Docs Home
vkcs 0.9.3 published on Tuesday, Apr 15, 2025 by vk-cs
vkcs.KubernetesSecurityPolicy
Explore with Pulumi AI
Provides a kubernetes cluster security policy resource. This can be used to create, modify and delete kubernetes security policies.
New since v0.7.0.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vkcs from "@pulumi/vkcs";
const policySettings = {
ranges: [{
min_replicas: 1,
max_replicas: 2,
}],
};
const replicalimits = new vkcs.KubernetesSecurityPolicy("replicalimits", {
clusterId: vkcs_kubernetes_cluster.k8s_cluster.id,
enabled: true,
namespace: "*",
policySettings: JSON.stringify(policySettings),
securityPolicyTemplateId: data.vkcs_kubernetes_security_policy_template.replicalimits.id,
});
import pulumi
import json
import pulumi_vkcs as vkcs
policy_settings = {
"ranges": [{
"min_replicas": 1,
"max_replicas": 2,
}],
}
replicalimits = vkcs.KubernetesSecurityPolicy("replicalimits",
cluster_id=vkcs_kubernetes_cluster["k8s_cluster"]["id"],
enabled=True,
namespace="*",
policy_settings=json.dumps(policy_settings),
security_policy_template_id=data["vkcs_kubernetes_security_policy_template"]["replicalimits"]["id"])
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/vkcs/vkcs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policySettings := map[string]interface{}{
"ranges": []map[string]interface{}{
map[string]interface{}{
"min_replicas": 1,
"max_replicas": 2,
},
},
}
tmpJSON0, err := json.Marshal(policySettings)
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = vkcs.NewKubernetesSecurityPolicy(ctx, "replicalimits", &vkcs.KubernetesSecurityPolicyArgs{
ClusterId: pulumi.Any(vkcs_kubernetes_cluster.K8s_cluster.Id),
Enabled: pulumi.Bool(true),
Namespace: pulumi.String("*"),
PolicySettings: pulumi.String(json0),
SecurityPolicyTemplateId: pulumi.Any(data.Vkcs_kubernetes_security_policy_template.Replicalimits.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Vkcs = Pulumi.Vkcs;
return await Deployment.RunAsync(() =>
{
var policySettings =
{
{ "ranges", new[]
{
{
{ "min_replicas", 1 },
{ "max_replicas", 2 },
},
} },
};
var replicalimits = new Vkcs.KubernetesSecurityPolicy("replicalimits", new()
{
ClusterId = vkcs_kubernetes_cluster.K8s_cluster.Id,
Enabled = true,
Namespace = "*",
PolicySettings = JsonSerializer.Serialize(policySettings),
SecurityPolicyTemplateId = data.Vkcs_kubernetes_security_policy_template.Replicalimits.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vkcs.KubernetesSecurityPolicy;
import com.pulumi.vkcs.KubernetesSecurityPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var policySettings = %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var replicalimits = new KubernetesSecurityPolicy("replicalimits", KubernetesSecurityPolicyArgs.builder()
.clusterId(vkcs_kubernetes_cluster.k8s_cluster().id())
.enabled(true)
.namespace("*")
.policySettings(serializeJson(
policySettings))
.securityPolicyTemplateId(data.vkcs_kubernetes_security_policy_template().replicalimits().id())
.build());
}
}
resources:
replicalimits:
type: vkcs:KubernetesSecurityPolicy
properties:
clusterId: ${vkcs_kubernetes_cluster.k8s_cluster.id}
enabled: true
namespace: '*'
policySettings:
fn::toJSON: ${policySettings}
securityPolicyTemplateId: ${data.vkcs_kubernetes_security_policy_template.replicalimits.id}
variables:
policySettings:
ranges:
- min_replicas: 1
max_replicas: 2
Create KubernetesSecurityPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubernetesSecurityPolicy(name: string, args: KubernetesSecurityPolicyArgs, opts?: CustomResourceOptions);@overload
def KubernetesSecurityPolicy(resource_name: str,
args: KubernetesSecurityPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubernetesSecurityPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
cluster_id: Optional[str] = None,
namespace: Optional[str] = None,
policy_settings: Optional[str] = None,
security_policy_template_id: Optional[str] = None,
enabled: Optional[bool] = None,
region: Optional[str] = None)func NewKubernetesSecurityPolicy(ctx *Context, name string, args KubernetesSecurityPolicyArgs, opts ...ResourceOption) (*KubernetesSecurityPolicy, error)public KubernetesSecurityPolicy(string name, KubernetesSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public KubernetesSecurityPolicy(String name, KubernetesSecurityPolicyArgs args)
public KubernetesSecurityPolicy(String name, KubernetesSecurityPolicyArgs args, CustomResourceOptions options)
