Documentation

Overview

    Package policy is for any kind of policy object. Suitable examples, even if they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, NetworkPolicy, etc.

    Package v1beta1 is a generated protocol buffer package.
    
    It is generated from these files:
    	k8s.io/kubernetes/vendor/k8s.io/api/policy/v1beta1/generated.proto
    
    It has these top-level messages:
    	AllowedFlexVolume
    	AllowedHostPath
    	Eviction
    	FSGroupStrategyOptions
    	HostPortRange
    	IDRange
    	PodDisruptionBudget
    	PodDisruptionBudgetList
    	PodDisruptionBudgetSpec
    	PodDisruptionBudgetStatus
    	PodSecurityPolicy
    	PodSecurityPolicyList
    	PodSecurityPolicySpec
    	RunAsGroupStrategyOptions
    	RunAsUserStrategyOptions
    	SELinuxStrategyOptions
    	SupplementalGroupsStrategyOptions
    

    Index

    Constants

    View Source
    const GroupName = "policy"

      GroupName is the group name use in this package

      Variables

      View Source
      var (
      	ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
      	ErrIntOverflowGenerated   = fmt.Errorf("proto: integer overflow")
      )
      View Source
      var (
      	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
      	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
      	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
      
      	AddToScheme = localSchemeBuilder.AddToScheme
      )
      View Source
      var AllowAllCapabilities v1.Capability = "*"

        AllowAllCapabilities can be used as a value for the PodSecurityPolicy.AllowAllCapabilities field and means that any capabilities are allowed to be requested.

        View Source
        var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}

          SchemeGroupVersion is group version used to register these objects

          Functions

          func Resource

          func Resource(resource string) schema.GroupResource

            Resource takes an unqualified resource and returns a Group qualified GroupResource

            Types

            type AllowedFlexVolume

            type AllowedFlexVolume struct {
            	// driver is the name of the Flexvolume driver.
            	Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
            }

              AllowedFlexVolume represents a single Flexvolume that is allowed to be used.

              func (*AllowedFlexVolume) DeepCopy

              func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume

                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.

                func (*AllowedFlexVolume) DeepCopyInto

                func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume)

                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                  func (*AllowedFlexVolume) Descriptor

                  func (*AllowedFlexVolume) Descriptor() ([]byte, []int)

                  func (*AllowedFlexVolume) Marshal

                  func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error)

                  func (*AllowedFlexVolume) MarshalTo

                  func (m *AllowedFlexVolume) MarshalTo(dAtA []byte) (int, error)

                  func (*AllowedFlexVolume) ProtoMessage

                  func (*AllowedFlexVolume) ProtoMessage()

                  func (*AllowedFlexVolume) Reset

                  func (m *AllowedFlexVolume) Reset()

                  func (*AllowedFlexVolume) Size

                  func (m *AllowedFlexVolume) Size() (n int)

                  func (*AllowedFlexVolume) String

                  func (this *AllowedFlexVolume) String() string

                  func (AllowedFlexVolume) SwaggerDoc

                  func (AllowedFlexVolume) SwaggerDoc() map[string]string

                  func (*AllowedFlexVolume) Unmarshal

                  func (m *AllowedFlexVolume) Unmarshal(dAtA []byte) error

                  type AllowedHostPath

                  type AllowedHostPath struct {
                  	// pathPrefix is the path prefix that the host volume must match.
                  	// It does not support `*`.
                  	// Trailing slashes are trimmed when validating the path prefix with a host path.
                  	//
                  	// Examples:
                  	// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
                  	// `/foo` would not allow `/food` or `/etc/foo`
                  	PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"`
                  
                  	// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
                  	// +optional
                  	ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"`
                  }

                    AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.

                    func (*AllowedHostPath) DeepCopy

                    func (in *AllowedHostPath) DeepCopy() *AllowedHostPath

                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath.

                      func (*AllowedHostPath) DeepCopyInto

                      func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath)

                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                        func (*AllowedHostPath) Descriptor

                        func (*AllowedHostPath) Descriptor() ([]byte, []int)

                        func (*AllowedHostPath) Marshal

                        func (m *AllowedHostPath) Marshal() (dAtA []byte, err error)

                        func (*AllowedHostPath) MarshalTo

                        func (m *AllowedHostPath) MarshalTo(dAtA []byte) (int, error)

                        func (*AllowedHostPath) ProtoMessage

                        func (*AllowedHostPath) ProtoMessage()

                        func (*AllowedHostPath) Reset

                        func (m *AllowedHostPath) Reset()

                        func (*AllowedHostPath) Size

                        func (m *AllowedHostPath) Size() (n int)

                        func (*AllowedHostPath) String

                        func (this *AllowedHostPath) String() string

                        func (AllowedHostPath) SwaggerDoc

                        func (AllowedHostPath) SwaggerDoc() map[string]string

                        func (*AllowedHostPath) Unmarshal

                        func (m *AllowedHostPath) Unmarshal(dAtA []byte) error

                        type Eviction

                        type Eviction struct {
                        	metav1.TypeMeta `json:",inline"`
                        
                        	// ObjectMeta describes the pod that is being evicted.
                        	// +optional
                        	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                        
                        	// DeleteOptions may be provided
                        	// +optional
                        	DeleteOptions *metav1.DeleteOptions `json:"deleteOptions,omitempty" protobuf:"bytes,2,opt,name=deleteOptions"`
                        }

                          Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods/<pod name>/evictions.

                          func (*Eviction) DeepCopy

                          func (in *Eviction) DeepCopy() *Eviction

                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Eviction.

