMessage Uses

func (*RangeAllocation) ProtoMessage()

func (*RangeAllocation) Reset Uses

func (m *RangeAllocation) Reset()

func (*RangeAllocation) Size Uses

func (m *RangeAllocation) Size() (n int)

func (*RangeAllocation) String Uses

func (this *RangeAllocation) String() string

func (RangeAllocation) SwaggerDoc Uses

func (RangeAllocation) SwaggerDoc() map[string]string

func (*RangeAllocation) Unmarshal Uses

func (m *RangeAllocation) Unmarshal(dAtA []byte) error

type RangeAllocationList Uses

type RangeAllocationList struct {
    metav1.TypeMeta `json:",inline"`

    // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // List of RangeAllocations.
    Items []RangeAllocation `json:"items" protobuf:"bytes,2,rep,name=items"`
}

RangeAllocationList is a list of RangeAllocations objects

func (*RangeAllocationList) DeepCopy Uses

func (in *RangeAllocationList) DeepCopy() *RangeAllocationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RangeAllocationList.

func (*RangeAllocationList) DeepCopyInto Uses

func (in *RangeAllocationList) DeepCopyInto(out *RangeAllocationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RangeAllocationList) DeepCopyObject Uses

func (in *RangeAllocationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RangeAllocationList) Descriptor Uses

func (*RangeAllocationList) Descriptor() ([]byte, []int)

func (*RangeAllocationList) Marshal Uses

func (m *RangeAllocationList) Marshal() (dAtA []byte, err error)

func (*RangeAllocationList) MarshalTo Uses

func (m *RangeAllocationList) MarshalTo(dAtA []byte) (int, error)

func (*RangeAllocationList) ProtoMessage Uses

func (*RangeAllocationList) ProtoMessage()

func (*RangeAllocationList) Reset Uses

func (m *RangeAllocationList) Reset()

func (*RangeAllocationList) Size Uses

func (m *RangeAllocationList) Size() (n int)

func (*RangeAllocationList) String Uses

func (this *RangeAllocationList) String() string

func (RangeAllocationList) SwaggerDoc Uses

func (RangeAllocationList) SwaggerDoc() map[string]string

func (*RangeAllocationList) Unmarshal Uses

func (m *RangeAllocationList) Unmarshal(dAtA []byte) error

type RunAsUserStrategyOptions Uses

type RunAsUserStrategyOptions struct {
    // Type is the strategy that will dictate what RunAsUser is used in the SecurityContext.
    Type RunAsUserStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=RunAsUserStrategyType"`
    // UID is the user id that containers must run as.  Required for the MustRunAs strategy if not using
    // namespace/service account allocated uids.
    UID *int64 `json:"uid,omitempty" protobuf:"varint,2,opt,name=uid"`
    // UIDRangeMin defines the min value for a strategy that allocates by range.
    UIDRangeMin *int64 `json:"uidRangeMin,omitempty" protobuf:"varint,3,opt,name=uidRangeMin"`
    // UIDRangeMax defines the max value for a strategy that allocates by range.
    UIDRangeMax *int64 `json:"uidRangeMax,omitempty" protobuf:"varint,4,opt,name=uidRangeMax"`
}

RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.

func (*RunAsUserStrategyOptions) DeepCopy Uses

func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.

func (*RunAsUserStrategyOptions) DeepCopyInto Uses

func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RunAsUserStrategyOptions) Descriptor Uses

func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)

func (*RunAsUserStrategyOptions) Marshal Uses

func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)

func (*RunAsUserStrategyOptions) MarshalTo Uses

func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*RunAsUserStrategyOptions) ProtoMessage Uses

func (*RunAsUserStrategyOptions) ProtoMessage()

func (*RunAsUserStrategyOptions) Reset Uses

func (m *RunAsUserStrategyOptions) Reset()

func (*RunAsUserStrategyOptions) Size Uses

func (m *RunAsUserStrategyOptions) Size() (n int)

