rancher2.PodSecurityPolicyTemplate
Explore with Pulumi AI
Provides a Rancher v2 PodSecurityPolicyTemplate resource. This can be used to create PodSecurityPolicyTemplates for Rancher v2 environments and retrieve their information.
Example Usage
# Create a new rancher2 PodSecurityPolicyTemplate
resource "rancher2_pod_security_policy_template" "foo" {
name = "foo"
description = "Terraform PodSecurityPolicyTemplate acceptance test - update"
allow_privilege_escalation = false
allowed_csi_driver {
name = "something"
}
allowed_csi_driver {
name = "something-else"
}
allowed_flex_volume {
driver = "something"
}
allowed_flex_volume {
driver = "something-else"
}
allowed_host_path {
path_prefix = "/"
read_only = true
}
allowed_host_path {
path_prefix = "//"
read_only = false
}
allowed_proc_mount_types = ["Default"]
default_allow_privilege_escalation = false
fs_group {
rule = "MustRunAs"
range {
min = 0
max = 100
}
range {
min = 0
max = 100
}
}
host_ipc = false
host_network = false
host_pid = false
host_port {
min = 0
max = 65535
}
host_port {
min = 1024
max = 8080
}
privileged = false
read_only_root_filesystem = false
required_drop_capabilities = ["something"]
run_as_user {
rule = "MustRunAs"
range {
min = 1
max = 100
}
range {
min = 2
max = 1024
}
}
run_as_group {
rule = "MustRunAs"
range {
min = 1
max = 100
}
range {
min = 2
max = 1024
}
}
runtime_class {
default_runtime_class_name = "something"
allowed_runtime_class_names = ["something"]
}
se_linux {
rule = "RunAsAny"
}
supplemental_group {
rule = "RunAsAny"
}
volumes = ["azureFile"]
}
Create PodSecurityPolicyTemplate Resource
new PodSecurityPolicyTemplate(name: string, args?: PodSecurityPolicyTemplateArgs, opts?: CustomResourceOptions);
@overload
def PodSecurityPolicyTemplate(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_privilege_escalation: Optional[bool] = None,
allowed_capabilities: Optional[Sequence[str]] = None,
allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
allowed_proc_mount_types: Optional[Sequence[str]] = None,
allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, Any]] = None,
default_add_capabilities: Optional[Sequence[str]] = None,
default_allow_privilege_escalation: Optional[bool] = None,
description: Optional[str] = None,
forbidden_sysctls: Optional[Sequence[str]] = None,
fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
host_ipc: Optional[bool] = None,
host_network: Optional[bool] = None,
host_pid: Optional[bool] = None,
host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
privileged: Optional[bool] = None,
read_only_root_filesystem: Optional[bool] = None,
required_drop_capabilities: Optional[Sequence[str]] = None,
run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
volumes: Optional[Sequence[str]] = None)
@overload
def PodSecurityPolicyTemplate(resource_name: str,
args: Optional[PodSecurityPolicyTemplateArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewPodSecurityPolicyTemplate(ctx *Context, name string, args *PodSecurityPolicyTemplateArgs, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
public PodSecurityPolicyTemplate(string name, PodSecurityPolicyTemplateArgs? args = null, CustomResourceOptions? opts = null)
public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args)
public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args, CustomResourceOptions options)
type: rancher2:PodSecurityPolicyTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PodSecurityPolicyTemplateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
PodSecurityPolicyTemplate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PodSecurityPolicyTemplate resource accepts the following input properties:
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities List<string> - (list)
- Allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- Allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- Allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- Allowed
Proc List<string>Mount Types - (list)
- Allowed
Unsafe List<string>Sysctls - (list)
- Annotations Dictionary<string, object>
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add List<string>Capabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls List<string> - (list)
- Fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports List<PodSecurity Policy Template Host Port> - (list)
- Labels Dictionary<string, object>
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop List<string>Capabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- Volumes List<string>
- (list)
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities []string - (list)
- Allowed
Csi []PodDrivers Security Policy Template Allowed Csi Driver Args - (list)
- Allowed
Flex []PodVolumes Security Policy Template Allowed Flex Volume Args - (list)
- Allowed
Host []PodPaths Security Policy Template Allowed Host Path Args - (list)
- Allowed
Proc []stringMount Types - (list)
- Allowed
Unsafe []stringSysctls - (list)
- Annotations map[string]interface{}
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add []stringCapabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls []string - (list)
- Fs
Group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports []PodSecurity Policy Template Host Port Args - (list)
- Labels map[string]interface{}
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop []stringCapabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group Args - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User Args - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- Volumes []string
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<String,Object>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<PodSecurity Policy Template Host Port> - (list)
- labels Map<String,Object>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes List<String>
- (list)
- allow
Privilege booleanEscalation - = (Optional)
- allowed
Capabilities string[] - (list)
- allowed
Csi PodDrivers Security Policy Template Allowed Csi Driver[] - (list)
- allowed
Flex PodVolumes Security Policy Template Allowed Flex Volume[] - (list)
- allowed
Host PodPaths Security Policy Template Allowed Host Path[] - (list)
- allowed
Proc string[]Mount Types - (list)
- allowed
Unsafe string[]Sysctls - (list)
- annotations {[key: string]: any}
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add string[]Capabilities - (list)
- default
Allow booleanPrivilege Escalation - (list)
- description string
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls string[] - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc boolean - (bool)
- host
Network boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid boolean - (bool)
- host
Ports PodSecurity Policy Template Host Port[] - (list)
- labels {[key: string]: any}
- Labels for PodSecurityPolicyTemplate object (map)
- name string
- The name of the PodSecurityPolicyTemplate (string)
- privileged boolean
- (bool)
- read
Only booleanRoot Filesystem - (bool)
- required
Drop string[]Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes string[]
- (list)
- allow_
privilege_ boolescalation - = (Optional)
- allowed_
capabilities Sequence[str] - (list)
- allowed_
csi_ Sequence[Poddrivers Security Policy Template Allowed Csi Driver Args] - (list)
- allowed_
flex_ Sequence[Podvolumes Security Policy Template Allowed Flex Volume Args] - (list)
- allowed_
host_ Sequence[Podpaths Security Policy Template Allowed Host Path Args] - (list)
- allowed_
proc_ Sequence[str]mount_ types - (list)
- allowed_
unsafe_ Sequence[str]sysctls - (list)
- annotations Mapping[str, Any]
- Annotations for PodSecurityPolicyTemplate object (map)
- default_
add_ Sequence[str]capabilities - (list)
- default_
allow_ boolprivilege_ escalation - (list)
- description str
- The PodSecurityPolicyTemplate description (string)
- forbidden_
sysctls Sequence[str] - (list)
- fs_
group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- host_
ipc bool - (bool)
- host_
network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host_
pid bool - (bool)
- host_
ports Sequence[PodSecurity Policy Template Host Port Args] - (list)
- labels Mapping[str, Any]
- Labels for PodSecurityPolicyTemplate object (map)
- name str
- The name of the PodSecurityPolicyTemplate (string)
- privileged bool
- (bool)
- read_
only_ boolroot_ filesystem - (bool)
- required_
drop_ Sequence[str]capabilities - (list)
- run_
as_ Podgroup Security Policy Template Run As Group Args - (list maxitems:1)
- run_
as_ Poduser Security Policy Template Run As User Args - (list maxitems:1)
- runtime_
class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- se_
linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- supplemental_
group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- volumes Sequence[str]
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<Property Map>Drivers - (list)
- allowed
Flex List<Property Map>Volumes - (list)
- allowed
Host List<Property Map>Paths - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<Any>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group Property Map - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<Property Map> - (list)
- labels Map<Any>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As Property MapGroup - (list maxitems:1)
- run
As Property MapUser - (list maxitems:1)
- runtime
Class Property Map - (list maxitems:1)
- se
Linux Property Map - (list maxitems:1)
- supplemental
Group Property Map - (list maxitems:1)
- volumes List<String>
- (list)
Outputs
All input properties are implicitly available as output properties. Additionally, the PodSecurityPolicyTemplate resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PodSecurityPolicyTemplate Resource
Get an existing PodSecurityPolicyTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PodSecurityPolicyTemplateState, opts?: CustomResourceOptions): PodSecurityPolicyTemplate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_privilege_escalation: Optional[bool] = None,
allowed_capabilities: Optional[Sequence[str]] = None,
allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
allowed_proc_mount_types: Optional[Sequence[str]] = None,
allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
annotations: Optional[Mapping[str, Any]] = None,
default_add_capabilities: Optional[Sequence[str]] = None,
default_allow_privilege_escalation: Optional[bool] = None,
description: Optional[str] = None,
forbidden_sysctls: Optional[Sequence[str]] = None,
fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
host_ipc: Optional[bool] = None,
host_network: Optional[bool] = None,
host_pid: Optional[bool] = None,
host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
privileged: Optional[bool] = None,
read_only_root_filesystem: Optional[bool] = None,
required_drop_capabilities: Optional[Sequence[str]] = None,
run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
volumes: Optional[Sequence[str]] = None) -> PodSecurityPolicyTemplate
func GetPodSecurityPolicyTemplate(ctx *Context, name string, id IDInput, state *PodSecurityPolicyTemplateState, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
public static PodSecurityPolicyTemplate Get(string name, Input<string> id, PodSecurityPolicyTemplateState? state, CustomResourceOptions? opts = null)
public static PodSecurityPolicyTemplate get(String name, Output<String> id, PodSecurityPolicyTemplateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities List<string> - (list)
- Allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- Allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- Allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- Allowed
Proc List<string>Mount Types - (list)
- Allowed
Unsafe List<string>Sysctls - (list)
- Annotations Dictionary<string, object>
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add List<string>Capabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls List<string> - (list)
- Fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports List<PodSecurity Policy Template Host Port> - (list)
- Labels Dictionary<string, object>
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop List<string>Capabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- Volumes List<string>
- (list)
- Allow
Privilege boolEscalation - = (Optional)
- Allowed
Capabilities []string - (list)
- Allowed
Csi []PodDrivers Security Policy Template Allowed Csi Driver Args - (list)
- Allowed
Flex []PodVolumes Security Policy Template Allowed Flex Volume Args - (list)
- Allowed
Host []PodPaths Security Policy Template Allowed Host Path Args - (list)
- Allowed
Proc []stringMount Types - (list)
- Allowed
Unsafe []stringSysctls - (list)
- Annotations map[string]interface{}
