Support
Documentation
Quick Start
System Status
Feature Requests
Compliance
API Docs
menu icon

This website stores cookies on your computer

These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see the privacy policy.

If you reject, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.

Learn More
Basic interactions & functionalities

These cookies will allow us to better understand how you’re using our website, evaluate and improve our performance and ultimately provide a better experience.

Advertisement Cookies

These cookies will allow us to evaluate your preferences, build your interest profile and help you see ads that are more useful, and more relevant to your interests.

  1. Home
  2.  / Reference
  3.  / API Reference
  4.  / ves-io-schema-k8s_pod_security_policy-API-Create

ves-io-schema-k8s_pod_security_policy-API-Create

On This Page:

Examples of creating k8spodsecurity_policy

Usecase:

Create pod-security-policy-1

Request using vesctl:

vesctl configuration create k8s_pod_security_policy -i k8s_pod_security_policy.yaml

where file k8spodsecuritypolicy.yaml has following contents (k8spodsecuritypolicy.CreateRequest):

metadata:
  name: pod-security-policy-1
  namespace: system
spec:
  pspSpec:
    hostNetwork: true
    noAllowedCapabilities: {}
    noDefaultCapabilities: {}
    noDropCapabilities: {}
    noFsGroups: {}
    noRunAsGroup: {}
    noRunAsUser: {}
    noRuntimeClass: {}
    noSeLinuxOptions: {}
    noSupplementalGroups: {}
    readOnlyRootFilesystem: true
    volumes:
    - config

vesctl yaml response:

metadata:
  annotations: {}
  labels: {}
  name: pod-security-policy-1
  namespace: system
spec:
  pspSpec:
    allowedCsiDrivers: []
    allowedFlexVolumes: []
    allowedHostPaths: []
    allowedProcMounts: []
    allowedUnsafeSysctls: []
    forbiddenSysctls: []
    hostNetwork: true
    noAllowedCapabilities: {}
    noDefaultCapabilities: {}
    noDropCapabilities: {}
    noFsGroups: {}
    noRunAsGroup: {}
    noRunAsUser: {}
    noRuntimeClass: {}
    noSeLinuxOptions: {}
    noSupplementalGroups: {}
    readOnlyRootFilesystem: true
    volumes:
    - config
systemMetadata:
  creationTimestamp: "2021-07-14T08:07:19.068298624Z"
  creatorClass: examplesvc
  creatorId: examplesvc
  finalizers: []
  tenant: acmecorp
  uid: 574120b5-a2b6-4423-ba80-a63744d5ac2d

Request using curl:

curl -X 'POST' -d '{"metadata":{"name":"pod-security-policy-1","namespace":"system"},"spec":{"pspSpec":{"noDefaultCapabilities":{},"noAllowedCapabilities":{},"noDropCapabilities":{},"volumes":["config"],"readOnlyRootFilesystem":true,"hostNetwork":true,"noRunAsUser":{},"noRunAsGroup":{},"noSupplementalGroups":{},"noFsGroups":{},"noSeLinuxOptions":{},"noRuntimeClass":{}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build381173587_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/k8s_pod_security_policys'

curl response:

HTTP/1.1 200 OK
Content-Type: application/json
Date: Wed, 14 Jul 2021 08:07:19 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "pod-security-policy-1",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "574120b5-a2b6-4423-ba80-a63744d5ac2d",
    "creation_timestamp": "2021-07-14T08:07:19.068298624Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc",
    "creator_id": "examplesvc",
    "object_index": 0,
    "owner_view": null
  },
  "spec": {
    "psp_spec": {
      "privileged": false,
      "allow_privilege_escalation": false,
      "default_allow_privilege_escalation": false,
      "no_default_capabilities": {

      },
      "no_allowed_capabilities": {

      },
      "no_drop_capabilities": {

      },
      "volumes": [
        "config"
      ],
      "allowed_flex_volumes": [
      ],
      "allowed_host_paths": [
      ],
      "allowed_proc_mounts": [
      ],
      "read_only_root_filesystem": true,
      "allowed_csi_drivers": [
      ],
      "host_network": true,
      "host_port_ranges": "",
      "host_ipc": false,
      "host_pid": false,
      "allowed_unsafe_sysctls": [
      ],
      "forbidden_sysctls": [
      ],
      "no_run_as_user": {

      },
      "no_run_as_group": {

      },
      "no_supplemental_groups": {

      },
      "no_fs_groups": {

      },
      "no_se_linux_options": {

      },
      "no_runtime_class": {

      }
    }
  }
}

© 2021 Volterra Inc. All rights reserved