                            func (*Eviction) DeepCopyInto

                            func (in *Eviction) DeepCopyInto(out *Eviction)

                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                              func (*Eviction) DeepCopyObject

                              func (in *Eviction) DeepCopyObject() runtime.Object

                                DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                func (*Eviction) Descriptor

                                func (*Eviction) Descriptor() ([]byte, []int)

                                func (*Eviction) Marshal

                                func (m *Eviction) Marshal() (dAtA []byte, err error)

                                func (*Eviction) MarshalTo

                                func (m *Eviction) MarshalTo(dAtA []byte) (int, error)

                                func (*Eviction) ProtoMessage

                                func (*Eviction) ProtoMessage()

                                func (*Eviction) Reset

                                func (m *Eviction) Reset()

                                func (*Eviction) Size

                                func (m *Eviction) Size() (n int)

                                func (*Eviction) String

                                func (this *Eviction) String() string

                                func (Eviction) SwaggerDoc

                                func (Eviction) SwaggerDoc() map[string]string

                                func (*Eviction) Unmarshal

                                func (m *Eviction) Unmarshal(dAtA []byte) error

                                type FSGroupStrategyOptions

                                type FSGroupStrategyOptions struct {
                                	// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
                                	// +optional
                                	Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"`
                                	// ranges are the allowed ranges of fs groups.  If you would like to force a single
                                	// fs group then supply a single range with the same start and end. Required for MustRunAs.
                                	// +optional
                                	Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
                                }

                                  FSGroupStrategyOptions defines the strategy type and options used to create the strategy.

                                  func (*FSGroupStrategyOptions) DeepCopy

                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.

                                    func (*FSGroupStrategyOptions) DeepCopyInto

                                    func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions)

                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                      func (*FSGroupStrategyOptions) Descriptor

                                      func (*FSGroupStrategyOptions) Descriptor() ([]byte, []int)

                                      func (*FSGroupStrategyOptions) Marshal

                                      func (m *FSGroupStrategyOptions) Marshal() (dAtA []byte, err error)

                                      func (*FSGroupStrategyOptions) MarshalTo

                                      func (m *FSGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)

                                      func (*FSGroupStrategyOptions) ProtoMessage

                                      func (*FSGroupStrategyOptions) ProtoMessage()

                                      func (*FSGroupStrategyOptions) Reset

                                      func (m *FSGroupStrategyOptions) Reset()

                                      func (*FSGroupStrategyOptions) Size

                                      func (m *FSGroupStrategyOptions) Size() (n int)

                                      func (*FSGroupStrategyOptions) String

                                      func (this *FSGroupStrategyOptions) String() string

                                      func (FSGroupStrategyOptions) SwaggerDoc

                                      func (FSGroupStrategyOptions) SwaggerDoc() map[string]string

                                      func (*FSGroupStrategyOptions) Unmarshal

                                      func (m *FSGroupStrategyOptions) Unmarshal(dAtA []byte) error

                                      type FSGroupStrategyType

                                      type FSGroupStrategyType string

                                        FSGroupStrategyType denotes strategy types for generating FSGroup values for a SecurityContext

                                        const (
                                        	// FSGroupStrategyMayRunAs means that container does not need to have FSGroup of X applied.
                                        	// However, when FSGroups are specified, they have to fall in the defined range.
                                        	FSGroupStrategyMayRunAs FSGroupStrategyType = "MayRunAs"
                                        	// FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied.
                                        	FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
                                        	// FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels.
                                        	FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"
                                        )

                                        type FSType

                                        type FSType string

                                          FSType gives strong typing to different file systems that are used by volumes.

                                          var (
                                          	AzureFile             FSType = "azureFile"
                                          	Flocker               FSType = "flocker"
                                          	FlexVolume            FSType = "flexVolume"
                                          	HostPath              FSType = "hostPath"
                                          	EmptyDir              FSType = "emptyDir"
                                          	GCEPersistentDisk     FSType = "gcePersistentDisk"
                                          	AWSElasticBlockStore  FSType = "awsElasticBlockStore"
                                          	GitRepo               FSType = "gitRepo"
                                          	Secret                FSType = "secret"
                                          	NFS                   FSType = "nfs"
                                          	ISCSI                 FSType = "iscsi"
                                          	Glusterfs             FSType = "glusterfs"
                                          	PersistentVolumeClaim FSType = "persistentVolumeClaim"
                                          	RBD                   FSType = "rbd"
                                          	Cinder                FSType = "cinder"
                                          	CephFS                FSType = "cephFS"
                                          	DownwardAPI           FSType = "downwardAPI"
                                          	FC                    FSType = "fc"
                                          	ConfigMap             FSType = "configMap"
                                          	VsphereVolume         FSType = "vsphereVolume"
                                          	Quobyte               FSType = "quobyte"
                                          	AzureDisk             FSType = "azureDisk"
                                          	PhotonPersistentDisk  FSType = "photonPersistentDisk"
                                          	StorageOS             FSType = "storageos"
                                          	Projected             FSType = "projected"
                                          	PortworxVolume        FSType = "portworxVolume"
                                          	ScaleIO               FSType = "scaleIO"
                                          	CSI                   FSType = "csi"
                                          	All                   FSType = "*"
                                          )

                                          type HostPortRange

                                          type HostPortRange struct {
                                          	// min is the start of the range, inclusive.
                                          	Min int32 `json:"min" protobuf:"varint,1,opt,name=min"`
                                          	// max is the end of the range, inclusive.
                                          	Max int32 `json:"max" protobuf:"varint,2,opt,name=max"`
                                          }

                                            HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.

                                            func (*HostPortRange) DeepCopy

                                            func (in *HostPortRange) DeepCopy() *HostPortRange

                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange.

