--admission-control="AlwaysAdmit": Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DenyEscalatingExec, DenyExecOnPrivileged, InitialResources, LimitPodHardAntiAffinityTopology, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, PersistentVolumeLabel, ResourceQuota, SecurityContextDeny, ServiceAccount
--admission-control="AlwaysAdmit": Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DenyEscalatingExec, DenyExecOnPrivileged, InitialResources, LimitPodHardAntiAffinityTopology, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, PersistentVolumeLabel, PodSecurityPolicy, ResourceQuota, SecurityContextDeny, ServiceAccount
--admission-control-config-file="": File with admission control configuration.
--admission-control-config-file="": File with admission control configuration.
--advertise-address=<nil>: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--advertise-address=<nil>: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--allow-privileged[=false]: If true, allow privileged containers.
--allow-privileged[=false]: If true, allow privileged containers.
...
@@ -119,7 +119,7 @@ kube-apiserver
...
@@ -119,7 +119,7 @@ kube-apiserver
--watch-cache-sizes=[]: List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled.
--watch-cache-sizes=[]: List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled.
```
```
###### Auto generated by spf13/cobra on 9-May-2016
###### Auto generated by spf13/cobra on 10-May-2016
"":"FSGroupStrategyOptions defines the strategy type and options used to create the strategy.",
"rule":"Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
"ranges":"Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.",
"":"HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.",
"":"HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.",
"path":"Path is a extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.",
"path":"Path is a extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.",
"":"Pod Security Policy Spec defines the policy enforced.",
"":"Pod Security Policy Spec defines the policy enforced.",
"privileged":"privileged determines if a pod can request to be run as privileged.",
"privileged":"privileged determines if a pod can request to be run as privileged.",
"capabilities":"capabilities is a list of capabilities that can be added.",
"defaultAddCapabilities":"DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.",
"volumes":"volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.",
"requiredDropCapabilities":"RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
"hostNetwork":"hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
"allowedCapabilities":"AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
"hostPorts":"hostPorts determines which host port ranges are allowed to be exposed.",
"volumes":"volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.",
"hostPID":"hostPID determines if the policy allows the use of HostPID in the pod spec.",
"hostNetwork":"hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
"hostIPC":"hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"hostPorts":"hostPorts determines which host port ranges are allowed to be exposed.",
"seLinux":"seLinux is the strategy that will dictate the allowable labels that may be set.",
"hostPID":"hostPID determines if the policy allows the use of HostPID in the pod spec.",
"runAsUser":"runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"hostIPC":"hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux":"seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser":"runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"supplementalGroups":"SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup":"FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem":"ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"":"SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
"rule":"Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
"ranges":"Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.",
"":"A ThirdPartyResource is a generic representation of a resource, it is used by add-ons and plugins to add new resource types to the API. It consists of one or more Versions of the api.",
"":"A ThirdPartyResource is a generic representation of a resource, it is used by add-ons and plugins to add new resource types to the API. It consists of one or more Versions of the api.",
// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.