Commit 24271c4c authored by Josh Horwitz's avatar Josh Horwitz

staging client

parent 0fc75d5f
......@@ -884,6 +884,10 @@ type PodSecurityPolicySpec struct {
// will not be forced to.
// +optional
ReadOnlyRootFilesystem bool
// AllowedHostPaths is a white list of allowed host path prefixes. Empty indicates that all
// host paths may be used.
// +optional
AllowedHostPaths []string
}
// HostPortRange defines a range of host ports that will be enabled by a policy
......
......@@ -710,6 +710,11 @@ message PodSecurityPolicySpec {
// will not be forced to.
// +optional
optional bool readOnlyRootFilesystem = 14;
// AllowedHostPaths is a white list of allowed host path prefixes. Empty indicates that all
// host paths may be used.
// +optional
repeated string allowedHostPaths = 15;
}
// ReplicaSet represents the configuration of a ReplicaSet.
......
......@@ -909,6 +909,10 @@ type PodSecurityPolicySpec struct {
// will not be forced to.
// +optional
ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
// AllowedHostPaths is a white list of allowed host path prefixes. Empty indicates that all
// host paths may be used.
// +optional
AllowedHostPaths []string `json:"allowedHostPaths,omitempty" protobuf:"bytes,15,opt,name=allowedHostPaths"`
}
// FS Type gives strong typing to different file systems that are used by volumes.
......
......@@ -423,6 +423,7 @@ var map_PodSecurityPolicySpec = map[string]string{
"supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"allowedHostPaths": "AllowedHostPaths is a white list of allowed host path prefixes. Empty indicates that all host paths may be used.",
}
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
......
......@@ -1215,6 +1215,7 @@ func autoConvert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySp
return err
}
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
out.AllowedHostPaths = *(*[]string)(unsafe.Pointer(&in.AllowedHostPaths))
return nil
}
......@@ -1256,6 +1257,7 @@ func autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySp
return err
}
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
out.AllowedHostPaths = *(*[]string)(unsafe.Pointer(&in.AllowedHostPaths))
return nil
}
......
......@@ -826,6 +826,11 @@ func DeepCopy_v1beta1_PodSecurityPolicySpec(in interface{}, out interface{}, c *
if err := DeepCopy_v1beta1_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, c); err != nil {
return err
}
if in.AllowedHostPaths != nil {
in, out := &in.AllowedHostPaths, &out.AllowedHostPaths
*out = make([]string, len(*in))
copy(*out, *in)
}
return nil
}
}
......
......@@ -818,6 +818,11 @@ func DeepCopy_extensions_PodSecurityPolicySpec(in interface{}, out interface{},
if err := DeepCopy_extensions_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, c); err != nil {
return err
}
if in.AllowedHostPaths != nil {
in, out := &in.AllowedHostPaths, &out.AllowedHostPaths
*out = make([]string, len(*in))
copy(*out, *in)
}
return nil
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment