Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

PodSecurityPolicyTemplate

Provides a Rancher v2 PodSecurityPolicyTemplate resource. This can be used to create PodSecurityPolicyTemplates for Rancher v2 environments and retrieve their information.

Example Usage

using Pulumi;
using Rancher2 = Pulumi.Rancher2;

class MyStack : Stack
{
    public MyStack()
    {
        // Create a new rancher2 PodSecurityPolicyTemplate
        var foo = new Rancher2.PodSecurityPolicyTemplate("foo", new Rancher2.PodSecurityPolicyTemplateArgs
        {
            AllowPrivilegeEscalation = false,
            AllowedCsiDrivers = 
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedCsiDriverArgs
                {
                    Name = "something",
                },
                new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedCsiDriverArgs
                {
                    Name = "something-else",
                },
            },
            AllowedFlexVolumes = 
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedFlexVolumeArgs
                {
                    Driver = "something",
                },
                new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedFlexVolumeArgs
                {
                    Driver = "something-else",
                },
            },
            AllowedHostPaths = 
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedHostPathArgs
                {
                    PathPrefix = "/",
                    ReadOnly = true,
                },
                new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedHostPathArgs
                {
                    PathPrefix = "//",
                    ReadOnly = false,
                },
            },
            AllowedProcMountTypes = 
            {
                "Default",
            },
            DefaultAllowPrivilegeEscalation = false,
            Description = "Terraform PodSecurityPolicyTemplate acceptance test - update",
            FsGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupArgs
            {
                Ranges = 
                {
                    new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupRangeArgs
                    {
                        Max = 100,
                        Min = 0,
                    },
                    new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupRangeArgs
                    {
                        Max = 100,
                        Min = 0,
                    },
                },
                Rule = "MustRunAs",
            },
            HostIpc = false,
            HostNetwork = false,
            HostPid = false,
            HostPorts = 
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateHostPortArgs
                {
                    Max = 65535,
                    Min = 0,
                },
                new Rancher2.Inputs.PodSecurityPolicyTemplateHostPortArgs
                {
                    Max = 8080,
                    Min = 1024,
                },
            },
            Privileged = false,
            ReadOnlyRootFilesystem = false,
            RequiredDropCapabilities = 
            {
                "something",
            },
            RunAsGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupArgs
            {
                Ranges = 
                {
                    new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupRangeArgs
                    {
                        Max = 100,
                        Min = 1,
                    },
                    new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupRangeArgs
                    {
                        Max = 1024,
                        Min = 2,
                    },
                },
                Rule = "MustRunAs",
            },
            RunAsUser = new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserArgs
            {
                Ranges = 
                {
                    new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserRangeArgs
                    {
                        Max = 100,
                        Min = 1,
                    },
                    new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserRangeArgs
                    {
                        Max = 1024,
                        Min = 2,
                    },
                },
                Rule = "MustRunAs",
            },
            RuntimeClass = new Rancher2.Inputs.PodSecurityPolicyTemplateRuntimeClassArgs
            {
                AllowedRuntimeClassNames = 
                {
                    "something",
                },
                DefaultRuntimeClassName = "something",
            },
            SeLinux = new Rancher2.Inputs.PodSecurityPolicyTemplateSeLinuxArgs
            {
                Rule = "RunAsAny",
            },
            SupplementalGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateSupplementalGroupArgs
            {
                Rule = "RunAsAny",
            },
            Volumes = 
            {
                "azureFile",
            },