type: vkcs:KubernetesSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubernetesSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubernetesSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubernetesSecurityPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubernetesSecurityPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubernetesSecurityPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kubernetesSecurityPolicyResource = new Vkcs.KubernetesSecurityPolicy("kubernetesSecurityPolicyResource", new()
{
ClusterId = "string",
Namespace = "string",
PolicySettings = "string",
SecurityPolicyTemplateId = "string",
Enabled = false,
Region = "string",
});
example, err := vkcs.NewKubernetesSecurityPolicy(ctx, "kubernetesSecurityPolicyResource", &vkcs.KubernetesSecurityPolicyArgs{
ClusterId: pulumi.String("string"),
Namespace: pulumi.String("string"),
PolicySettings: pulumi.String("string"),
SecurityPolicyTemplateId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Region: pulumi.String("string"),
})
var kubernetesSecurityPolicyResource = new KubernetesSecurityPolicy("kubernetesSecurityPolicyResource", KubernetesSecurityPolicyArgs.builder()
.clusterId("string")
.namespace("string")
.policySettings("string")
.securityPolicyTemplateId("string")
.enabled(false)
.region("string")
.build());
kubernetes_security_policy_resource = vkcs.KubernetesSecurityPolicy("kubernetesSecurityPolicyResource",
cluster_id="string",
namespace="string",
policy_settings="string",
security_policy_template_id="string",
enabled=False,
region="string")
const kubernetesSecurityPolicyResource = new vkcs.KubernetesSecurityPolicy("kubernetesSecurityPolicyResource", {
clusterId: "string",
namespace: "string",
policySettings: "string",
securityPolicyTemplateId: "string",
enabled: false,
region: "string",
});
type: vkcs:KubernetesSecurityPolicy
properties:
clusterId: string
enabled: false
namespace: string
policySettings: string
region: string
securityPolicyTemplateId: string
KubernetesSecurityPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubernetesSecurityPolicy resource accepts the following input properties:
- Cluster
Id string - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- Namespace string
- required string → Namespace to apply security policy to.
- Policy
Settings string - required string → Policy settings.
- Security
Policy stringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- Enabled bool
- optional boolean → Controls whether the security policy is enabled. Default is true.
- Region string
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy.
- Cluster
Id string - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- Namespace string
- required string → Namespace to apply security policy to.
- Policy
Settings string - required string → Policy settings.
- Security
Policy stringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- Enabled bool
- optional boolean → Controls whether the security policy is enabled. Default is true.
- Region string
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy.
- cluster
Id String - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- namespace String
- required string → Namespace to apply security policy to.
- policy
Settings String - required string → Policy settings.
- security
Policy StringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- enabled Boolean
- optional boolean → Controls whether the security policy is enabled. Default is true.
- region String
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy.
- cluster
Id string - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- namespace string
- required string → Namespace to apply security policy to.
- policy
Settings string - required string → Policy settings.
- security
Policy stringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- enabled boolean
- optional boolean → Controls whether the security policy is enabled. Default is true.
- region string
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy.
- cluster_
id str - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- namespace str
- required string → Namespace to apply security policy to.
- policy_
settings str - required string → Policy settings.
- security_
policy_ strtemplate_ id - required string → The ID of the security policy template. Changing this creates a new security policy.
- enabled bool
- optional boolean → Controls whether the security policy is enabled. Default is true.
- region str
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy.
- cluster
Id String - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- namespace String
- required string → Namespace to apply security policy to.
- policy
Settings String - required string → Policy settings.