- Annotations for PodSecurityPolicyTemplate object (map)
- Default
Add []stringCapabilities - (list)
- Default
Allow boolPrivilege Escalation - (list)
- Description string
- The PodSecurityPolicyTemplate description (string)
- Forbidden
Sysctls []string - (list)
- Fs
Group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- Host
Ipc bool - (bool)
- Host
Network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- Host
Pid bool - (bool)
- Host
Ports []PodSecurity Policy Template Host Port Args - (list)
- Labels map[string]interface{}
- Labels for PodSecurityPolicyTemplate object (map)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Privileged bool
- (bool)
- Read
Only boolRoot Filesystem - (bool)
- Required
Drop []stringCapabilities - (list)
- Run
As PodGroup Security Policy Template Run As Group Args - (list maxitems:1)
- Run
As PodUser Security Policy Template Run As User Args - (list maxitems:1)
- Runtime
Class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- Se
Linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- Supplemental
Group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- Volumes []string
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<PodDrivers Security Policy Template Allowed Csi Driver> - (list)
- allowed
Flex List<PodVolumes Security Policy Template Allowed Flex Volume> - (list)
- allowed
Host List<PodPaths Security Policy Template Allowed Host Path> - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<String,Object>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<PodSecurity Policy Template Host Port> - (list)
- labels Map<String,Object>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes List<String>
- (list)
- allow
Privilege booleanEscalation - = (Optional)
- allowed
Capabilities string[] - (list)
- allowed
Csi PodDrivers Security Policy Template Allowed Csi Driver[] - (list)
- allowed
Flex PodVolumes Security Policy Template Allowed Flex Volume[] - (list)
- allowed
Host PodPaths Security Policy Template Allowed Host Path[] - (list)
- allowed
Proc string[]Mount Types - (list)
- allowed
Unsafe string[]Sysctls - (list)
- annotations {[key: string]: any}
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add string[]Capabilities - (list)
- default
Allow booleanPrivilege Escalation - (list)
- description string
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls string[] - (list)
- fs
Group PodSecurity Policy Template Fs Group - (list maxitems:1)
- host
Ipc boolean - (bool)
- host
Network boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid boolean - (bool)
- host
Ports PodSecurity Policy Template Host Port[] - (list)
- labels {[key: string]: any}
- Labels for PodSecurityPolicyTemplate object (map)
- name string
- The name of the PodSecurityPolicyTemplate (string)
- privileged boolean
- (bool)
- read
Only booleanRoot Filesystem - (bool)
- required
Drop string[]Capabilities - (list)
- run
As PodGroup Security Policy Template Run As Group - (list maxitems:1)
- run
As PodUser Security Policy Template Run As User - (list maxitems:1)
- runtime
Class PodSecurity Policy Template Runtime Class - (list maxitems:1)
- se
Linux PodSecurity Policy Template Se Linux - (list maxitems:1)
- supplemental
Group PodSecurity Policy Template Supplemental Group - (list maxitems:1)
- volumes string[]
- (list)
- allow_
privilege_ boolescalation - = (Optional)
- allowed_
capabilities Sequence[str] - (list)
- allowed_
csi_ Sequence[Poddrivers Security Policy Template Allowed Csi Driver Args] - (list)
- allowed_
flex_ Sequence[Podvolumes Security Policy Template Allowed Flex Volume Args] - (list)
- allowed_
host_ Sequence[Podpaths Security Policy Template Allowed Host Path Args] - (list)
- allowed_
proc_ Sequence[str]mount_ types - (list)
- allowed_
unsafe_ Sequence[str]sysctls - (list)
- annotations Mapping[str, Any]
- Annotations for PodSecurityPolicyTemplate object (map)
- default_
add_ Sequence[str]capabilities - (list)
- default_
allow_ boolprivilege_ escalation - (list)
- description str
- The PodSecurityPolicyTemplate description (string)
- forbidden_
sysctls Sequence[str] - (list)
- fs_
group PodSecurity Policy Template Fs Group Args - (list maxitems:1)
- host_
ipc bool - (bool)