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-rancher2/sdk/v2/go/rancher2"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := rancher2.NewPodSecurityPolicyTemplate(ctx, "foo", &rancher2.PodSecurityPolicyTemplateArgs{
            AllowPrivilegeEscalation: pulumi.Bool(false),
            AllowedCsiDrivers: rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArray{
                &rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs{
                    Name: pulumi.String("something"),
                },
                &rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs{
                    Name: pulumi.String("something-else"),
                },
            },
            AllowedFlexVolumes: rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArray{
                &rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs{
                    Driver: pulumi.String("something"),
                },
                &rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs{
                    Driver: pulumi.String("something-else"),
                },
            },
            AllowedHostPaths: rancher2.PodSecurityPolicyTemplateAllowedHostPathArray{
                &rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs{
                    PathPrefix: pulumi.String("/"),
                    ReadOnly:   pulumi.Bool(true),
                },
                &rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs{
                    PathPrefix: pulumi.String("//"),
                    ReadOnly:   pulumi.Bool(false),
                },
            },
            AllowedProcMountTypes: pulumi.StringArray{
                pulumi.String("Default"),
            },
            DefaultAllowPrivilegeEscalation: pulumi.Bool(false),
            Description:                     pulumi.String("Terraform PodSecurityPolicyTemplate acceptance test - update"),
            FsGroup: &rancher2.PodSecurityPolicyTemplateFsGroupArgs{
                Ranges: rancher2.PodSecurityPolicyTemplateFsGroupRangeArray{
                    &rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs{
                        Max: pulumi.Int(100),
                        Min: pulumi.Int(0),
                    },
                    &rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs{
                        Max: pulumi.Int(100),
                        Min: pulumi.Int(0),
                    },
                },
                Rule: pulumi.String("MustRunAs"),
            },
            HostIpc:     pulumi.Bool(false),
            HostNetwork: pulumi.Bool(false),
            HostPid:     pulumi.Bool(false),
            HostPorts: rancher2.PodSecurityPolicyTemplateHostPortArray{
                &rancher2.PodSecurityPolicyTemplateHostPortArgs{
                    Max: pulumi.Int(65535),
                    Min: pulumi.Int(0),
                },
                &rancher2.PodSecurityPolicyTemplateHostPortArgs{
                    Max: pulumi.Int(8080),
                    Min: pulumi.Int(1024),
                },
            },
            Privileged:             pulumi.Bool(false),
            ReadOnlyRootFilesystem: pulumi.Bool(false),
            RequiredDropCapabilities: pulumi.StringArray{
                pulumi.String("something"),
            },
            RunAsGroup: &rancher2.PodSecurityPolicyTemplateRunAsGroupArgs{
                Ranges: rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArray{
                    &rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs{
                        Max: pulumi.Int(100),
                        Min: pulumi.Int(1),
                    },
                    &rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs{
                        Max: pulumi.Int(1024),
                        Min: pulumi.Int(2),
                    },
                },
                Rule: pulumi.String("MustRunAs"),
            },
            RunAsUser: &rancher2.PodSecurityPolicyTemplateRunAsUserArgs{
                Ranges: rancher2.PodSecurityPolicyTemplateRunAsUserRangeArray{
                    &rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs{
                        Max: pulumi.Int(100),
                        Min: pulumi.Int(1),
                    },
                    &rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs{
                        Max: pulumi.Int(1024),
                        Min: pulumi.Int(2),
                    },
                },
                Rule: pulumi.String("MustRunAs"),
            },
            RuntimeClass: &rancher2.PodSecurityPolicyTemplateRuntimeClassArgs{
                AllowedRuntimeClassNames: pulumi.StringArray{
                    pulumi.String("something"),
                },
                DefaultRuntimeClassName: pulumi.String("something"),
            },
            SeLinux: &rancher2.PodSecurityPolicyTemplateSeLinuxArgs{
                Rule: pulumi.String("RunAsAny"),
            },
            SupplementalGroup: &rancher2.PodSecurityPolicyTemplateSupplementalGroupArgs{
                Rule: pulumi.String("RunAsAny"),
            },
            Volumes: pulumi.StringArray{
                pulumi.String("azureFile"),
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_rancher2 as rancher2

