1. Packages
  2. Rancher2
  3. API Docs
  4. PodSecurityPolicyTemplate
Rancher 2 v6.1.0 published on Tuesday, Mar 12, 2024 by Pulumi

rancher2.PodSecurityPolicyTemplate

Explore with Pulumi AI

rancher2 logo
Rancher 2 v6.1.0 published on Tuesday, Mar 12, 2024 by Pulumi

    Provides a Rancher v2 PodSecurityPolicyTemplate resource. This can be used to create PodSecurityPolicyTemplates for Rancher v2 environments and retrieve their information.

    Example Usage

    # Create a new rancher2 PodSecurityPolicyTemplate
    resource "rancher2_pod_security_policy_template" "foo" {
      name = "foo"
      description = "Terraform PodSecurityPolicyTemplate acceptance test - update"
      allow_privilege_escalation = false
      allowed_csi_driver {
        name = "something"
      }
      allowed_csi_driver {
        name = "something-else"
      }
      allowed_flex_volume {
        driver = "something"
      }
      allowed_flex_volume {
        driver = "something-else"
      }
      allowed_host_path {
        path_prefix = "/"
        read_only = true
      }
      allowed_host_path {
        path_prefix = "//"
        read_only = false
      }
      allowed_proc_mount_types = ["Default"]
      default_allow_privilege_escalation = false
      fs_group {
        rule = "MustRunAs"
        range {
          min = 0
          max = 100
        }
        range {
          min = 0
          max = 100
        }
      }
      host_ipc = false
      host_network = false
      host_pid = false
      host_port {
        min = 0
        max = 65535
      }
      host_port {
        min = 1024
        max = 8080
      }
      privileged = false
      read_only_root_filesystem = false
      required_drop_capabilities = ["something"]
    
      run_as_user {
        rule = "MustRunAs"
        range {
          min = 1
          max = 100
        }
        range {
          min = 2
          max = 1024
        }
      }
      run_as_group {
        rule = "MustRunAs"
        range {
          min = 1
          max = 100
        }
        range {
          min = 2
          max = 1024
        }
      }
      runtime_class {
        default_runtime_class_name = "something"
        allowed_runtime_class_names  = ["something"]
      }
      se_linux {
        rule = "RunAsAny"
      }
      supplemental_group {
        rule = "RunAsAny"
      }
      volumes = ["azureFile"]
    }
    

    Create PodSecurityPolicyTemplate Resource

    new PodSecurityPolicyTemplate(name: string, args?: PodSecurityPolicyTemplateArgs, opts?: CustomResourceOptions);
    @overload
    def PodSecurityPolicyTemplate(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  allow_privilege_escalation: Optional[bool] = None,
                                  allowed_capabilities: Optional[Sequence[str]] = None,
                                  allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
                                  allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
                                  allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
                                  allowed_proc_mount_types: Optional[Sequence[str]] = None,
                                  allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
                                  annotations: Optional[Mapping[str, Any]] = None,
                                  default_add_capabilities: Optional[Sequence[str]] = None,
                                  default_allow_privilege_escalation: Optional[bool] = None,
                                  description: Optional[str] = None,
                                  forbidden_sysctls: Optional[Sequence[str]] = None,
                                  fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
                                  host_ipc: Optional[bool] = None,
                                  host_network: Optional[bool] = None,
                                  host_pid: Optional[bool] = None,
                                  host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
                                  labels: Optional[Mapping[str, Any]] = None,
                                  name: Optional[str] = None,
                                  privileged: Optional[bool] = None,
                                  read_only_root_filesystem: Optional[bool] = None,
                                  required_drop_capabilities: Optional[Sequence[str]] = None,
                                  run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
                                  run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
                                  runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
                                  se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
                                  supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
                                  volumes: Optional[Sequence[str]] = None)
    @overload
    def PodSecurityPolicyTemplate(resource_name: str,
                                  args: Optional[PodSecurityPolicyTemplateArgs] = None,
                                  opts: Optional[ResourceOptions] = None)
    func NewPodSecurityPolicyTemplate(ctx *Context, name string, args *PodSecurityPolicyTemplateArgs, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
    public PodSecurityPolicyTemplate(string name, PodSecurityPolicyTemplateArgs? args = null, CustomResourceOptions? opts = null)
    public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args)
    public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args, CustomResourceOptions options)
    
    type: rancher2:PodSecurityPolicyTemplate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    PodSecurityPolicyTemplate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The PodSecurityPolicyTemplate resource accepts the following input properties:

    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities List<string>
    (list)
    AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    AllowedProcMountTypes List<string>
    (list)
    AllowedUnsafeSysctls List<string>
    (list)
    Annotations Dictionary<string, object>
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities List<string>
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls List<string>
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    Labels Dictionary<string, object>
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities List<string>
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    Volumes List<string>
    (list)
    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities []string
    (list)
    AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriverArgs
    (list)
    AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolumeArgs
    (list)
    AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPathArgs
    (list)
    AllowedProcMountTypes []string
    (list)
    AllowedUnsafeSysctls []string
    (list)
    Annotations map[string]interface{}
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities []string
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls []string
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts []PodSecurityPolicyTemplateHostPortArgs
    (list)
    Labels map[string]interface{}
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities []string
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    Volumes []string
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    allowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    allowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<String,Object>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    labels Map<String,Object>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes List<String>
    (list)
    allowPrivilegeEscalation boolean
    = (Optional)
    allowedCapabilities string[]
    (list)
    allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]
    (list)
    allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]
    (list)
    allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]
    (list)
    allowedProcMountTypes string[]
    (list)
    allowedUnsafeSysctls string[]
    (list)
    annotations {[key: string]: any}
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities string[]
    (list)
    defaultAllowPrivilegeEscalation boolean
    (list)
    description string
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls string[]
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc boolean
    (bool)
    hostNetwork boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid boolean
    (bool)
    hostPorts PodSecurityPolicyTemplateHostPort[]
    (list)
    labels {[key: string]: any}
    Labels for PodSecurityPolicyTemplate object (map)
    name string
    The name of the PodSecurityPolicyTemplate (string)
    privileged boolean
    (bool)
    readOnlyRootFilesystem boolean
    (bool)
    requiredDropCapabilities string[]
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes string[]
    (list)
    allow_privilege_escalation bool
    = (Optional)
    allowed_capabilities Sequence[str]
    (list)
    allowed_csi_drivers Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]
    (list)
    allowed_flex_volumes Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]
    (list)
    allowed_host_paths Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]
    (list)
    allowed_proc_mount_types Sequence[str]
    (list)
    allowed_unsafe_sysctls Sequence[str]
    (list)
    annotations Mapping[str, Any]
    Annotations for PodSecurityPolicyTemplate object (map)
    default_add_capabilities Sequence[str]
    (list)
    default_allow_privilege_escalation bool
    (list)
    description str
    The PodSecurityPolicyTemplate description (string)
    forbidden_sysctls Sequence[str]
    (list)
    fs_group PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    host_ipc bool
    (bool)
    host_network bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    host_pid bool
    (bool)
    host_ports Sequence[PodSecurityPolicyTemplateHostPortArgs]
    (list)
    labels Mapping[str, Any]
    Labels for PodSecurityPolicyTemplate object (map)
    name str
    The name of the PodSecurityPolicyTemplate (string)
    privileged bool
    (bool)
    read_only_root_filesystem bool
    (bool)
    required_drop_capabilities Sequence[str]
    (list)
    run_as_group PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    run_as_user PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    runtime_class PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    se_linux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    supplemental_group PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    volumes Sequence[str]
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<Property Map>
    (list)
    allowedFlexVolumes List<Property Map>
    (list)
    allowedHostPaths List<Property Map>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<Any>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup Property Map
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<Property Map>
    (list)
    labels Map<Any>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup Property Map
    (list maxitems:1)
    runAsUser Property Map
    (list maxitems:1)
    runtimeClass Property Map
    (list maxitems:1)
    seLinux Property Map
    (list maxitems:1)
    supplementalGroup Property Map
    (list maxitems:1)
    volumes List<String>
    (list)