- host_
network bool - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host_
pid bool - (bool)
- host_
ports Sequence[PodSecurity Policy Template Host Port Args] - (list)
- labels Mapping[str, Any]
- Labels for PodSecurityPolicyTemplate object (map)
- name str
- The name of the PodSecurityPolicyTemplate (string)
- privileged bool
- (bool)
- read_
only_ boolroot_ filesystem - (bool)
- required_
drop_ Sequence[str]capabilities - (list)
- run_
as_ Podgroup Security Policy Template Run As Group Args - (list maxitems:1)
- run_
as_ Poduser Security Policy Template Run As User Args - (list maxitems:1)
- runtime_
class PodSecurity Policy Template Runtime Class Args - (list maxitems:1)
- se_
linux PodSecurity Policy Template Se Linux Args - (list maxitems:1)
- supplemental_
group PodSecurity Policy Template Supplemental Group Args - (list maxitems:1)
- volumes Sequence[str]
- (list)
- allow
Privilege BooleanEscalation - = (Optional)
- allowed
Capabilities List<String> - (list)
- allowed
Csi List<Property Map>Drivers - (list)
- allowed
Flex List<Property Map>Volumes - (list)
- allowed
Host List<Property Map>Paths - (list)
- allowed
Proc List<String>Mount Types - (list)
- allowed
Unsafe List<String>Sysctls - (list)
- annotations Map<Any>
- Annotations for PodSecurityPolicyTemplate object (map)
- default
Add List<String>Capabilities - (list)
- default
Allow BooleanPrivilege Escalation - (list)
- description String
- The PodSecurityPolicyTemplate description (string)
- forbidden
Sysctls List<String> - (list)
- fs
Group Property Map - (list maxitems:1)
- host
Ipc Boolean - (bool)
- host
Network Boolean - hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
- host
Pid Boolean - (bool)
- host
Ports List<Property Map> - (list)
- labels Map<Any>
- Labels for PodSecurityPolicyTemplate object (map)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- privileged Boolean
- (bool)
- read
Only BooleanRoot Filesystem - (bool)
- required
Drop List<String>Capabilities - (list)
- run
As Property MapGroup - (list maxitems:1)
- run
As Property MapUser - (list maxitems:1)
- runtime
Class Property Map - (list maxitems:1)
- se
Linux Property Map - (list maxitems:1)
- supplemental
Group Property Map - (list maxitems:1)
- volumes List<String>
- (list)
Supporting Types
PodSecurityPolicyTemplateAllowedCsiDriver, PodSecurityPolicyTemplateAllowedCsiDriverArgs
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- Name string
- The name of the PodSecurityPolicyTemplate (string)
- name String
- The name of the PodSecurityPolicyTemplate (string)
- name string
- The name of the PodSecurityPolicyTemplate (string)
- name str
- The name of the PodSecurityPolicyTemplate (string)
- name String
- The name of the PodSecurityPolicyTemplate (string)
PodSecurityPolicyTemplateAllowedFlexVolume, PodSecurityPolicyTemplateAllowedFlexVolumeArgs
- Driver string
- driver is the name of the Flexvolume driver.
- Driver string
- driver is the name of the Flexvolume driver.
- driver String
- driver is the name of the Flexvolume driver.
- driver string
- driver is the name of the Flexvolume driver.
- driver str
- driver is the name of the Flexvolume driver.
- driver String
- driver is the name of the Flexvolume driver.
PodSecurityPolicyTemplateAllowedHostPath, PodSecurityPolicyTemplateAllowedHostPathArgs
- Path
Prefix string - (string)
- Read
Only bool - (string)
- Path
Prefix string - (string)
- Read
Only bool - (string)
- path
Prefix String - (string)
- read
Only Boolean - (string)
- path
Prefix string - (string)
- read
Only boolean - (string)
- path_
prefix str - (string)
- read_
only bool - (string)
- path
Prefix String - (string)
- read
Only Boolean - (string)
PodSecurityPolicyTemplateFsGroup, PodSecurityPolicyTemplateFsGroupArgs
- Ranges
List<Pod
Security Policy Template Fs Group Range> - (list)
- Rule string
- (string)
- Ranges
[]Pod
Security Policy Template Fs Group Range - (list)
- Rule string
- (string)
- ranges
List<Pod
Security Policy Template Fs Group Range> - (list)
- rule String
- (string)
- ranges
Pod
Security Policy Template Fs Group Range[] - (list)
- rule string
- (string)
- ranges
Sequence[Pod
Security Policy Template Fs Group Range] - (list)
- rule str
- (string)