# Create a new rancher2 PodSecurityPolicyTemplate
foo = rancher2.PodSecurityPolicyTemplate("foo",
    allow_privilege_escalation=False,
    allowed_csi_drivers=[
        rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs(
            name="something",
        ),
        rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs(
            name="something-else",
        ),
    ],
    allowed_flex_volumes=[
        rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs(
            driver="something",
        ),
        rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs(
            driver="something-else",
        ),
    ],
    allowed_host_paths=[
        rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs(
            path_prefix="/",
            read_only=True,
        ),
        rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs(
            path_prefix="//",
            read_only=False,
        ),
    ],
    allowed_proc_mount_types=["Default"],
    default_allow_privilege_escalation=False,
    description="Terraform PodSecurityPolicyTemplate acceptance test - update",
    fs_group=rancher2.PodSecurityPolicyTemplateFsGroupArgs(
        ranges=[
            rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs(
                max=100,
                min=0,
            ),
            rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs(
                max=100,
                min=0,
            ),
        ],
        rule="MustRunAs",
    ),
    host_ipc=False,
    host_network=False,
    host_pid=False,
    host_ports=[
        rancher2.PodSecurityPolicyTemplateHostPortArgs(
            max=65535,
            min=0,
        ),
        rancher2.PodSecurityPolicyTemplateHostPortArgs(
            max=8080,
            min=1024,
        ),
    ],
    privileged=False,
    read_only_root_filesystem=False,
    required_drop_capabilities=["something"],
    run_as_group=rancher2.PodSecurityPolicyTemplateRunAsGroupArgs(
        ranges=[
            rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs(
                max=100,
                min=1,
            ),
            rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs(
                max=1024,
                min=2,
            ),
        ],
        rule="MustRunAs",
    ),
    run_as_user=rancher2.PodSecurityPolicyTemplateRunAsUserArgs(
        ranges=[
            rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs(
                max=100,
                min=1,
            ),
            rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs(
                max=1024,
                min=2,
            ),
        ],
        rule="MustRunAs",
    ),
    runtime_class=rancher2.PodSecurityPolicyTemplateRuntimeClassArgs(
        allowed_runtime_class_names=["something"],
        default_runtime_class_name="something",
    ),
    se_linux=rancher2.PodSecurityPolicyTemplateSeLinuxArgs(
        rule="RunAsAny",
    ),
    supplemental_group=rancher2.PodSecurityPolicyTemplateSupplementalGroupArgs(
        rule="RunAsAny",
    ),
    volumes=["azureFile"])
import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";

// Create a new rancher2 PodSecurityPolicyTemplate
const foo = new rancher2.PodSecurityPolicyTemplate("foo", {
    allowPrivilegeEscalation: false,
    allowedCsiDrivers: [
        {
            name: "something",
        },
        {
            name: "something-else",
        },
    ],
    allowedFlexVolumes: [
        {
            driver: "something",
        },
        {
            driver: "something-else",
        },
    ],
    allowedHostPaths: [
        {
            pathPrefix: "/",
            readOnly: true,
        },
        {
            pathPrefix: "//",
            readOnly: false,
        },
    ],
    allowedProcMountTypes: ["Default"],
    defaultAllowPrivilegeEscalation: false,
    description: "Terraform PodSecurityPolicyTemplate acceptance test - update",
    fsGroup: {
        ranges: [
            {
                max: 100,
                min: 0,
            },
            {
                max: 100,
                min: 0,
            },
        ],
        rule: "MustRunAs",
    },
    hostIpc: false,
    hostNetwork: false,
    hostPid: false,
    hostPorts: [
        {
            max: 65535,
            min: 0,
        },
        {
            max: 8080,
            min: 1024,
        },
    ],
    privileged: false,
    readOnlyRootFilesystem: false,
    requiredDropCapabilities: ["something"],
    runAsGroup: {
        ranges: [
            {
                max: 100,
                min: 1,
            },
            {
                max: 1024,
                min: 2,
            },
        ],
        rule: "MustRunAs",
    },
    runAsUser: {
        ranges: [
            {
                max: 100,
                min: 1,
            },
            {
                max: 1024,
                min: 2,
            },
        ],
        rule: "MustRunAs",
    },
    runtimeClass: {
        allowedRuntimeClassNames: ["something"],
        defaultRuntimeClassName: "something",
    },
    seLinux: {
        rule: "RunAsAny",
    },
    supplementalGroup: {
        rule: "RunAsAny",
    },
    volumes: ["azureFile"],
});