                                              func (*HostPortRange) DeepCopyInto

                                              func (in *HostPortRange) DeepCopyInto(out *HostPortRange)

                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                func (*HostPortRange) Descriptor

                                                func (*HostPortRange) Descriptor() ([]byte, []int)

                                                func (*HostPortRange) Marshal

                                                func (m *HostPortRange) Marshal() (dAtA []byte, err error)

                                                func (*HostPortRange) MarshalTo

                                                func (m *HostPortRange) MarshalTo(dAtA []byte) (int, error)

                                                func (*HostPortRange) ProtoMessage

                                                func (*HostPortRange) ProtoMessage()

                                                func (*HostPortRange) Reset

                                                func (m *HostPortRange) Reset()

                                                func (*HostPortRange) Size

                                                func (m *HostPortRange) Size() (n int)

                                                func (*HostPortRange) String

                                                func (this *HostPortRange) String() string

                                                func (HostPortRange) SwaggerDoc

                                                func (HostPortRange) SwaggerDoc() map[string]string

                                                func (*HostPortRange) Unmarshal

                                                func (m *HostPortRange) Unmarshal(dAtA []byte) error

                                                type IDRange

                                                type IDRange struct {
                                                	// min is the start of the range, inclusive.
                                                	Min int64 `json:"min" protobuf:"varint,1,opt,name=min"`
                                                	// max is the end of the range, inclusive.
                                                	Max int64 `json:"max" protobuf:"varint,2,opt,name=max"`
                                                }

                                                  IDRange provides a min/max of an allowed range of IDs.

                                                  func (*IDRange) DeepCopy

                                                  func (in *IDRange) DeepCopy() *IDRange

                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.

                                                    func (*IDRange) DeepCopyInto

                                                    func (in *IDRange) DeepCopyInto(out *IDRange)

                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                      func (*IDRange) Descriptor

                                                      func (*IDRange) Descriptor() ([]byte, []int)

                                                      func (*IDRange) Marshal

                                                      func (m *IDRange) Marshal() (dAtA []byte, err error)

                                                      func (*IDRange) MarshalTo

                                                      func (m *IDRange) MarshalTo(dAtA []byte) (int, error)

                                                      func (*IDRange) ProtoMessage

                                                      func (*IDRange) ProtoMessage()

                                                      func (*IDRange) Reset

                                                      func (m *IDRange) Reset()

                                                      func (*IDRange) Size

                                                      func (m *IDRange) Size() (n int)

                                                      func (*IDRange) String

                                                      func (this *IDRange) String() string

                                                      func (IDRange) SwaggerDoc

                                                      func (IDRange) SwaggerDoc() map[string]string

                                                      func (*IDRange) Unmarshal

                                                      func (m *IDRange) Unmarshal(dAtA []byte) error

                                                      type PodDisruptionBudget

                                                      type PodDisruptionBudget struct {
                                                      	metav1.TypeMeta `json:",inline"`
                                                      	// +optional
                                                      	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                                      
                                                      	// Specification of the desired behavior of the PodDisruptionBudget.
                                                      	// +optional
                                                      	Spec PodDisruptionBudgetSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
                                                      	// Most recently observed status of the PodDisruptionBudget.
                                                      	// +optional
                                                      	Status PodDisruptionBudgetStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
                                                      }

                                                        PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods

                                                        func (*PodDisruptionBudget) DeepCopy

                                                        func (in *PodDisruptionBudget) DeepCopy() *PodDisruptionBudget

                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudget.

                                                          func (*PodDisruptionBudget) DeepCopyInto

                                                          func (in *PodDisruptionBudget) DeepCopyInto(out *PodDisruptionBudget)

                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                            func (*PodDisruptionBudget) DeepCopyObject

                                                            func (in *PodDisruptionBudget) DeepCopyObject() runtime.Object

                                                              DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                              func (*PodDisruptionBudget) Descriptor

                                                              func (*PodDisruptionBudget) Descriptor() ([]byte, []int)

                                                              func (*PodDisruptionBudget) Marshal

                                                              func (m *PodDisruptionBudget) Marshal() (dAtA []byte, err error)

                                                              func (*PodDisruptionBudget) MarshalTo

                                                              func (m *PodDisruptionBudget) MarshalTo(dAtA []byte) (int, error)

                                                              func (*PodDisruptionBudget) ProtoMessage

                                                              func (*PodDisruptionBudget) ProtoMessage()

                                                              func (*PodDisruptionBudget) Reset

                                                              func (m *PodDisruptionBudget) Reset()

                                                              func (*PodDisruptionBudget) Size

                                                              func (m *PodDisruptionBudget) Size() (n int)

                                                              func (*PodDisruptionBudget) String

                                                              func (this *PodDisruptionBudget) String() string

                                                              func (PodDisruptionBudget) SwaggerDoc

                                                              func (PodDisruptionBudget) SwaggerDoc() map[string]string

                                                              func (*PodDisruptionBudget) Unmarshal

                                                              func (m *PodDisruptionBudget) Unmarshal(dAtA []byte) error

                                                              type PodDisruptionBudgetList

                                                              type PodDisruptionBudgetList struct {
                                                              	metav1.TypeMeta `json:",inline"`
                                                              	// +optional
                                                              	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                                              	Items           []PodDisruptionBudget `json:"items" protobuf:"bytes,2,rep,name=items"`
                                                              }

                                                                PodDisruptionBudgetList is a collection of PodDisruptionBudgets.

                                                                func (*PodDisruptionBudgetList) DeepCopy

                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetList.