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PodSecurityPolicyTemplate resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing PodSecurityPolicyTemplate Resource

    Get an existing PodSecurityPolicyTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PodSecurityPolicyTemplateState, opts?: CustomResourceOptions): PodSecurityPolicyTemplate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_privilege_escalation: Optional[bool] = None,
            allowed_capabilities: Optional[Sequence[str]] = None,
            allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
            allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
            allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
            allowed_proc_mount_types: Optional[Sequence[str]] = None,
            allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
            annotations: Optional[Mapping[str, Any]] = None,
            default_add_capabilities: Optional[Sequence[str]] = None,
            default_allow_privilege_escalation: Optional[bool] = None,
            description: Optional[str] = None,
            forbidden_sysctls: Optional[Sequence[str]] = None,
            fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
            host_ipc: Optional[bool] = None,
            host_network: Optional[bool] = None,
            host_pid: Optional[bool] = None,
            host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
            labels: Optional[Mapping[str, Any]] = None,
            name: Optional[str] = None,
            privileged: Optional[bool] = None,
            read_only_root_filesystem: Optional[bool] = None,
            required_drop_capabilities: Optional[Sequence[str]] = None,
            run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
            run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
            runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
            se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
            supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
            volumes: Optional[Sequence[str]] = None) -> PodSecurityPolicyTemplate
    func GetPodSecurityPolicyTemplate(ctx *Context, name string, id IDInput, state *PodSecurityPolicyTemplateState, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
    public static PodSecurityPolicyTemplate Get(string name, Input<string> id, PodSecurityPolicyTemplateState? state, CustomResourceOptions? opts = null)
    public static PodSecurityPolicyTemplate get(String name, Output<String> id, PodSecurityPolicyTemplateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities List<string>
    (list)
    AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    AllowedProcMountTypes List<string>
    (list)
    AllowedUnsafeSysctls List<string>
    (list)
    Annotations Dictionary<string, object>
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities List<string>
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls List<string>
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    Labels Dictionary<string, object>
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities List<string>
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    Volumes List<string>
    (list)
    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities []string
    (list)
    AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriverArgs
    (list)
    AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolumeArgs
    (list)
    AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPathArgs
    (list)
    AllowedProcMountTypes []string
    (list)
    AllowedUnsafeSysctls []string
    (list)
    Annotations map[string]interface{}
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities []string
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls []string
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts []PodSecurityPolicyTemplateHostPortArgs
    (list)
    Labels map[string]interface{}
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities []string
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    Volumes []string
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    allowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    allowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<String,Object>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    labels Map<String,Object>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes List<String>
    (list)
    allowPrivilegeEscalation boolean
    = (Optional)
    allowedCapabilities string[]
    (list)
    allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]
    (list)
    allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]
    (list)
    allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]
    (list)
    allowedProcMountTypes string[]
    (list)
    allowedUnsafeSysctls string[]
    (list)
    annotations {[key: string]: any}
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities string[]
    (list)
    defaultAllowPrivilegeEscalation boolean
    (list)
    description string
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls string[]
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc boolean
    (bool)
    hostNetwork boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid boolean
    (bool)
    hostPorts PodSecurityPolicyTemplateHostPort[]
    (list)
    labels {[key: string]: any}
    Labels for PodSecurityPolicyTemplate object (map)
    name string
    The name of the PodSecurityPolicyTemplate (string)
    privileged boolean
    (bool)
    readOnlyRootFilesystem boolean
    (bool)
    requiredDropCapabilities string[]
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes string[]
    (list)
    allow_privilege_escalation bool
    = (Optional)
    allowed_capabilities Sequence[str]
    (list)
    allowed_csi_drivers Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]
    (list)
    allowed_flex_volumes Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]
    (list)
    allowed_host_paths Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]
    (list)
    allowed_proc_mount_types Sequence[str]
    (list)
    allowed_unsafe_sysctls Sequence[str]
    (list)
    annotations Mapping[str, Any]
    Annotations for PodSecurityPolicyTemplate object (map)
    default_add_capabilities Sequence[str]
    (list)
    default_allow_privilege_escalation bool
    (list)
    description str
    The PodSecurityPolicyTemplate description (string)
    forbidden_sysctls Sequence[str]
    (list)
    fs_group PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    host_ipc bool
    (bool)
    host_network bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    host_pid bool
    (bool)
    host_ports Sequence[PodSecurityPolicyTemplateHostPortArgs]
    (list)
    labels Mapping[str, Any]
    Labels for PodSecurityPolicyTemplate object (map)
    name str
    The name of the PodSecurityPolicyTemplate (string)
    privileged bool
    (bool)
    read_only_root_filesystem bool
    (bool)
    required_drop_capabilities Sequence[str]
    (list)
    run_as_group PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    run_as_user PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    runtime_class PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    se_linux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    supplemental_group PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    volumes Sequence[str]
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<Property Map>
    (list)
    allowedFlexVolumes List<Property Map>
    (list)
    allowedHostPaths List<Property Map>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<Any>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup Property Map
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<Property Map>
    (list)
    labels Map<Any>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup Property Map
    (list maxitems:1)
    runAsUser Property Map
    (list maxitems:1)
    runtimeClass Property Map
    (list maxitems:1)
    seLinux Property Map
    (list maxitems:1)
    supplementalGroup Property Map
    (list maxitems:1)
    volumes List<String>
    (list)