Create a PodSecurityPolicyTemplate Resource

new PodSecurityPolicyTemplate(name: string, args?: PodSecurityPolicyTemplateArgs, opts?: CustomResourceOptions);
def PodSecurityPolicyTemplate(resource_name: str, opts: Optional[ResourceOptions] = None, allow_privilege_escalation: Optional[bool] = None, allowed_capabilities: Optional[Sequence[str]] = None, allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None, allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None, allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None, allowed_proc_mount_types: Optional[Sequence[str]] = None, allowed_unsafe_sysctls: Optional[Sequence[str]] = None, annotations: Optional[Mapping[str, Any]] = None, default_add_capabilities: Optional[Sequence[str]] = None, default_allow_privilege_escalation: Optional[bool] = None, description: Optional[str] = None, forbidden_sysctls: Optional[Sequence[str]] = None, fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None, host_ipc: Optional[bool] = None, host_network: Optional[bool] = None, host_pid: Optional[bool] = None, host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None, labels: Optional[Mapping[str, Any]] = None, name: Optional[str] = None, privileged: Optional[bool] = None, read_only_root_filesystem: Optional[bool] = None, required_drop_capabilities: Optional[Sequence[str]] = None, run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None, run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None, runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None, se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None, supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None, volumes: Optional[Sequence[str]] = None)
func NewPodSecurityPolicyTemplate(ctx *Context, name string, args *PodSecurityPolicyTemplateArgs, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
public PodSecurityPolicyTemplate(string name, PodSecurityPolicyTemplateArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args PodSecurityPolicyTemplateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PodSecurityPolicyTemplateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PodSecurityPolicyTemplateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

PodSecurityPolicyTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The PodSecurityPolicyTemplate resource accepts the following input properties:

AllowPrivilegeEscalation bool

= (Optional)

AllowedCapabilities List<string>

(list)

AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriverArgs>

(list)

AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolumeArgs>

(list)

AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPathArgs>

(list)

AllowedProcMountTypes List<string>

(list)

AllowedUnsafeSysctls List<string>

(list)

Annotations Dictionary<string, object>

Annotations for PodSecurityPolicyTemplate object (map)

DefaultAddCapabilities List<string>

(list)

DefaultAllowPrivilegeEscalation bool

(list)

Description string

The PodSecurityPolicyTemplate description (string)

ForbiddenSysctls List<string>

(list)

FsGroup PodSecurityPolicyTemplateFsGroupArgs

(list maxitems:1)

HostIpc bool

(bool)

HostNetwork bool

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

HostPid bool

(bool)

HostPorts List<PodSecurityPolicyTemplateHostPortArgs>

(list)

Labels Dictionary<string, object>

Labels for PodSecurityPolicyTemplate object (map)

Name string

The name of the PodSecurityPolicyTemplate (string)

Privileged bool

(bool)

ReadOnlyRootFilesystem bool

(bool)

RequiredDropCapabilities List<string>

(list)

RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs

(list maxitems:1)

RunAsUser PodSecurityPolicyTemplateRunAsUserArgs

(list maxitems:1)

RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs

(list maxitems:1)

SeLinux PodSecurityPolicyTemplateSeLinuxArgs

(list maxitems:1)

SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs

(list maxitems:1)

Volumes List<string>

(list)

AllowPrivilegeEscalation bool

= (Optional)

AllowedCapabilities []string

(list)

AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriver

(list)

AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolume

(list)

AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPath

(list)

AllowedProcMountTypes []string

(list)

