ves-io-schema-k8s_pod_security_policy-API-Create
On This Page:
Examples of creating k8spodsecurity_policy
Usecase:
Create pod-security-policy-1
Request using vesctl:
vesctl configuration create k8s_pod_security_policy -i k8s_pod_security_policy.yaml
where file k8spodsecuritypolicy.yaml has following contents (k8spodsecuritypolicy.CreateRequest):
metadata:
name: pod-security-policy-1
namespace: system
spec:
pspSpec:
hostNetwork: true
noAllowedCapabilities: {}
noDefaultCapabilities: {}
noDropCapabilities: {}
noFsGroups: {}
noRunAsGroup: {}
noRunAsUser: {}
noRuntimeClass: {}
noSeLinuxOptions: {}
noSupplementalGroups: {}
readOnlyRootFilesystem: true
volumes:
- config
vesctl yaml response:
metadata:
annotations: {}
labels: {}
name: pod-security-policy-1
namespace: system
spec:
pspSpec:
allowedCsiDrivers: []
allowedFlexVolumes: []
allowedHostPaths: []
allowedProcMounts: []
allowedUnsafeSysctls: []
forbiddenSysctls: []
hostNetwork: true
noAllowedCapabilities: {}
noDefaultCapabilities: {}
noDropCapabilities: {}
noFsGroups: {}
noRunAsGroup: {}
noRunAsUser: {}
noRuntimeClass: {}
noSeLinuxOptions: {}
noSupplementalGroups: {}
readOnlyRootFilesystem: true
volumes:
- config
systemMetadata:
creationTimestamp: "2021-02-22T15:44:05.867224800Z"
creatorClass: examplesvc
creatorId: examplesvc
finalizers: []
tenant: acmecorp
uid: e5f8ff4a-dfb1-4a3e-a669-79321e6f7c76
Request using curl:
curl -X 'POST' -d '{"metadata":{"name":"pod-security-policy-1","namespace":"system"},"spec":{"pspSpec":{"noDefaultCapabilities":{},"noAllowedCapabilities":{},"noDropCapabilities":{},"volumes":["config"],"readOnlyRootFilesystem":true,"hostNetwork":true,"noRunAsUser":{},"noRunAsGroup":{},"noSupplementalGroups":{},"noFsGroups":{},"noSeLinuxOptions":{},"noRuntimeClass":{}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build817539475_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/k8s_pod_security_policys'
curl response:
HTTP/1.1 200 OK
Content-Type: application/json
Date: Mon, 22 Feb 2021 15:44:05 GMT
Vary: Accept-Encoding
{
"metadata": {
"name": "pod-security-policy-1",
"namespace": "system",
"labels": {
},
"annotations": {
},
"description": "",
"disable": false
},
"system_metadata": {
"uid": "e5f8ff4a-dfb1-4a3e-a669-79321e6f7c76",
"creation_timestamp": "2021-02-22T15:44:05.867224800Z",
"deletion_timestamp": null,
"modification_timestamp": null,
"initializers": null,
"finalizers": [
],
"tenant": "acmecorp",
"creator_class": "examplesvc",
"creator_id": "examplesvc",
"object_index": 0,
"owner_view": null
},
"spec": {
"psp_spec": {
"privileged": false,
"allow_privilege_escalation": false,
"default_allow_privilege_escalation": false,
"no_default_capabilities": {
},
"no_allowed_capabilities": {
},
"no_drop_capabilities": {
},
"volumes": [
"config"
],
"allowed_flex_volumes": [
],
"allowed_host_paths": [
],
"allowed_proc_mounts": [
],
"read_only_root_filesystem": true,
"allowed_csi_drivers": [
],
"host_network": true,
"host_port_ranges": "",
"host_ipc": false,
"host_pid": false,
"allowed_unsafe_sysctls": [
],
"forbidden_sysctls": [
],
"no_run_as_user": {
},
"no_run_as_group": {
},
"no_supplemental_groups": {
},
"no_fs_groups": {
},
"no_se_linux_options": {
},
"no_runtime_class": {
}
}
}
}