func (*RunAsUserStrategyOptions) String Uses

func (this *RunAsUserStrategyOptions) String() string

func (RunAsUserStrategyOptions) SwaggerDoc Uses

func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string

func (*RunAsUserStrategyOptions) Unmarshal Uses

func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error

type RunAsUserStrategyType Uses

type RunAsUserStrategyType string

RunAsUserStrategyType denotes strategy types for generating RunAsUser values for a SecurityContext

type SELinuxContextStrategyOptions Uses

type SELinuxContextStrategyOptions struct {
    // Type is the strategy that will dictate what SELinux context is used in the SecurityContext.
    Type SELinuxContextStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SELinuxContextStrategyType"`
    // seLinuxOptions required to run as; required for MustRunAs
    SELinuxOptions *corev1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"`
}

SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.

func (*SELinuxContextStrategyOptions) DeepCopy Uses

func (in *SELinuxContextStrategyOptions) DeepCopy() *SELinuxContextStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxContextStrategyOptions.

func (*SELinuxContextStrategyOptions) DeepCopyInto Uses

func (in *SELinuxContextStrategyOptions) DeepCopyInto(out *SELinuxContextStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SELinuxContextStrategyOptions) Descriptor Uses

func (*SELinuxContextStrategyOptions) Descriptor() ([]byte, []int)

func (*SELinuxContextStrategyOptions) Marshal Uses

func (m *SELinuxContextStrategyOptions) Marshal() (dAtA []byte, err error)

func (*SELinuxContextStrategyOptions) MarshalTo Uses

func (m *SELinuxContextStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*SELinuxContextStrategyOptions) ProtoMessage Uses

func (*SELinuxContextStrategyOptions) ProtoMessage()

func (*SELinuxContextStrategyOptions) Reset Uses

func (m *SELinuxContextStrategyOptions) Reset()

func (*SELinuxContextStrategyOptions) Size Uses

func (m *SELinuxContextStrategyOptions) Size() (n int)

func (*SELinuxContextStrategyOptions) String Uses

func (this *SELinuxContextStrategyOptions) String() string

func (SELinuxContextStrategyOptions) SwaggerDoc Uses

func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string

func (*SELinuxContextStrategyOptions) Unmarshal Uses

func (m *SELinuxContextStrategyOptions) Unmarshal(dAtA []byte) error

type SELinuxContextStrategyType Uses

type SELinuxContextStrategyType string

SELinuxContextStrategyType denotes strategy types for generating SELinux options for a SecurityContext

type SecurityContextConstraints Uses

type SecurityContextConstraints struct {
    metav1.TypeMeta `json:",inline"`
    // Standard object's metadata.
    // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // Priority influences the sort order of SCCs when evaluating which SCCs to try first for
    // a given pod request based on access in the Users and Groups fields.  The higher the int, the
    // higher priority. An unset value is considered a 0 priority. If scores
    // for multiple SCCs are equal they will be sorted from most restrictive to
    // least restrictive. If both priorities and restrictions are equal the
    // SCCs will be sorted by name.
    Priority *int32 `json:"priority" protobuf:"varint,2,opt,name=priority"`