AllowedUnsafeSysctls []string

(list)

Annotations map[string]interface{}

Annotations for PodSecurityPolicyTemplate object (map)

DefaultAddCapabilities []string

(list)

DefaultAllowPrivilegeEscalation bool

(list)

Description string

The PodSecurityPolicyTemplate description (string)

ForbiddenSysctls []string

(list)

FsGroup PodSecurityPolicyTemplateFsGroup

(list maxitems:1)

HostIpc bool

(bool)

HostNetwork bool

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

HostPid bool

(bool)

HostPorts []PodSecurityPolicyTemplateHostPort

(list)

Labels map[string]interface{}

Labels for PodSecurityPolicyTemplate object (map)

Name string

The name of the PodSecurityPolicyTemplate (string)

Privileged bool

(bool)

ReadOnlyRootFilesystem bool

(bool)

RequiredDropCapabilities []string

(list)

RunAsGroup PodSecurityPolicyTemplateRunAsGroup

(list maxitems:1)

RunAsUser PodSecurityPolicyTemplateRunAsUser

(list maxitems:1)

RuntimeClass PodSecurityPolicyTemplateRuntimeClass

(list maxitems:1)

SeLinux PodSecurityPolicyTemplateSeLinux

(list maxitems:1)

SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup

(list maxitems:1)

Volumes []string

(list)

allowPrivilegeEscalation boolean

= (Optional)

allowedCapabilities string[]

(list)

allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]

(list)

allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]

(list)

allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]

(list)

allowedProcMountTypes string[]

(list)

allowedUnsafeSysctls string[]

(list)

annotations {[key: string]: any}

Annotations for PodSecurityPolicyTemplate object (map)

defaultAddCapabilities string[]

(list)

defaultAllowPrivilegeEscalation boolean

(list)

description string

The PodSecurityPolicyTemplate description (string)

forbiddenSysctls string[]

(list)

fsGroup PodSecurityPolicyTemplateFsGroup

(list maxitems:1)

hostIpc boolean

(bool)

hostNetwork boolean

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

hostPid boolean

(bool)

hostPorts PodSecurityPolicyTemplateHostPort[]

(list)

labels {[key: string]: any}

Labels for PodSecurityPolicyTemplate object (map)

name string

The name of the PodSecurityPolicyTemplate (string)

privileged boolean

(bool)

readOnlyRootFilesystem boolean

(bool)

requiredDropCapabilities string[]

(list)

runAsGroup PodSecurityPolicyTemplateRunAsGroup

(list maxitems:1)

runAsUser PodSecurityPolicyTemplateRunAsUser

(list maxitems:1)

runtimeClass PodSecurityPolicyTemplateRuntimeClass

(list maxitems:1)

seLinux PodSecurityPolicyTemplateSeLinux

(list maxitems:1)

supplementalGroup PodSecurityPolicyTemplateSupplementalGroup

(list maxitems:1)

volumes string[]

(list)

allow_privilege_escalation bool

= (Optional)

allowed_capabilities Sequence[str]

(list)

allowed_csi_drivers Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]

(list)

allowed_flex_volumes Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]

(list)

allowed_host_paths Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]

(list)

allowed_proc_mount_types Sequence[str]

(list)

allowed_unsafe_sysctls Sequence[str]

(list)

annotations Mapping[str, Any]

Annotations for PodSecurityPolicyTemplate object (map)

default_add_capabilities Sequence[str]

(list)

default_allow_privilege_escalation bool

(list)

description str

The PodSecurityPolicyTemplate description (string)

forbidden_sysctls Sequence[str]

(list)

fs_group PodSecurityPolicyTemplateFsGroupArgs

(list maxitems:1)

host_ipc bool

(bool)

host_network bool

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

host_pid bool

(bool)

host_ports Sequence[PodSecurityPolicyTemplateHostPortArgs]

(list)

labels Mapping[str, Any]

