"description":"RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"description":"RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.",
"required":[
"rule"
],
"properties":{
"ranges":{
"description":"ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
"description":"RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"required":[
...
...
@@ -88893,6 +88916,10 @@
"type":"string"
}
},
"runAsGroup":{
"description":"RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"description":"RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.",
"required":[
"rule"
],
"properties":{
"ranges":{
"description":"ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
"description":"runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set."
},
"runAsGroup":{
"$ref":"v1beta1.RunAsGroupStrategyOptions",
"description":"RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled."
"description":"supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
...
...
@@ -10946,6 +10950,26 @@
}
}
},
"v1beta1.RunAsGroupStrategyOptions":{
"id":"v1beta1.RunAsGroupStrategyOptions",
"description":"RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.",
"required":[
"rule"
],
"properties":{
"rule":{
"type":"string",
"description":"rule is the strategy that will dictate the allowable RunAsGroup values that may be set."
},
"ranges":{
"type":"array",
"items":{
"$ref":"v1beta1.IDRange"
},
"description":"ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.SupplementalGroupsStrategyOptions":{
"id":"v1beta1.SupplementalGroupsStrategyOptions",
"description":"SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.",
"description":"runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set."
},
"runAsGroup":{
"$ref":"v1beta1.RunAsGroupStrategyOptions",
"description":"RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled."
"description":"supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
...
...
@@ -2742,6 +2746,26 @@
}
}
},
"v1beta1.RunAsGroupStrategyOptions":{
"id":"v1beta1.RunAsGroupStrategyOptions",
"description":"RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.",
"required":[
"rule"
],
"properties":{
"rule":{
"type":"string",
"description":"rule is the strategy that will dictate the allowable RunAsGroup values that may be set."
},
"ranges":{
"type":"array",
"items":{
"$ref":"v1beta1.IDRange"
},
"description":"ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.SupplementalGroupsStrategyOptions":{
"id":"v1beta1.SupplementalGroupsStrategyOptions",
"description":"SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
<p>RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.</p>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">rule is the strategy that will dictate the allowable RunAsGroup values that may be set.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.</p></td>
<p>A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.</p>
...
...
@@ -8195,6 +8236,13 @@ If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Po
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod’s RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">rule is the strategy that will dictate the allowable RunAsGroup values that may be set.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.</p></td>
<p>ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.</p>
...
...
@@ -1442,6 +1483,13 @@ Examples: <code>/foo</code> would allow <code>/foo</code>, <code>/foo/</code> an
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod’s RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.</p></td>
<tdclass="tableblock halign-left valign-top"><pclass="tableblock">supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.</p></td>
@@ -472,6 +472,7 @@ var map_PodSecurityPolicySpec = map[string]string{
"hostIPC":"hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux":"seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser":"runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"runAsGroup":"RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"supplementalGroups":"supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup":"fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem":"readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"":"RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.",
"rule":"rule is the strategy that will dictate the allowable RunAsGroup values that may be set.",
"ranges":"ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
"":"RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"rule":"rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
@@ -162,6 +162,7 @@ var map_PodSecurityPolicySpec = map[string]string{
"hostIPC":"hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux":"seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser":"runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"runAsGroup":"RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"supplementalGroups":"supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup":"fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem":"readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"":"RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.",
"rule":"rule is the strategy that will dictate the allowable RunAsGroup values that may be set.",
"ranges":"ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",