v1alpha1

package
v1.73.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type IDRange added in v1.48.0 

type IDRange struct {
	Min int `json:"min"`
	Max int `json:"max"`
}

type ImageReference added in v1.66.1 

type ImageReference struct {
	PublicKeys []string `json:"publicKeys"`
	CA         string   `json:"ca,omitempty"`
	Reference  string   `json:"reference"`
	DockerCfg  string   `json:"dockerCfg,omitempty"`
}

type NamespaceSelector 

type NamespaceSelector struct {
	MatchNames   []string `json:"matchNames,omitempty"`
	ExcludeNames []string `json:"excludeNames,omitempty"`

	LabelSelector metav1.LabelSelector `json:"labelSelector,omitempty"`
}

type OperationPolicy 

type OperationPolicy struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the behavior of a node group.
	Spec OperationPolicySpec `json:"spec"`

	Status PolicyStatus `json:"status,omitempty"`
}

type OperationPolicySpec 

type OperationPolicySpec struct {
	EnforcementAction string `json:"enforcementAction"`
	Policies          struct {
		AllowedRepos      []string `json:"allowedRepos,omitempty"`
		RequiredResources struct {
			Limits   []string `json:"limits,omitempty"`
			Requests []string `json:"requests,omitempty"`
		} `json:"requiredResources,omitempty"`
		DisallowedImageTags   []string     `json:"disallowedImageTags,omitempty"`
		DisallowedTolerations []Toleration `json:"disallowedTolerations,omitempty"`
		RequiredProbes        []string     `json:"requiredProbes,omitempty"`
		RequiredLabels        struct {
			Labels []struct {
				Key          string `json:"key,omitempty"`
				AllowedRegex string `json:"allowedRegex,omitempty"`
			} `json:"labels,omitempty"`
			WatchKinds []string `json:"watchKinds,omitempty"`
		} `json:"requiredLabels,omitempty"`
		RequiredAnnotations struct {
			Annotations []struct {
				Key          string `json:"key,omitempty"`
				AllowedRegex string `json:"allowedRegex,omitempty"`
			} `json:"annotations,omitempty"`
			WatchKinds []string `json:"watchKinds,omitempty"`
		} `json:"requiredAnnotations,omitempty"`
		MaxRevisionHistoryLimit   *int     `json:"maxRevisionHistoryLimit,omitempty"`
		ImagePullPolicy           string   `json:"imagePullPolicy,omitempty"`
		PriorityClassNames        []string `json:"priorityClassNames,omitempty"`
		IngressClassNames         []string `json:"ingressClassNames,omitempty"`
		StorageClassNames         []string `json:"storageClassNames,omitempty"`
		CheckHostNetworkDNSPolicy bool     `json:"checkHostNetworkDNSPolicy,omitempty"`
		CheckContainerDuplicates  bool     `json:"checkContainerDuplicates,omitempty"`
		ReplicaLimits             struct {
			MinReplicas int `json:"minReplicas,omitempty"`
			MaxReplicas int `json:"maxReplicas,omitempty"`
		} `json:"replicaLimits,omitempty"`
	} `json:"policies"`
	Match struct {
		NamespaceSelector NamespaceSelector    `json:"namespaceSelector,omitempty"`
		LabelSelector     metav1.LabelSelector `json:"labelSelector,omitempty"`
	} `json:"match"`
}

type PolicyStatus added in v1.48.0 

type PolicyStatus struct {
}

type SecurityPolicy added in v1.48.0 

type SecurityPolicy struct {
	metav1.TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the behavior of a node group.
	Spec SecurityPolicySpec `json:"spec"`

	Status PolicyStatus `json:"status,omitempty"`
}

type SecurityPolicySpec added in v1.48.0 

type SecurityPolicySpec struct {
	EnforcementAction string `json:"enforcementAction"`
	Policies          struct {
		AllowedHostPaths []struct {
			PathPrefix string `json:"pathPrefix"`
			ReadOnly   bool   `json:"readOnly"`
		} `json:"allowedHostPaths,omitempty"`
		AllowHostIPC             *bool     `json:"allowHostIPC,omitempty"`
		AllowHostPID             *bool     `json:"allowHostPID,omitempty"`
		AllowPrivileged          *bool     `json:"allowPrivileged,omitempty"`
		AllowPrivilegeEscalation *bool     `json:"allowPrivilegeEscalation,omitempty"`
		AllowRbacWildcards       *bool     `json:"allowRbacWildcards,omitempty"`
		AllowedProcMount         string    `json:"allowedProcMount,omitempty"`
		AllowedCapabilities      []string  `json:"allowedCapabilities,omitempty"`
		AllowedAppArmor          []string  `json:"allowedAppArmor,omitempty"`
		RequiredDropCapabilities []string  `json:"requiredDropCapabilities,omitempty"`
		AllowHostNetwork         *bool     `json:"allowHostNetwork,omitempty"`
		AllowedHostPorts         []IDRange `json:"allowedHostPorts,omitempty"`
		AllowedFlexVolumes       []struct {
			Driver string `json:"driver"`
		} `json:"allowedFlexVolumes,omitempty"`
		AllowedVolumes               []string           `json:"allowedVolumes,omitempty"`
		AllowedServiceTypes          []string           `json:"allowedServiceTypes,omitempty"`
		BlockWildcardDomains         bool               `json:"blockWildcardDomains,omitempty"`
		ReadOnlyRootFilesystem       bool               `json:"readOnlyRootFilesystem,omitempty"`
		AutomountServiceAccountToken *bool              `json:"automountServiceAccountToken,omitempty"`
		AllowedClusterRoles          []string           `json:"allowedClusterRoles,omitempty"`
		FsGroup                      *SelectUIDStrategy `json:"fsGroup,omitempty"`
		RunAsUser                    *SelectUIDStrategy `json:"runAsUser,omitempty"`
		RunAsGroup                   *SelectUIDStrategy `json:"runAsGroup,omitempty"`
		SupplementalGroups           *SelectUIDStrategy `json:"supplementalGroups,omitempty"`
		AllowedUnsafeSysctls         []string           `json:"allowedUnsafeSysctls,omitempty"`
		ForbiddenSysctls             []string           `json:"forbiddenSysctls,omitempty"`
		SeccompProfiles              struct {
			AllowedProfiles       []string `json:"allowedProfiles,omitempty"`
			AllowedLocalhostFiles []string `json:"allowedLocalhostFiles,omitempty"`
		} `json:"seccompProfiles,omitempty"`
		SeLinux []struct {
			Level string `json:"level,omitempty"`
			Role  string `json:"role,omitempty"`
			Type  string `json:"type,omitempty"`
			User  string `json:"user,omitempty"`
		} `json:"seLinux,omitempty"`
		VerifyImageSignatures []ImageReference `json:"verifyImageSignatures,omitempty"`
	} `json:"policies"`
	Match struct {
		NamespaceSelector NamespaceSelector    `json:"namespaceSelector,omitempty"`
		LabelSelector     metav1.LabelSelector `json:"labelSelector,omitempty"`
	} `json:"match"`
}

type SelectUIDStrategy added in v1.48.0 

type SelectUIDStrategy struct {
	Ranges []IDRange `json:"ranges,omitempty"`
	Rule   string    `json:"rule,omitempty"`
}

type Toleration added in v1.73.0 

type Toleration struct {
	Key      string `json:"key,omitempty"`
	Operator string `json:"operator,omitempty"`
	Value    string `json:"value,omitempty"`
	Effect   string `json:"effect,omitempty"`
}

Toleration represents a Kubernetes toleration pattern for disallowed tolerations. Only key/operator/value/effect are used for matching.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.