                                                                  func (*PodDisruptionBudgetList) DeepCopyInto

                                                                  func (in *PodDisruptionBudgetList) DeepCopyInto(out *PodDisruptionBudgetList)

                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                    func (*PodDisruptionBudgetList) DeepCopyObject

                                                                    func (in *PodDisruptionBudgetList) DeepCopyObject() runtime.Object

                                                                      DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                      func (*PodDisruptionBudgetList) Descriptor

                                                                      func (*PodDisruptionBudgetList) Descriptor() ([]byte, []int)

                                                                      func (*PodDisruptionBudgetList) Marshal

                                                                      func (m *PodDisruptionBudgetList) Marshal() (dAtA []byte, err error)

                                                                      func (*PodDisruptionBudgetList) MarshalTo

                                                                      func (m *PodDisruptionBudgetList) MarshalTo(dAtA []byte) (int, error)

                                                                      func (*PodDisruptionBudgetList) ProtoMessage

                                                                      func (*PodDisruptionBudgetList) ProtoMessage()

                                                                      func (*PodDisruptionBudgetList) Reset

                                                                      func (m *PodDisruptionBudgetList) Reset()

                                                                      func (*PodDisruptionBudgetList) Size

                                                                      func (m *PodDisruptionBudgetList) Size() (n int)

                                                                      func (*PodDisruptionBudgetList) String

                                                                      func (this *PodDisruptionBudgetList) String() string

                                                                      func (PodDisruptionBudgetList) SwaggerDoc

                                                                      func (PodDisruptionBudgetList) SwaggerDoc() map[string]string

                                                                      func (*PodDisruptionBudgetList) Unmarshal

                                                                      func (m *PodDisruptionBudgetList) Unmarshal(dAtA []byte) error

                                                                      type PodDisruptionBudgetSpec

                                                                      type PodDisruptionBudgetSpec struct {
                                                                      	// An eviction is allowed if at least "minAvailable" pods selected by
                                                                      	// "selector" will still be available after the eviction, i.e. even in the
                                                                      	// absence of the evicted pod.  So for example you can prevent all voluntary
                                                                      	// evictions by specifying "100%".
                                                                      	// +optional
                                                                      	MinAvailable *intstr.IntOrString `json:"minAvailable,omitempty" protobuf:"bytes,1,opt,name=minAvailable"`
                                                                      
                                                                      	// Label query over pods whose evictions are managed by the disruption
                                                                      	// budget.
                                                                      	// +optional
                                                                      	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,2,opt,name=selector"`
                                                                      
                                                                      	// An eviction is allowed if at most "maxUnavailable" pods selected by
                                                                      	// "selector" are unavailable after the eviction, i.e. even in absence of
                                                                      	// the evicted pod. For example, one can prevent all voluntary evictions
                                                                      	// by specifying 0. This is a mutually exclusive setting with "minAvailable".
                                                                      	// +optional
                                                                      	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty" protobuf:"bytes,3,opt,name=maxUnavailable"`
                                                                      }

                                                                        PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.

                                                                        func (*PodDisruptionBudgetSpec) DeepCopy

                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetSpec.

                                                                          func (*PodDisruptionBudgetSpec) DeepCopyInto

                                                                          func (in *PodDisruptionBudgetSpec) DeepCopyInto(out *PodDisruptionBudgetSpec)

                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                            func (*PodDisruptionBudgetSpec) Descriptor

                                                                            func (*PodDisruptionBudgetSpec) Descriptor() ([]byte, []int)

                                                                            func (*PodDisruptionBudgetSpec) Marshal

                                                                            func (m *PodDisruptionBudgetSpec) Marshal() (dAtA []byte, err error)

                                                                            func (*PodDisruptionBudgetSpec) MarshalTo

                                                                            func (m *PodDisruptionBudgetSpec) MarshalTo(dAtA []byte) (int, error)

                                                                            func (*PodDisruptionBudgetSpec) ProtoMessage

                                                                            func (*PodDisruptionBudgetSpec) ProtoMessage()

                                                                            func (*PodDisruptionBudgetSpec) Reset

                                                                            func (m *PodDisruptionBudgetSpec) Reset()

                                                                            func (*PodDisruptionBudgetSpec) Size

                                                                            func (m *PodDisruptionBudgetSpec) Size() (n int)

                                                                            func (*PodDisruptionBudgetSpec) String

                                                                            func (this *PodDisruptionBudgetSpec) String() string

                                                                            func (PodDisruptionBudgetSpec) SwaggerDoc

                                                                            func (PodDisruptionBudgetSpec) SwaggerDoc() map[string]string

                                                                            func (*PodDisruptionBudgetSpec) Unmarshal

                                                                            func (m *PodDisruptionBudgetSpec) Unmarshal(dAtA []byte) error

                                                                            type PodDisruptionBudgetStatus

                                                                            type PodDisruptionBudgetStatus struct {
                                                                            	// Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other
                                                                            	// status informatio is valid only if observedGeneration equals to PDB's object generation.
                                                                            	// +optional
                                                                            	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"`
                                                                            
                                                                            	// DisruptedPods contains information about pods whose eviction was
                                                                            	// processed by the API server eviction subresource handler but has not
                                                                            	// yet been observed by the PodDisruptionBudget controller.
                                                                            	// A pod will be in this map from the time when the API server processed the
                                                                            	// eviction request to the time when the pod is seen by PDB controller
                                                                            	// as having been marked for deletion (or after a timeout). The key in the map is the name of the pod
                                                                            	// and the value is the time when the API server processed the eviction request. If
                                                                            	// the deletion didn't occur and a pod is still there it will be removed from
                                                                            	// the list automatically by PodDisruptionBudget controller after some time.
                                                                            	// If everything goes smooth this map should be empty for the most of the time.
                                                                            	// Large number of entries in the map may indicate problems with pod deletions.
                                                                            	// +optional
                                                                            	DisruptedPods map[string]metav1.Time `json:"disruptedPods,omitempty" protobuf:"bytes,2,rep,name=disruptedPods"`
                                                                            
                                                                            	// Number of pod disruptions that are currently allowed.
                                                                            	PodDisruptionsAllowed int32 `json:"disruptionsAllowed" protobuf:"varint,3,opt,name=disruptionsAllowed"`
                                                                            
                                                                            	// current number of healthy pods
                                                                            	CurrentHealthy int32 `json:"currentHealthy" protobuf:"varint,4,opt,name=currentHealthy"`
                                                                            
                                                                            	// minimum desired number of healthy pods
                                                                            	DesiredHealthy int32 `json:"desiredHealthy" protobuf:"varint,5,opt,name=desiredHealthy"`
                                                                            
                                                                            	// total number of pods counted by this disruption budget
                                                                            	ExpectedPods int32 `json:"expectedPods" protobuf:"varint,6,opt,name=expectedPods"`
                                                                            }

                                                                              PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.