Labels for PodSecurityPolicyTemplate object (map)

name str

The name of the PodSecurityPolicyTemplate (string)

privileged bool

(bool)

read_only_root_filesystem bool

(bool)

required_drop_capabilities Sequence[str]

(list)

run_as_group PodSecurityPolicyTemplateRunAsGroupArgs

(list maxitems:1)

run_as_user PodSecurityPolicyTemplateRunAsUserArgs

(list maxitems:1)

runtime_class PodSecurityPolicyTemplateRuntimeClassArgs

(list maxitems:1)

se_linux PodSecurityPolicyTemplateSeLinuxArgs

(list maxitems:1)

supplemental_group PodSecurityPolicyTemplateSupplementalGroupArgs

(list maxitems:1)

volumes Sequence[str]

(list)

Outputs

All input properties are implicitly available as output properties. Additionally, the PodSecurityPolicyTemplate resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing PodSecurityPolicyTemplate Resource

Get an existing PodSecurityPolicyTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PodSecurityPolicyTemplateState, opts?: CustomResourceOptions): PodSecurityPolicyTemplate
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, allow_privilege_escalation: Optional[bool] = None, allowed_capabilities: Optional[Sequence[str]] = None, allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None, allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None, allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None, allowed_proc_mount_types: Optional[Sequence[str]] = None, allowed_unsafe_sysctls: Optional[Sequence[str]] = None, annotations: Optional[Mapping[str, Any]] = None, default_add_capabilities: Optional[Sequence[str]] = None, default_allow_privilege_escalation: Optional[bool] = None, description: Optional[str] = None, forbidden_sysctls: Optional[Sequence[str]] = None, fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None, host_ipc: Optional[bool] = None, host_network: Optional[bool] = None, host_pid: Optional[bool] = None, host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None, labels: Optional[Mapping[str, Any]] = None, name: Optional[str] = None, privileged: Optional[bool] = None, read_only_root_filesystem: Optional[bool] = None, required_drop_capabilities: Optional[Sequence[str]] = None, run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None, run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None, runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None, se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None, supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None, volumes: Optional[Sequence[str]] = None) -> PodSecurityPolicyTemplate
func GetPodSecurityPolicyTemplate(ctx *Context, name string, id IDInput, state *PodSecurityPolicyTemplateState, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
public static PodSecurityPolicyTemplate Get(string name, Input<string> id, PodSecurityPolicyTemplateState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowPrivilegeEscalation bool

= (Optional)

AllowedCapabilities List<string>

(list)

AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriverArgs>

(list)

AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolumeArgs>

(list)

AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPathArgs>

(list)

AllowedProcMountTypes List<string>

(list)

AllowedUnsafeSysctls List<string>

(list)

Annotations Dictionary<string, object>

Annotations for PodSecurityPolicyTemplate object (map)

DefaultAddCapabilities List<string>

(list)

DefaultAllowPrivilegeEscalation bool

(list)

Description string

The PodSecurityPolicyTemplate description (string)

ForbiddenSysctls List<string>

(list)

FsGroup PodSecurityPolicyTemplateFsGroupArgs

(list maxitems:1)

HostIpc bool

(bool)

HostNetwork bool

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

HostPid bool

(bool)

HostPorts List<PodSecurityPolicyTemplateHostPortArgs>

(list)

Labels Dictionary<string, object>

Labels for PodSecurityPolicyTemplate object (map)

Name string

The name of the PodSecurityPolicyTemplate (string)

Privileged bool

(bool)

ReadOnlyRootFilesystem bool

(bool)

RequiredDropCapabilities List<string>

(list)

RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs

(list maxitems:1)

RunAsUser PodSecurityPolicyTemplateRunAsUserArgs

(list maxitems:1)

RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs

(list maxitems:1)

SeLinux PodSecurityPolicyTemplateSeLinuxArgs

(list maxitems:1)

SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs

(list maxitems:1)

Volumes List<string>

(list)