    // AllowPrivilegedContainer determines if a container can request to be run as privileged.
    AllowPrivilegedContainer bool `json:"allowPrivilegedContainer" protobuf:"varint,3,opt,name=allowPrivilegedContainer"`
    // DefaultAddCapabilities is the default set of capabilities that will be added to the container
    // unless the pod spec specifically drops the capability.  You may not list a capabiility in both
    // DefaultAddCapabilities and RequiredDropCapabilities.
    DefaultAddCapabilities []corev1.Capability `json:"defaultAddCapabilities" protobuf:"bytes,4,rep,name=defaultAddCapabilities,casttype=Capability"`
    // RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
    // are required to be dropped and cannot be added.
    RequiredDropCapabilities []corev1.Capability `json:"requiredDropCapabilities" protobuf:"bytes,5,rep,name=requiredDropCapabilities,casttype=Capability"`
    // AllowedCapabilities is a list of capabilities that can be requested to add to the container.
    // Capabilities in this field maybe added at the pod author's discretion.
    // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
    // To allow all capabilities you may use '*'.
    AllowedCapabilities []corev1.Capability `json:"allowedCapabilities" protobuf:"bytes,6,rep,name=allowedCapabilities,casttype=Capability"`
    // AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin
    // +k8s:conversion-gen=false
    AllowHostDirVolumePlugin bool `json:"allowHostDirVolumePlugin" protobuf:"varint,7,opt,name=allowHostDirVolumePlugin"`
    // Volumes is a white list of allowed volume plugins.  FSType corresponds directly with the field names
    // of a VolumeSource (azureFile, configMap, emptyDir).  To allow all volumes you may use "*".
    // To allow no volumes, set to ["none"].
    Volumes []FSType `json:"volumes" protobuf:"bytes,8,rep,name=volumes,casttype=FSType"`
    // AllowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all
    // Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
    // is allowed in the "Volumes" field.
    // +optional
    AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,21,rep,name=allowedFlexVolumes"`
    // AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    AllowHostNetwork bool `json:"allowHostNetwork" protobuf:"varint,9,opt,name=allowHostNetwork"`
    // AllowHostPorts determines if the policy allows host ports in the containers.
    AllowHostPorts bool `json:"allowHostPorts" protobuf:"varint,10,opt,name=allowHostPorts"`
    // AllowHostPID determines if the policy allows host pid in the containers.
    AllowHostPID bool `json:"allowHostPID" protobuf:"varint,11,opt,name=allowHostPID"`
    // AllowHostIPC determines if the policy allows host ipc in the containers.
    AllowHostIPC bool `json:"allowHostIPC" protobuf:"varint,12,opt,name=allowHostIPC"`
    // DefaultAllowPrivilegeEscalation controls the default setting for whether a
    // process can gain more privileges than its parent process.
    // +optional
    DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,22,rep,name=defaultAllowPrivilegeEscalation"`
    // AllowPrivilegeEscalation determines if a pod can request to allow
    // privilege escalation. If unspecified, defaults to true.
    // +optional
    AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,23,rep,name=allowPrivilegeEscalation"`
    // SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.
    SELinuxContext SELinuxContextStrategyOptions `json:"seLinuxContext,omitempty" protobuf:"bytes,13,opt,name=seLinuxContext"`
    // RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.
    RunAsUser RunAsUserStrategyOptions `json:"runAsUser,omitempty" protobuf:"bytes,14,opt,name=runAsUser"`
    // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
    SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups,omitempty" protobuf:"bytes,15,opt,name=supplementalGroups"`
    // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
    FSGroup FSGroupStrategyOptions `json:"fsGroup,omitempty" protobuf:"bytes,16,opt,name=fsGroup"`
    // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
    // system.  If the container specifically requests to run with a non-read only root file system
    // the SCC should deny the pod.
    // If set to false the container may run with a read only root file system if it wishes but it
    // will not be forced to.
    ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem" protobuf:"varint,17,opt,name=readOnlyRootFilesystem"`

    // The users who have permissions to use this security context constraints
    // +optional
    Users []string `json:"users" protobuf:"bytes,18,rep,name=users"`
    // The groups that have permission to use this security context constraints
    // +optional
    Groups []string `json:"groups" protobuf:"bytes,19,rep,name=groups"`

    // SeccompProfiles lists the allowed profiles that may be set for the pod or
    // container's seccomp annotations.  An unset (nil) or empty value means that no profiles may
    // be specifid by the pod or container.	The wildcard '*' may be used to allow all profiles.  When
    // used to generate a value for a pod the first non-wildcard profile will be used as
    // the default.
    SeccompProfiles []string `json:"seccompProfiles,omitempty" protobuf:"bytes,20,opt,name=seccompProfiles"`

    // AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
    // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
    // as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
    // Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
    //
    // Examples:
    // e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
    // e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
    // +optional
    AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,24,rep,name=allowedUnsafeSysctls"`
    // ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
    // Each entry is either a plain sysctl name or ends in "*" in which case it is considered
    // as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
    //
    // Examples:
    // e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
    // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
    // +optional
    ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,25,rep,name=forbiddenSysctls"`
}

SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.

func (*SecurityContextConstraints) DeepCopy Uses

func (in *SecurityContextConstraints) DeepCopy() *SecurityContextConstraints

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContextConstraints.

func (*SecurityContextConstraints) DeepCopyInto Uses

func (in *SecurityContextConstraints) DeepCopyInto(out *SecurityContextConstraints)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityContextConstraints) DeepCopyObject Uses

func (in *SecurityContextConstraints) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecurityContextConstraints) Descriptor Uses

func (*SecurityContextConstraints) Descriptor() ([]byte, []int)

func (*SecurityContextConstraints) Marshal Uses

func (m *SecurityContextConstraints) Marshal() (dAtA []byte, err error)

func (*SecurityContextConstraints) MarshalTo Uses

func (m *SecurityContextConstraints) MarshalTo(dAtA []byte) (int, error)

func (*SecurityContextConstraints) ProtoMessage Uses

func (*SecurityContextConstraints) ProtoMessage()

func (*SecurityContextConstraints) Reset Uses

func (m *SecurityContextConstraints) Reset()

func (*SecurityContextConstraints) Size Uses

func (m *SecurityContextConstraints) Size() (n int)

func (*SecurityContextConstraints) String Uses

func (this *SecurityContextConstraints) String() string

func (SecurityContextConstraints) SwaggerDoc Uses

func (SecurityContextConstraints) SwaggerDoc() map[string]string

func (*SecurityContextConstraints) Unmarshal Uses

func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error

type SecurityContextConstraintsList Uses

type SecurityContextConstraintsList struct {
    metav1.TypeMeta `json:",inline"`

    // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // List of security context constraints.
    Items []SecurityContextConstraints `json:"items" protobuf:"bytes,2,rep,name=items"`
}

SecurityContextConstraintsList is a list of SecurityContextConstraints objects

func (*SecurityContextConstraintsList) DeepCopy Uses

func (in *SecurityContextConstraintsList) DeepCopy() *SecurityContextConstraintsList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityContextConstraintsList.

func (*SecurityContextConstraintsList) DeepCopyInto Uses

func (in *SecurityContextConstraintsList) DeepCopyInto(out *SecurityContextConstraintsList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityContextConstraintsList) DeepCopyObject Uses

func (in *SecurityContextConstraintsList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecurityContextConstraintsList) Descriptor Uses

func (*SecurityContextConstraintsList) Descriptor() ([]byte, []int)

func (*SecurityContextConstraintsList) Marshal Uses

func (m *SecurityContextConstraintsList) Marshal() (dAtA []byte, err error)

func (*SecurityContextConstraintsList) MarshalTo Uses

func (m *SecurityContextConstraintsList) MarshalTo(dAtA []byte) (int, error)

func (*SecurityContextConstraintsList) ProtoMessage Uses

func (*SecurityContextConstraintsList) ProtoMessage()

func (*SecurityContextConstraintsList) Reset Uses

func (m *SecurityContextConstraintsList) Reset()

func (*SecurityContextConstraintsList) Size Uses

func (m *SecurityContextConstraintsList) Size() (n int)

func (*SecurityContextConstraintsList) String Uses

func (this *SecurityContextConstraintsList) String() string

func (SecurityContextConstraintsList) SwaggerDoc Uses

func (SecurityContextConstraintsList) SwaggerDoc() map[string]string

func (*SecurityContextConstraintsList) Unmarshal Uses

func (m *SecurityContextConstraintsList) Unmarshal(dAtA []byte) error

type ServiceAccountPodSecurityPolicyReviewStatus Uses

type ServiceAccountPodSecurityPolicyReviewStatus struct {
    PodSecurityPolicySubjectReviewStatus `json:",inline" protobuf:"bytes,1,opt,name=podSecurityPolicySubjectReviewStatus"`