                                                                              func (*PodDisruptionBudgetStatus) DeepCopy

                                                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDisruptionBudgetStatus.

                                                                                func (*PodDisruptionBudgetStatus) DeepCopyInto

                                                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                  func (*PodDisruptionBudgetStatus) Descriptor

                                                                                  func (*PodDisruptionBudgetStatus) Descriptor() ([]byte, []int)

                                                                                  func (*PodDisruptionBudgetStatus) Marshal

                                                                                  func (m *PodDisruptionBudgetStatus) Marshal() (dAtA []byte, err error)

                                                                                  func (*PodDisruptionBudgetStatus) MarshalTo

                                                                                  func (m *PodDisruptionBudgetStatus) MarshalTo(dAtA []byte) (int, error)

                                                                                  func (*PodDisruptionBudgetStatus) ProtoMessage

                                                                                  func (*PodDisruptionBudgetStatus) ProtoMessage()

                                                                                  func (*PodDisruptionBudgetStatus) Reset

                                                                                  func (m *PodDisruptionBudgetStatus) Reset()

                                                                                  func (*PodDisruptionBudgetStatus) Size

                                                                                  func (m *PodDisruptionBudgetStatus) Size() (n int)

                                                                                  func (*PodDisruptionBudgetStatus) String

                                                                                  func (this *PodDisruptionBudgetStatus) String() string

                                                                                  func (PodDisruptionBudgetStatus) SwaggerDoc

                                                                                  func (PodDisruptionBudgetStatus) SwaggerDoc() map[string]string

                                                                                  func (*PodDisruptionBudgetStatus) Unmarshal

                                                                                  func (m *PodDisruptionBudgetStatus) Unmarshal(dAtA []byte) error

                                                                                  type PodSecurityPolicy

                                                                                  type PodSecurityPolicy struct {
                                                                                  	metav1.TypeMeta `json:",inline"`
                                                                                  	// Standard object's metadata.
                                                                                  	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
                                                                                  	// +optional
                                                                                  	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                                                                  
                                                                                  	// spec defines the policy enforced.
                                                                                  	// +optional
                                                                                  	Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
                                                                                  }

                                                                                    PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.

                                                                                    func (*PodSecurityPolicy) DeepCopy

                                                                                    func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy

                                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy.

                                                                                      func (*PodSecurityPolicy) DeepCopyInto

                                                                                      func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy)

                                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                        func (*PodSecurityPolicy) DeepCopyObject

                                                                                        func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object

                                                                                          DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                          func (*PodSecurityPolicy) Descriptor

                                                                                          func (*PodSecurityPolicy) Descriptor() ([]byte, []int)

                                                                                          func (*PodSecurityPolicy) Marshal

                                                                                          func (m *PodSecurityPolicy) Marshal() (dAtA []byte, err error)

                                                                                          func (*PodSecurityPolicy) MarshalTo

                                                                                          func (m *PodSecurityPolicy) MarshalTo(dAtA []byte) (int, error)

                                                                                          func (*PodSecurityPolicy) ProtoMessage

                                                                                          func (*PodSecurityPolicy) ProtoMessage()

                                                                                          func (*PodSecurityPolicy) Reset

                                                                                          func (m *PodSecurityPolicy) Reset()

                                                                                          func (*PodSecurityPolicy) Size

                                                                                          func (m *PodSecurityPolicy) Size() (n int)

                                                                                          func (*PodSecurityPolicy) String

                                                                                          func (this *PodSecurityPolicy) String() string

                                                                                          func (PodSecurityPolicy) SwaggerDoc

                                                                                          func (PodSecurityPolicy) SwaggerDoc() map[string]string

                                                                                          func (*PodSecurityPolicy) Unmarshal

                                                                                          func (m *PodSecurityPolicy) Unmarshal(dAtA []byte) error

                                                                                          type PodSecurityPolicyList

                                                                                          type PodSecurityPolicyList struct {
                                                                                          	metav1.TypeMeta `json:",inline"`
                                                                                          	// Standard list metadata.
                                                                                          	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
                                                                                          	// +optional
                                                                                          	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                                                                          
                                                                                          	// items is a list of schema objects.
                                                                                          	Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"`
                                                                                          }

                                                                                            PodSecurityPolicyList is a list of PodSecurityPolicy objects.

                                                                                            func (*PodSecurityPolicyList) DeepCopy

                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList.

                                                                                              func (*PodSecurityPolicyList) DeepCopyInto

                                                                                              func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList)

                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                func (*PodSecurityPolicyList) DeepCopyObject

                                                                                                func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object

                                                                                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                  func (*PodSecurityPolicyList) Descriptor

                                                                                                  func (*PodSecurityPolicyList) Descriptor() ([]byte, []int)

                                                                                                  func (*PodSecurityPolicyList) Marshal

                                                                                                  func (m *PodSecurityPolicyList) Marshal() (dAtA []byte, err error)

                                                                                                  func (*PodSecurityPolicyList) MarshalTo

                                                                                                  func (m *PodSecurityPolicyList) MarshalTo(dAtA []byte) (int, error)

                                                                                                  func (*PodSecurityPolicyList) ProtoMessage

                                                                                                  func (*PodSecurityPolicyList) ProtoMessage()

                                                                                                  func (*PodSecurityPolicyList) Reset

                                                                                                  func (m *PodSecurityPolicyList) Reset()

                                                                                                  func (*PodSecurityPolicyList) Size

                                                                                                  func (m *PodSecurityPolicyList) Size() (n int)

                                                                                                  func (*PodSecurityPolicyList) String

                                                                                                  func (this *PodSecurityPolicyList) String() string

                                                                                                  func (PodSecurityPolicyList) SwaggerDoc

                                                                                                  func (PodSecurityPolicyList) SwaggerDoc() map[string]string

                                                                                                  func (*PodSecurityPolicyList) Unmarshal

                                                                                                  func (m *PodSecurityPolicyList) Unmarshal(dAtA []byte) error

                                                                                                  type PodSecurityPolicySpec

                                                                                                  type PodSecurityPolicySpec struct {
                                                                                                  	// privileged determines if a pod can request to be run as privileged.
                                                                                                  	// +optional
                                                                                                  	Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"`
                                                                                                  	// defaultAddCapabilities is the default set of capabilities that will be added to the container
                                                                                                  	// unless the pod spec specifically drops the capability.  You may not list a capability in both
                                                                                                  	// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
                                                                                                  	// allowed, and need not be included in the allowedCapabilities list.
                                                                                                  	// +optional
                                                                                                  	DefaultAddCapabilities []v1.Capability `` /* 129-byte string literal not displayed */
                                                                                                  	// requiredDropCapabilities are the capabilities that will be dropped from the container.  These
                                                                                                  	// are required to be dropped and cannot be added.
                                                                                                  	// +optional
                                                                                                  	RequiredDropCapabilities []v1.Capability `` /* 133-byte string literal not displayed */
                                                                                                  	// allowedCapabilities is a list of capabilities that can be requested to add to the container.
                                                                                                  	// Capabilities in this field may be added at the pod author's discretion.
                                                                                                  	// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
                                                                                                  	// +optional
                                                                                                  	AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"`
                                                                                                  	// volumes is a white list of allowed volume plugins. Empty indicates that
                                                                                                  	// no volumes may be used. To allow all volumes you may use '*'.
                                                                                                  	// +optional
                                                                                                  	Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"`
                                                                                                  	// hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
                                                                                                  	// +optional
                                                                                                  	HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,6,opt,name=hostNetwork"`
                                                                                                  	// hostPorts determines which host port ranges are allowed to be exposed.
                                                                                                  	// +optional
                                                                                                  	HostPorts []HostPortRange `json:"hostPorts,omitempty" protobuf:"bytes,7,rep,name=hostPorts"`
                                                                                                  	// hostPID determines if the policy allows the use of HostPID in the pod spec.
                                                                                                  	// +optional
                                                                                                  	HostPID bool `json:"hostPID,omitempty" protobuf:"varint,8,opt,name=hostPID"`
                                                                                                  	// hostIPC determines if the policy allows the use of HostIPC in the pod spec.
                                                                                                  	// +optional
                                                                                                  	HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,9,opt,name=hostIPC"`
                                                                                                  	// seLinux is the strategy that will dictate the allowable labels that may be set.
                                                                                                  	SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
                                                                                                  	// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
                                                                                                  	RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
                                                                                                  	// RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
                                                                                                  	// If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
                                                                                                  	// RunAsGroup feature gate to be enabled.
                                                                                                  	// +optional
                                                                                                  	RunAsGroup *RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,22,opt,name=runAsGroup"`
                                                                                                  	// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
                                                                                                  	SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
                                                                                                  	// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
                                                                                                  	FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"`
                                                                                                  	// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
                                                                                                  	// system.  If the container specifically requests to run with a non-read only root file system
                                                                                                  	// the PSP should deny the pod.
                                                                                                  	// If set to false the container may run with a read only root file system if it wishes but it
                                                                                                  	// will not be forced to.
                                                                                                  	// +optional
                                                                                                  	ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
                                                                                                  	// defaultAllowPrivilegeEscalation controls the default setting for whether a
                                                                                                  	// process can gain more privileges than its parent process.
                                                                                                  	// +optional
                                                                                                  	DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
                                                                                                  	// allowPrivilegeEscalation determines if a pod can request to allow
                                                                                                  	// privilege escalation. If unspecified, defaults to true.
                                                                                                  	// +optional
                                                                                                  	AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`
                                                                                                  	// allowedHostPaths is a white list of allowed host paths. Empty indicates
                                                                                                  	// that all host paths may be used.
                                                                                                  	// +optional
                                                                                                  	AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"`
                                                                                                  	// allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all
                                                                                                  	// Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
                                                                                                  	// is allowed in the "volumes" field.
                                                                                                  	// +optional
                                                                                                  	AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"`
                                                                                                  	// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
                                                                                                  	// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
                                                                                                  	// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
                                                                                                  	// Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
                                                                                                  	//
                                                                                                  	// Examples:
                                                                                                  	// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
                                                                                                  	// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
                                                                                                  	// +optional
                                                                                                  	AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"`
                                                                                                  	// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
                                                                                                  	// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
                                                                                                  	// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
                                                                                                  	//
                                                                                                  	// Examples:
                                                                                                  	// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
                                                                                                  	// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
                                                                                                  	// +optional
                                                                                                  	ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"`
                                                                                                  	// AllowedProcMountTypes is a whitelist of allowed ProcMountTypes.
                                                                                                  	// Empty or nil indicates that only the DefaultProcMountType may be used.
                                                                                                  	// This requires the ProcMountType feature flag to be enabled.
                                                                                                  	// +optional
                                                                                                  	AllowedProcMountTypes []v1.ProcMountType `json:"allowedProcMountTypes,omitempty" protobuf:"bytes,21,opt,name=allowedProcMountTypes"`
                                                                                                  }

                                                                                                    PodSecurityPolicySpec defines the policy enforced.

                                                                                                    func (*PodSecurityPolicySpec) DeepCopy

                                                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec.