AllowPrivilegeEscalation bool

= (Optional)

AllowedCapabilities []string

(list)

AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriver

(list)

AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolume

(list)

AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPath

(list)

AllowedProcMountTypes []string

(list)

AllowedUnsafeSysctls []string

(list)

Annotations map[string]interface{}

Annotations for PodSecurityPolicyTemplate object (map)

DefaultAddCapabilities []string

(list)

DefaultAllowPrivilegeEscalation bool

(list)

Description string

The PodSecurityPolicyTemplate description (string)

ForbiddenSysctls []string

(list)

FsGroup PodSecurityPolicyTemplateFsGroup

(list maxitems:1)

HostIpc bool

(bool)

HostNetwork bool

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

HostPid bool

(bool)

HostPorts []PodSecurityPolicyTemplateHostPort

(list)

Labels map[string]interface{}

Labels for PodSecurityPolicyTemplate object (map)

Name string

The name of the PodSecurityPolicyTemplate (string)

Privileged bool

(bool)

ReadOnlyRootFilesystem bool

(bool)

RequiredDropCapabilities []string

(list)

RunAsGroup PodSecurityPolicyTemplateRunAsGroup

(list maxitems:1)

RunAsUser PodSecurityPolicyTemplateRunAsUser

(list maxitems:1)

RuntimeClass PodSecurityPolicyTemplateRuntimeClass

(list maxitems:1)

SeLinux PodSecurityPolicyTemplateSeLinux

(list maxitems:1)

SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup

(list maxitems:1)

Volumes []string

(list)

allowPrivilegeEscalation boolean

= (Optional)

allowedCapabilities string[]

(list)

allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]

(list)

allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]

(list)

allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]

(list)

allowedProcMountTypes string[]

(list)

allowedUnsafeSysctls string[]

(list)

annotations {[key: string]: any}

Annotations for PodSecurityPolicyTemplate object (map)

defaultAddCapabilities string[]

(list)

defaultAllowPrivilegeEscalation boolean

(list)

description string

The PodSecurityPolicyTemplate description (string)

forbiddenSysctls string[]

(list)

fsGroup PodSecurityPolicyTemplateFsGroup

(list maxitems:1)

hostIpc boolean

(bool)

hostNetwork boolean

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

hostPid boolean

(bool)

hostPorts PodSecurityPolicyTemplateHostPort[]

(list)

labels {[key: string]: any}

Labels for PodSecurityPolicyTemplate object (map)

name string

The name of the PodSecurityPolicyTemplate (string)

privileged boolean

(bool)

readOnlyRootFilesystem boolean

(bool)

requiredDropCapabilities string[]

(list)

runAsGroup PodSecurityPolicyTemplateRunAsGroup

(list maxitems:1)

runAsUser PodSecurityPolicyTemplateRunAsUser

(list maxitems:1)

runtimeClass PodSecurityPolicyTemplateRuntimeClass

(list maxitems:1)

seLinux PodSecurityPolicyTemplateSeLinux

(list maxitems:1)

supplementalGroup PodSecurityPolicyTemplateSupplementalGroup

(list maxitems:1)

volumes string[]

(list)

allow_privilege_escalation bool

= (Optional)

allowed_capabilities Sequence[str]

(list)

allowed_csi_drivers Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]

(list)

allowed_flex_volumes Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]

(list)

allowed_host_paths Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]

(list)

allowed_proc_mount_types Sequence[str]

(list)

allowed_unsafe_sysctls Sequence[str]

(list)

annotations Mapping[str, Any]

Annotations for PodSecurityPolicyTemplate object (map)

default_add_capabilities Sequence[str]

(list)

default_allow_privilege_escalation bool

(list)

description str

The PodSecurityPolicyTemplate description (string)

forbidden_sysctls Sequence[str]