- security
Policy StringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- enabled Boolean
- optional boolean → Controls whether the security policy is enabled. Default is true.
- region String
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubernetesSecurityPolicy resource produces the following output properties:
- created_
at str - string → Creation timestamp
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at str - string → Update timestamp.
Look up Existing KubernetesSecurityPolicy Resource
Get an existing KubernetesSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesSecurityPolicyState, opts?: CustomResourceOptions): KubernetesSecurityPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cluster_id: Optional[str] = None,
created_at: Optional[str] = None,
enabled: Optional[bool] = None,
namespace: Optional[str] = None,
policy_settings: Optional[str] = None,
region: Optional[str] = None,
security_policy_template_id: Optional[str] = None,
updated_at: Optional[str] = None) -> KubernetesSecurityPolicyfunc GetKubernetesSecurityPolicy(ctx *Context, name string, id IDInput, state *KubernetesSecurityPolicyState, opts ...ResourceOption) (*KubernetesSecurityPolicy, error)public static KubernetesSecurityPolicy Get(string name, Input<string> id, KubernetesSecurityPolicyState? state, CustomResourceOptions? opts = null)public static KubernetesSecurityPolicy get(String name, Output<String> id, KubernetesSecurityPolicyState state, CustomResourceOptions options)resources: _: type: vkcs:KubernetesSecurityPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cluster
Id string - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- Created
At string - string → Creation timestamp
- Enabled bool
- optional boolean → Controls whether the security policy is enabled. Default is true.
- Namespace string
- required string → Namespace to apply security policy to.
- Policy
Settings string - required string → Policy settings.
- Region string
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy. - Security
Policy stringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- Updated
At string - string → Update timestamp.
- Cluster
Id string - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- Created
At string - string → Creation timestamp
- Enabled bool
- optional boolean → Controls whether the security policy is enabled. Default is true.
- Namespace string
- required string → Namespace to apply security policy to.
- Policy
Settings string - required string → Policy settings.
- Region string
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy. - Security
Policy stringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- Updated
At string - string → Update timestamp.
- cluster
Id String - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- created
At String - string → Creation timestamp
- enabled Boolean
- optional boolean → Controls whether the security policy is enabled. Default is true.
- namespace String
- required string → Namespace to apply security policy to.
- policy
Settings String - required string → Policy settings.
- region String
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy. - security
Policy StringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- updated
At String - string → Update timestamp.
- cluster
Id string - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- created
At string - string → Creation timestamp
- enabled boolean
- optional boolean → Controls whether the security policy is enabled. Default is true.
- namespace string
- required string → Namespace to apply security policy to.
- policy
Settings string - required string → Policy settings.
- region string
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy. - security
Policy stringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- updated
At string - string → Update timestamp.
- cluster_
id str - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- created_
at str - string → Creation timestamp
- enabled bool
- optional boolean → Controls whether the security policy is enabled. Default is true.
- namespace str
- required string → Namespace to apply security policy to.
- policy_
settings str - required string → Policy settings.
- region str
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy. - security_
policy_ strtemplate_ id - required string → The ID of the security policy template. Changing this creates a new security policy.
- updated_
at str - string → Update timestamp.
- cluster
Id String - required string → The ID of the kubernetes cluster. Changing this creates a new security policy.
- created
At String - string → Creation timestamp
- enabled Boolean
- optional boolean → Controls whether the security policy is enabled. Default is true.
- namespace String
- required string → Namespace to apply security policy to.
- policy
Settings String - required string → Policy settings.
- region String
- optional string → The region in which to obtain the Container Infra client. If omitted, the
regionargument of the provider is used. Changing this creates a new security policy. - security
Policy StringTemplate Id - required string → The ID of the security policy template. Changing this creates a new security policy.
- updated
At String - string → Update timestamp.
Import
Security policies can be imported using the id, e.g.
$ pulumi import vkcs:index/kubernetesSecurityPolicy:KubernetesSecurityPolicy sp 723bfe25-5b2b-4410-aba0-1c0ef6d1c8b0
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- vkcs vk-cs/terraform-provider-vkcs
- License
- Notes
- This Pulumi package is based on the
vkcsTerraform Provider.