                                                                                                      func (*PodSecurityPolicySpec) DeepCopyInto

                                                                                                      func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec)

                                                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                        func (*PodSecurityPolicySpec) Descriptor

                                                                                                        func (*PodSecurityPolicySpec) Descriptor() ([]byte, []int)

                                                                                                        func (*PodSecurityPolicySpec) Marshal

                                                                                                        func (m *PodSecurityPolicySpec) Marshal() (dAtA []byte, err error)

                                                                                                        func (*PodSecurityPolicySpec) MarshalTo

                                                                                                        func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error)

                                                                                                        func (*PodSecurityPolicySpec) ProtoMessage

                                                                                                        func (*PodSecurityPolicySpec) ProtoMessage()

                                                                                                        func (*PodSecurityPolicySpec) Reset

                                                                                                        func (m *PodSecurityPolicySpec) Reset()

                                                                                                        func (*PodSecurityPolicySpec) Size

                                                                                                        func (m *PodSecurityPolicySpec) Size() (n int)

                                                                                                        func (*PodSecurityPolicySpec) String

                                                                                                        func (this *PodSecurityPolicySpec) String() string

                                                                                                        func (PodSecurityPolicySpec) SwaggerDoc

                                                                                                        func (PodSecurityPolicySpec) SwaggerDoc() map[string]string

                                                                                                        func (*PodSecurityPolicySpec) Unmarshal

                                                                                                        func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error

                                                                                                        type RunAsGroupStrategy

                                                                                                        type RunAsGroupStrategy string

                                                                                                          RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a Security Context.

                                                                                                          const (
                                                                                                          	// RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid.
                                                                                                          	// However, when RunAsGroup are specified, they have to fall in the defined range.
                                                                                                          	RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs"
                                                                                                          	// RunAsGroupStrategyMustRunAs means that container must run as a particular gid.
                                                                                                          	RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs"
                                                                                                          	// RunAsUserStrategyRunAsAny means that container may make requests for any gid.
                                                                                                          	RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny"
                                                                                                          )

                                                                                                          type RunAsGroupStrategyOptions

                                                                                                          type RunAsGroupStrategyOptions struct {
                                                                                                          	// rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
                                                                                                          	Rule RunAsGroupStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsGroupStrategy"`
                                                                                                          	// ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
                                                                                                          	// then supply a single range with the same start and end. Required for MustRunAs.
                                                                                                          	// +optional
                                                                                                          	Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
                                                                                                          }

                                                                                                            RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.

                                                                                                            func (*RunAsGroupStrategyOptions) DeepCopy

                                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.

                                                                                                              func (*RunAsGroupStrategyOptions) DeepCopyInto

                                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                func (*RunAsGroupStrategyOptions) Descriptor

                                                                                                                func (*RunAsGroupStrategyOptions) Descriptor() ([]byte, []int)

                                                                                                                func (*RunAsGroupStrategyOptions) Marshal

                                                                                                                func (m *RunAsGroupStrategyOptions) Marshal() (dAtA []byte, err error)

                                                                                                                func (*RunAsGroupStrategyOptions) MarshalTo

                                                                                                                func (m *RunAsGroupStrategyOptions) MarshalTo(dAtA []byte) (int, error)

                                                                                                                func (*RunAsGroupStrategyOptions) ProtoMessage

                                                                                                                func (*RunAsGroupStrategyOptions) ProtoMessage()

                                                                                                                func (*RunAsGroupStrategyOptions) Reset

                                                                                                                func (m *RunAsGroupStrategyOptions) Reset()

                                                                                                                func (*RunAsGroupStrategyOptions) Size

                                                                                                                func (m *RunAsGroupStrategyOptions) Size() (n int)

                                                                                                                func (*RunAsGroupStrategyOptions) String

                                                                                                                func (this *RunAsGroupStrategyOptions) String() string

                                                                                                                func (RunAsGroupStrategyOptions) SwaggerDoc

                                                                                                                func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string

                                                                                                                func (*RunAsGroupStrategyOptions) Unmarshal

                                                                                                                func (m *RunAsGroupStrategyOptions) Unmarshal(dAtA []byte) error

                                                                                                                type RunAsUserStrategy

                                                                                                                type RunAsUserStrategy string

                                                                                                                  RunAsUserStrategy denotes strategy types for generating RunAsUser values for a Security Context.

                                                                                                                  const (
                                                                                                                  	// RunAsUserStrategyMustRunAs means that container must run as a particular uid.
                                                                                                                  	RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs"
                                                                                                                  	// RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid.
                                                                                                                  	RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot"
                                                                                                                  	// RunAsUserStrategyRunAsAny means that container may make requests for any uid.
                                                                                                                  	RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
                                                                                                                  )

                                                                                                                  type RunAsUserStrategyOptions

                                                                                                                  type RunAsUserStrategyOptions struct {
                                                                                                                  	// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
                                                                                                                  	Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"`
                                                                                                                  	// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
                                                                                                                  	// then supply a single range with the same start and end. Required for MustRunAs.
                                                                                                                  	// +optional
                                                                                                                  	Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
                                                                                                                  }

                                                                                                                    RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.

                                                                                                                    func (*RunAsUserStrategyOptions) DeepCopy

                                                                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.

                                                                                                                      func (*RunAsUserStrategyOptions) DeepCopyInto

                                                                                                                      func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions)

                                                                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                        func (*RunAsUserStrategyOptions) Descriptor

                                                                                                                        func (*RunAsUserStrategyOptions) Descriptor() ([]byte, []int)

                                                                                                                        func (*RunAsUserStrategyOptions) Marshal

                                                                                                                        func (m *RunAsUserStrategyOptions) Marshal() (dAtA []byte, err error)

                                                                                                                        func (*RunAsUserStrategyOptions) MarshalTo

                                                                                                                        func (m *RunAsUserStrategyOptions) MarshalTo(dAtA []byte) (int, error)

                                                                                                                        func (*RunAsUserStrategyOptions) ProtoMessage

                                                                                                                        func (*RunAsUserStrategyOptions) ProtoMessage()

                                                                                                                        func (*RunAsUserStrategyOptions) Reset

                                                                                                                        func (m *RunAsUserStrategyOptions) Reset()

                                                                                                                        func (*RunAsUserStrategyOptions) Size

                                                                                                                        func (m *RunAsUserStrategyOptions) Size() (n int)

                                                                                                                        func (*RunAsUserStrategyOptions) String

                                                                                                                        func (this *RunAsUserStrategyOptions) String() string

                                                                                                                        func (RunAsUserStrategyOptions) SwaggerDoc

                                                                                                                        func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string

                                                                                                                        func (*RunAsUserStrategyOptions) Unmarshal

                                                                                                                        func (m *RunAsUserStrategyOptions) Unmarshal(dAtA []byte) error

                                                                                                                        type SELinuxStrategy

                                                                                                                        type SELinuxStrategy string

                                                                                                                          SELinuxStrategy denotes strategy types for generating SELinux options for a Security Context.

                                                                                                                          const (
                                                                                                                          	// SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied.
                                                                                                                          	SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs"
                                                                                                                          	// SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels.
                                                                                                                          	SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny"
                                                                                                                          )

                                                                                                                          type SELinuxStrategyOptions

                                                                                                                          type SELinuxStrategyOptions struct {
                                                                                                                          	// rule is the strategy that will dictate the allowable labels that may be set.
                                                                                                                          	Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"`
                                                                                                                          	// seLinuxOptions required to run as; required for MustRunAs
                                                                                                                          	// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
                                                                                                                          	// +optional
                                                                                                                          	SELinuxOptions *v1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"`
                                                                                                                          }

                                                                                                                            SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.

                                                                                                                            func (*SELinuxStrategyOptions) DeepCopy

                                                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions.

                                                                                                                              func (*SELinuxStrategyOptions) DeepCopyInto

                                                                                                                              func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions)

                                                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                func (*SELinuxStrategyOptions) Descriptor

                                                                                                                                func (*SELinuxStrategyOptions) Descriptor() ([]byte, []int)

                                                                                                                                func (*SELinuxStrategyOptions) Marshal

                                                                                                                                func (m *SELinuxStrategyOptions) Marshal() (dAtA []byte, err error)

                                                                                                                                func (*SELinuxStrategyOptions) MarshalTo

                                                                                                                                func (m *SELinuxStrategyOptions) MarshalTo(dAtA []byte) (int, error)

                                                                                                                                func (*SELinuxStrategyOptions) ProtoMessage

                                                                                                                                func (*SELinuxStrategyOptions) ProtoMessage()

                                                                                                                                func (*SELinuxStrategyOptions) Reset

                                                                                                                                func (m *SELinuxStrategyOptions) Reset()

                                                                                                                                func (*SELinuxStrategyOptions) Size

                                                                                                                                func (m *SELinuxStrategyOptions) Size() (n int)

                                                                                                                                func (*SELinuxStrategyOptions) String

                                                                                                                                func (this *SELinuxStrategyOptions) String() string

                                                                                                                                func (SELinuxStrategyOptions) SwaggerDoc

                                                                                                                                func (SELinuxStrategyOptions) SwaggerDoc() map[string]string

                                                                                                                                func (*SELinuxStrategyOptions) Unmarshal

                                                                                                                                func (m *SELinuxStrategyOptions) Unmarshal(dAtA []byte) error

                                                                                                                                type SupplementalGroupsStrategyOptions

                                                                                                                                type SupplementalGroupsStrategyOptions struct {
                                                                                                                                	// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
                                                                                                                                	// +optional
                                                                                                                                	Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"`
                                                                                                                                	// ranges are the allowed ranges of supplemental groups.  If you would like to force a single
                                                                                                                                	// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
                                                                                                                                	// +optional
                                                                                                                                	Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
                                                                                                                                }

                                                                                                                                  SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.

                                                                                                                                  func (*SupplementalGroupsStrategyOptions) DeepCopy

                                                                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.

                                                                                                                                    func (*SupplementalGroupsStrategyOptions) DeepCopyInto

                                                                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) Descriptor

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) Descriptor() ([]byte, []int)

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) Marshal

                                                                                                                                      func (m *SupplementalGroupsStrategyOptions) Marshal() (dAtA []byte, err error)

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) MarshalTo

                                                                                                                                      func (m *SupplementalGroupsStrategyOptions) MarshalTo(dAtA []byte) (int, error)

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) ProtoMessage

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) ProtoMessage()

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) Reset

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) Size

                                                                                                                                      func (m *SupplementalGroupsStrategyOptions) Size() (n int)

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) String

                                                                                                                                      func (SupplementalGroupsStrategyOptions) SwaggerDoc

                                                                                                                                      func (*SupplementalGroupsStrategyOptions) Unmarshal

                                                                                                                                      func (m *SupplementalGroupsStrategyOptions) Unmarshal(dAtA []byte) error

                                                                                                                                      type SupplementalGroupsStrategyType

                                                                                                                                      type SupplementalGroupsStrategyType string

                                                                                                                                        SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental groups for a SecurityContext.

                                                                                                                                        const (
                                                                                                                                        	// SupplementalGroupsStrategyMayRunAs means that container does not need to run with a particular gid.
                                                                                                                                        	// However, when gids are specified, they have to fall in the defined range.
                                                                                                                                        	SupplementalGroupsStrategyMayRunAs SupplementalGroupsStrategyType = "MayRunAs"
                                                                                                                                        	// SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid.
                                                                                                                                        	SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
                                                                                                                                        	// SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid.
                                                                                                                                        	SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
                                                                                                                                        )