(list)

fs_group PodSecurityPolicyTemplateFsGroupArgs

(list maxitems:1)

host_ipc bool

(bool)

host_network bool

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

host_pid bool

(bool)

host_ports Sequence[PodSecurityPolicyTemplateHostPortArgs]

(list)

labels Mapping[str, Any]

Labels for PodSecurityPolicyTemplate object (map)

name str

The name of the PodSecurityPolicyTemplate (string)

privileged bool

(bool)

read_only_root_filesystem bool

(bool)

required_drop_capabilities Sequence[str]

(list)

run_as_group PodSecurityPolicyTemplateRunAsGroupArgs

(list maxitems:1)

run_as_user PodSecurityPolicyTemplateRunAsUserArgs

(list maxitems:1)

runtime_class PodSecurityPolicyTemplateRuntimeClassArgs

(list maxitems:1)

se_linux PodSecurityPolicyTemplateSeLinuxArgs

(list maxitems:1)

supplemental_group PodSecurityPolicyTemplateSupplementalGroupArgs

(list maxitems:1)

volumes Sequence[str]

(list)

Supporting Types

PodSecurityPolicyTemplateAllowedCsiDriver

Name string

The name of the PodSecurityPolicyTemplate (string)

Name string

The name of the PodSecurityPolicyTemplate (string)

name string

The name of the PodSecurityPolicyTemplate (string)

name str

The name of the PodSecurityPolicyTemplate (string)

PodSecurityPolicyTemplateAllowedFlexVolume

Driver string
Driver string
driver string
driver str

PodSecurityPolicyTemplateAllowedHostPath

PathPrefix string

(string)

ReadOnly bool

(string)

PathPrefix string

(string)

ReadOnly bool

(string)

pathPrefix string

(string)

readOnly boolean

(string)

path_prefix str

(string)

read_only bool

(string)

PodSecurityPolicyTemplateFsGroup

PodSecurityPolicyTemplateFsGroupRange

Max int

(int)

Min int

(int)

Max int

(int)

Min int

(int)

max number

(int)

min number

(int)

max int

(int)

min int

(int)

PodSecurityPolicyTemplateHostPort

Max int

(int)

Min int

(int)

Max int

(int)

Min int

(int)

max number

(int)

min number

(int)

max int

(int)

min int

(int)

PodSecurityPolicyTemplateRunAsGroup

PodSecurityPolicyTemplateRunAsGroupRange

Max int

(int)

Min int

(int)

Max int

(int)

Min int

(int)

max number

(int)

min number

(int)

max int

(int)

min int

(int)

PodSecurityPolicyTemplateRunAsUser

PodSecurityPolicyTemplateRunAsUserRange

Max int

(int)

Min int

(int)

Max int

(int)

Min int

(int)

max number

(int)

min number

(int)

max int

(int)

min int

(int)

PodSecurityPolicyTemplateRuntimeClass

AllowedRuntimeClassNames List<string>

(list)

DefaultRuntimeClassName string

(string)

PodSecurityPolicyTemplateSeLinux

PodSecurityPolicyTemplateSeLinuxSeLinuxOption

Level string

(string)

Role string

(string)

Type string

(string)

User string

(string)

Level string

(string)

Role string

(string)

Type string

(string)

User string

(string)

level string

(string)

role string

(string)

type string

(string)

user string

(string)

level str

(string)

role str

(string)

type str

(string)

user str

(string)

PodSecurityPolicyTemplateSupplementalGroup

PodSecurityPolicyTemplateSupplementalGroupRange

Max int

(int)

Min int

(int)

Max int

(int)

Min int

(int)

max number

(int)

min number

(int)

max int

(int)

min int

(int)

Import

PodSecurityPolicyTemplate can be imported using the Rancher PodSecurityPolicyTemplate Name

 $ pulumi import rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate foo &lt;pod_security_policy_name&gt;

Package Details

Repository
https://github.com/pulumi/pulumi-rancher2
License
Apache-2.0
Notes
This Pulumi package is based on the rancher2 Terraform Provider.