ves-io-schema-k8s_pod_security_policy-API-Create

Examples of creating k8spodsecurity_policy

Usecase:

Create pod-security-policy-1

Request using vesctl:

vesctl configuration create k8s_pod_security_policy -i k8s_pod_security_policy.yaml

where file k8spodsecuritypolicy.yaml has following contents (k8spodsecuritypolicy.CreateRequest):

metadata:
  name: pod-security-policy-1
  namespace: system
spec:
  pspSpec:
    hostNetwork: true
    noAllowedCapabilities: {}
    noDefaultCapabilities: {}
    noDropCapabilities: {}
    noFsGroups: {}
    noRunAsGroup: {}
    noRunAsUser: {}
    noRuntimeClass: {}
    noSeLinuxOptions: {}
    noSupplementalGroups: {}
    readOnlyRootFilesystem: true
    volumes:
    - config

vesctl yaml response:

metadata:
  annotations: {}
  labels: {}
  name: pod-security-policy-1
  namespace: system
spec:
  pspSpec:
    allowedCsiDrivers: []
    allowedFlexVolumes: []
    allowedHostPaths: []
    allowedProcMounts: []
    allowedUnsafeSysctls: []
    forbiddenSysctls: []
    hostNetwork: true
    noAllowedCapabilities: {}
    noDefaultCapabilities: {}
    noDropCapabilities: {}
    noFsGroups: {}
    noRunAsGroup: {}
    noRunAsUser: {}
    noRuntimeClass: {}
    noSeLinuxOptions: {}
    noSupplementalGroups: {}
    readOnlyRootFilesystem: true
    volumes:
    - config
systemMetadata:
  creationTimestamp: "2021-02-22T15:44:05.867224800Z"
  creatorClass: examplesvc
  creatorId: examplesvc
  finalizers: []
  tenant: acmecorp
  uid: e5f8ff4a-dfb1-4a3e-a669-79321e6f7c76

Request using curl:

curl -X 'POST' -d '{"metadata":{"name":"pod-security-policy-1","namespace":"system"},"spec":{"pspSpec":{"noDefaultCapabilities":{},"noAllowedCapabilities":{},"noDropCapabilities":{},"volumes":["config"],"readOnlyRootFilesystem":true,"hostNetwork":true,"noRunAsUser":{},"noRunAsGroup":{},"noSupplementalGroups":{},"noFsGroups":{},"noSeLinuxOptions":{},"noRuntimeClass":{}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build817539475_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/k8s_pod_security_policys'

curl response:

HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 22 Feb 2021 15:44:05 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "pod-security-policy-1",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "e5f8ff4a-dfb1-4a3e-a669-79321e6f7c76",
    "creation_timestamp": "2021-02-22T15:44:05.867224800Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc",
    "creator_id": "examplesvc",
    "object_index": 0,
    "owner_view": null
  },
  "spec": {
    "psp_spec": {
      "privileged": false,
      "allow_privilege_escalation": false,
      "default_allow_privilege_escalation": false,
      "no_default_capabilities": {

      },
      "no_allowed_capabilities": {

      },
      "no_drop_capabilities": {

      },
      "volumes": [
        "config"
      ],
      "allowed_flex_volumes": [
      ],
      "allowed_host_paths": [
      ],
      "allowed_proc_mounts": [
      ],
      "read_only_root_filesystem": true,
      "allowed_csi_drivers": [
      ],
      "host_network": true,
      "host_port_ranges": "",
      "host_ipc": false,
      "host_pid": false,
      "allowed_unsafe_sysctls": [
      ],
      "forbidden_sysctls": [
      ],
      "no_run_as_user": {

      },
      "no_run_as_group": {

      },
      "no_supplemental_groups": {

      },
      "no_fs_groups": {

      },
      "no_se_linux_options": {

      },
      "no_runtime_class": {

      }
    }
  }
}