    Supporting Types

    PodSecurityPolicyTemplateAllowedCsiDriver, PodSecurityPolicyTemplateAllowedCsiDriverArgs

    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    name string
    The name of the PodSecurityPolicyTemplate (string)
    name str
    The name of the PodSecurityPolicyTemplate (string)
    name String
    The name of the PodSecurityPolicyTemplate (string)

    PodSecurityPolicyTemplateAllowedFlexVolume, PodSecurityPolicyTemplateAllowedFlexVolumeArgs

    Driver string
    driver is the name of the Flexvolume driver.
    Driver string
    driver is the name of the Flexvolume driver.
    driver String
    driver is the name of the Flexvolume driver.
    driver string
    driver is the name of the Flexvolume driver.
    driver str
    driver is the name of the Flexvolume driver.
    driver String
    driver is the name of the Flexvolume driver.

    PodSecurityPolicyTemplateAllowedHostPath, PodSecurityPolicyTemplateAllowedHostPathArgs

    PathPrefix string
    (string)
    ReadOnly bool
    (string)
    PathPrefix string
    (string)
    ReadOnly bool
    (string)
    pathPrefix String
    (string)
    readOnly Boolean
    (string)
    pathPrefix string
    (string)
    readOnly boolean
    (string)
    path_prefix str
    (string)
    read_only bool
    (string)
    pathPrefix String
    (string)
    readOnly Boolean
    (string)

    PodSecurityPolicyTemplateFsGroup, PodSecurityPolicyTemplateFsGroupArgs

    ranges List<Property Map>
    (list)
    rule String
    (string)

    PodSecurityPolicyTemplateFsGroupRange, PodSecurityPolicyTemplateFsGroupRangeArgs

    Max int
    (int)
    Min int
    (int)
    Max int
    (int)
    Min int
    (int)
    max Integer
    (int)
    min Integer
    (int)
    max number
    (int)
    min number
    (int)
    max int
    (int)
    min int
    (int)
    max Number
    (int)
    min Number
    (int)

    PodSecurityPolicyTemplateHostPort, PodSecurityPolicyTemplateHostPortArgs

    Max int
    (int)
    Min int
    (int)
    Max int
    (int)
    Min int
    (int)
    max Integer
    (int)
    min Integer
    (int)
    max number
    (int)
    min number
    (int)
    max int
    (int)
    min int
    (int)
    max Number
    (int)
    min Number
    (int)

    PodSecurityPolicyTemplateRunAsGroup, PodSecurityPolicyTemplateRunAsGroupArgs

    rule String
    (string)
    ranges List<Property Map>
    (list)

    PodSecurityPolicyTemplateRunAsGroupRange, PodSecurityPolicyTemplateRunAsGroupRangeArgs

    Max int
    (int)
    Min int
    (int)
    Max int
    (int)
    Min int
    (int)
    max Integer
    (int)
    min Integer
    (int)
    max number
    (int)
    min number
    (int)
    max int
    (int)
    min int
    (int)
    max Number
    (int)
    min Number
    (int)

    PodSecurityPolicyTemplateRunAsUser, PodSecurityPolicyTemplateRunAsUserArgs

    rule String
    (string)
    ranges List<Property Map>
    (list)

    PodSecurityPolicyTemplateRunAsUserRange, PodSecurityPolicyTemplateRunAsUserRangeArgs

    Max int
    (int)
    Min int
    (int)
    Max int
    (int)
    Min int
    (int)
    max Integer
    (int)
    min Integer
    (int)
    max number
    (int)
    min number
    (int)
    max int
    (int)
    min int
    (int)
    max Number
    (int)
    min Number
    (int)

    PodSecurityPolicyTemplateRuntimeClass, PodSecurityPolicyTemplateRuntimeClassArgs

    AllowedRuntimeClassNames List<string>
    (list)
    DefaultRuntimeClassName string
    (string)
    allowedRuntimeClassNames List<String>
    (list)
    defaultRuntimeClassName String
    (string)
    allowedRuntimeClassNames List<String>
    (list)
    defaultRuntimeClassName String
    (string)

    PodSecurityPolicyTemplateSeLinux, PodSecurityPolicyTemplateSeLinuxArgs

    rule String
    (string)
    seLinuxOption Property Map
    (list maxitems:1)

    PodSecurityPolicyTemplateSeLinuxSeLinuxOption, PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs

    Level string
    (string)
    Role string
    (string)
    Type string
    (string)
    User string
    (string)
    Level string
    (string)
    Role string
    (string)
    Type string
    (string)
    User string
    (string)
    level String
    (string)
    role String
    (string)
    type String
    (string)
    user String
    (string)
    level string
    (string)
    role string
    (string)
    type string
    (string)
    user string
    (string)
    level str
    (string)
    role str
    (string)
    type str
    (string)
    user str
    (string)
    level String
    (string)
    role String
    (string)
    type String
    (string)
    user String
    (string)

    PodSecurityPolicyTemplateSupplementalGroup, PodSecurityPolicyTemplateSupplementalGroupArgs

    ranges List<Property Map>
    (list)
    rule String
    (string)

    PodSecurityPolicyTemplateSupplementalGroupRange, PodSecurityPolicyTemplateSupplementalGroupRangeArgs

    Max int
    (int)
    Min int
    (int)
    Max int
    (int)
    Min int
    (int)
    max Integer
    (int)
    min Integer
    (int)
    max number
    (int)
    min number
    (int)
    max int
    (int)
    min int
    (int)
    max Number
    (int)
    min Number
    (int)

    Import

    PodSecurityPolicyTemplate can be imported using the Rancher PodSecurityPolicyTemplate Name

    $ pulumi import rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate foo &lt;pod_security_policy_name&gt;
    

    Package Details

    Repository
    Rancher2 pulumi/pulumi-rancher2
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the rancher2 Terraform Provider.
    rancher2 logo
    Rancher 2 v6.1.0 published on Tuesday, Mar 12, 2024 by Pulumi