    // name contains the allowed and the denied ServiceAccount name
    Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
}

ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status

func (*ServiceAccountPodSecurityPolicyReviewStatus) DeepCopy Uses

func (in *ServiceAccountPodSecurityPolicyReviewStatus) DeepCopy() *ServiceAccountPodSecurityPolicyReviewStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPodSecurityPolicyReviewStatus.

func (*ServiceAccountPodSecurityPolicyReviewStatus) DeepCopyInto Uses

func (in *ServiceAccountPodSecurityPolicyReviewStatus) DeepCopyInto(out *ServiceAccountPodSecurityPolicyReviewStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountPodSecurityPolicyReviewStatus) Descriptor Uses

func (*ServiceAccountPodSecurityPolicyReviewStatus) Descriptor() ([]byte, []int)

func (*ServiceAccountPodSecurityPolicyReviewStatus) Marshal Uses

func (m *ServiceAccountPodSecurityPolicyReviewStatus) Marshal() (dAtA []byte, err error)

func (*ServiceAccountPodSecurityPolicyReviewStatus) MarshalTo Uses

func (m *ServiceAccountPodSecurityPolicyReviewStatus) MarshalTo(dAtA []byte) (int, error)

func (*ServiceAccountPodSecurityPolicyReviewStatus) ProtoMessage Uses

func (*ServiceAccountPodSecurityPolicyReviewStatus) ProtoMessage()

func (*ServiceAccountPodSecurityPolicyReviewStatus) Reset Uses

func (m *ServiceAccountPodSecurityPolicyReviewStatus) Reset()

func (*ServiceAccountPodSecurityPolicyReviewStatus) Size Uses

func (m *ServiceAccountPodSecurityPolicyReviewStatus) Size() (n int)

func (*ServiceAccountPodSecurityPolicyReviewStatus) String Uses

func (this *ServiceAccountPodSecurityPolicyReviewStatus) String() string

func (ServiceAccountPodSecurityPolicyReviewStatus) SwaggerDoc Uses

func (ServiceAccountPodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string

func (*ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal Uses

func (m *ServiceAccountPodSecurityPolicyReviewStatus) Unmarshal(dAtA []byte) error

type SupplementalGroupsStrategyOptions Uses

type SupplementalGroupsStrategyOptions struct {
    // Type is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    Type SupplementalGroupsStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SupplementalGroupsStrategyType"`
    // Ranges are the allowed ranges of supplemental groups.  If you would like to force a single
    // supplemental group then supply a single range with the same start and end.
    Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}

SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.

func (*SupplementalGroupsStrategyOptions) DeepCopy Uses

func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.

func (*SupplementalGroupsStrategyOptions) DeepCopyInto Uses

func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SupplementalGroupsStrategyOptions) Descriptor Uses

func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)

func (*SupplementalGroupsStrategyOptions) Marshal Uses

func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)

func (*SupplementalGroupsStrategyOptions) MarshalTo Uses

func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)

func (*SupplementalGroupsStrategyOptions) ProtoMessage Uses

func (*SupplementalGroupsStrategyOptions) ProtoMessage()

func (*SupplementalGroupsStrategyOptions) Reset Uses

func (m *SupplementalGroupsStrategyOptions) Reset()

func (*SupplementalGroupsStrategyOptions) Size Uses

func (m *SupplementalGroupsStrategyOptions) Size() (n int)

func (*SupplementalGroupsStrategyOptions) String Uses

func (this *SupplementalGroupsStrategyOptions) String() string

func (SupplementalGroupsStrategyOptions) SwaggerDoc Uses

func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string

func (*SupplementalGroupsStrategyOptions) Unmarshal Uses

func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error

type SupplementalGroupsStrategyType Uses

type SupplementalGroupsStrategyType string

SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental groups for a SecurityContext.

Package v1 imports 10 packages (graph) and is imported by 10 packages. Updated 2020-09-25. Refresh now. Tools for package owners.