- ranges List<Property Map>
- (list)
- rule String
- (string)
PodSecurityPolicyTemplateFsGroupRange, PodSecurityPolicyTemplateFsGroupRangeArgs
PodSecurityPolicyTemplateHostPort, PodSecurityPolicyTemplateHostPortArgs
PodSecurityPolicyTemplateRunAsGroup, PodSecurityPolicyTemplateRunAsGroupArgs
- Rule string
- (string)
- Ranges
List<Pod
Security Policy Template Run As Group Range> - (list)
- Rule string
- (string)
- Ranges
[]Pod
Security Policy Template Run As Group Range - (list)
- rule String
- (string)
- ranges
List<Pod
Security Policy Template Run As Group Range> - (list)
- rule string
- (string)
- ranges
Pod
Security Policy Template Run As Group Range[] - (list)
- rule str
- (string)
- ranges
Sequence[Pod
Security Policy Template Run As Group Range] - (list)
- rule String
- (string)
- ranges List<Property Map>
- (list)
PodSecurityPolicyTemplateRunAsGroupRange, PodSecurityPolicyTemplateRunAsGroupRangeArgs
PodSecurityPolicyTemplateRunAsUser, PodSecurityPolicyTemplateRunAsUserArgs
- Rule string
- (string)
- Ranges
List<Pod
Security Policy Template Run As User Range> - (list)
- Rule string
- (string)
- Ranges
[]Pod
Security Policy Template Run As User Range - (list)
- rule String
- (string)
- ranges
List<Pod
Security Policy Template Run As User Range> - (list)
- rule string
- (string)
- ranges
Pod
Security Policy Template Run As User Range[] - (list)
- rule str
- (string)
- ranges
Sequence[Pod
Security Policy Template Run As User Range] - (list)
- rule String
- (string)
- ranges List<Property Map>
- (list)
PodSecurityPolicyTemplateRunAsUserRange, PodSecurityPolicyTemplateRunAsUserRangeArgs
PodSecurityPolicyTemplateRuntimeClass, PodSecurityPolicyTemplateRuntimeClassArgs
- Allowed
Runtime List<string>Class Names - (list)
- Default
Runtime stringClass Name - (string)
- Allowed
Runtime []stringClass Names - (list)
- Default
Runtime stringClass Name - (string)
- allowed
Runtime List<String>Class Names - (list)
- default
Runtime StringClass Name - (string)
- allowed
Runtime string[]Class Names - (list)
- default
Runtime stringClass Name - (string)
- allowed_
runtime_ Sequence[str]class_ names - (list)
- default_
runtime_ strclass_ name - (string)
- allowed
Runtime List<String>Class Names - (list)
- default
Runtime StringClass Name - (string)
PodSecurityPolicyTemplateSeLinux, PodSecurityPolicyTemplateSeLinuxArgs
- Rule string
- (string)
- Se
Linux PodOption Security Policy Template Se Linux Se Linux Option - (list maxitems:1)
- Rule string
- (string)
- Se
Linux PodOption Security Policy Template Se Linux Se Linux Option - (list maxitems:1)
- rule String
- (string)
- se
Linux PodOption Security Policy Template Se Linux Se Linux Option - (list maxitems:1)
- rule string
- (string)
- se
Linux PodOption Security Policy Template Se Linux Se Linux Option - (list maxitems:1)
- rule str
- (string)
- se_
linux_ Podoption Security Policy Template Se Linux Se Linux Option - (list maxitems:1)
- rule String
- (string)
- se
Linux Property MapOption - (list maxitems:1)
PodSecurityPolicyTemplateSeLinuxSeLinuxOption, PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs
PodSecurityPolicyTemplateSupplementalGroup, PodSecurityPolicyTemplateSupplementalGroupArgs
- Ranges
List<Pod
Security Policy Template Supplemental Group Range> - (list)
- Rule string
- (string)
- Ranges
[]Pod
Security Policy Template Supplemental Group Range - (list)
- Rule string
- (string)
- ranges
List<Pod
Security Policy Template Supplemental Group Range> - (list)
- rule String
- (string)
- ranges
Pod
Security Policy Template Supplemental Group Range[] - (list)
- rule string
- (string)
- ranges
Sequence[Pod
Security Policy Template Supplemental Group Range] - (list)
- rule str
- (string)
- ranges List<Property Map>
- (list)
- rule String
- (string)
PodSecurityPolicyTemplateSupplementalGroupRange, PodSecurityPolicyTemplateSupplementalGroupRangeArgs
Import
PodSecurityPolicyTemplate can be imported using the Rancher PodSecurityPolicyTemplate Name
$ pulumi import rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate foo <pod_security_policy_name>
Package Details
- Repository
- Rancher2 pulumi/pulumi-rancher2
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
rancher2
Terraform Provider.