github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-13 13:14:05 +00:00
Code Issues Projects Releases Wiki Activity

don't enable psp by default and fix comment

Browse Source
This commit is contained in:
Paul Weil
2016-02-05 11:12:14 -05:00
parent c78f3a68fd
commit 619ccb7023
6 changed files with 124 additions and 2370 deletions
Download Patch File Download Diff File Expand all files Collapse all files

724
api/swagger-spec/v1beta1.json
View File

@@ -2479,548 +2479,6 @@
}
]
},
{
"path": "/apis/extensions/v1beta1/podsecuritypolicies",
"description": "API at /apis/extensions/v1beta1",
"operations": [
{
"type": "v1beta1.PodSecurityPolicyList",
"method": "GET",
"summary": "list or watch objects of kind PodSecurityPolicy",
"nickname": "listNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "labelSelector",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "fieldSelector",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "boolean",
"paramType": "query",
"name": "watch",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "resourceVersion",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.",
"required": false,
"allowMultiple": false
},
{
"type": "integer",
"paramType": "query",
"name": "timeoutSeconds",
"description": "Timeout for the list/watch call.",
"required": false,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.PodSecurityPolicyList"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"*/*"
]
},
{
"type": "v1beta1.PodSecurityPolicy",
"method": "POST",
"summary": "create a PodSecurityPolicy",
"nickname": "createNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "v1beta1.PodSecurityPolicy",
"paramType": "body",
"name": "body",
"description": "",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.PodSecurityPolicy"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"*/*"
]
},
{
"type": "unversioned.Status",
"method": "DELETE",
"summary": "delete collection of PodSecurityPolicy",
"nickname": "deletecollectionNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "labelSelector",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "fieldSelector",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "boolean",
"paramType": "query",
"name": "watch",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "resourceVersion",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.",
"required": false,
"allowMultiple": false
},
{
"type": "integer",
"paramType": "query",
"name": "timeoutSeconds",
"description": "Timeout for the list/watch call.",
"required": false,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "unversioned.Status"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"*/*"
]
}
]
},
{
"path": "/apis/extensions/v1beta1/watch/podsecuritypolicies",
"description": "API at /apis/extensions/v1beta1",
"operations": [
{
"type": "json.WatchEvent",
"method": "GET",
"summary": "watch individual changes to a list of PodSecurityPolicy",
"nickname": "watchNamespacedPodSecurityPolicyList",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "labelSelector",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "fieldSelector",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "boolean",
"paramType": "query",
"name": "watch",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "resourceVersion",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.",
"required": false,
"allowMultiple": false
},
{
"type": "integer",
"paramType": "query",
"name": "timeoutSeconds",
"description": "Timeout for the list/watch call.",
"required": false,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "json.WatchEvent"
}
],
"produces": [
"application/json"
],
"consumes": [
"*/*"
]
}
]
},
{
"path": "/apis/extensions/v1beta1/podsecuritypolicies/{name}",
"description": "API at /apis/extensions/v1beta1",
"operations": [
{
"type": "v1beta1.PodSecurityPolicy",
"method": "GET",
"summary": "read the specified PodSecurityPolicy",
"nickname": "readNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "boolean",
"paramType": "query",
"name": "export",
"description": "Should this value be exported. Export strips fields that a user can not specify.",
"required": false,
"allowMultiple": false
},
{
"type": "boolean",
"paramType": "query",
"name": "exact",
"description": "Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the PodSecurityPolicy",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.PodSecurityPolicy"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"*/*"
]
},
{
"type": "v1beta1.PodSecurityPolicy",
"method": "PUT",
"summary": "replace the specified PodSecurityPolicy",
"nickname": "replaceNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "v1beta1.PodSecurityPolicy",
"paramType": "body",
"name": "body",
"description": "",
"required": true,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the PodSecurityPolicy",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.PodSecurityPolicy"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"*/*"
]
},
{
"type": "v1beta1.PodSecurityPolicy",
"method": "PATCH",
"summary": "partially update the specified PodSecurityPolicy",
"nickname": "patchNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "unversioned.Patch",
"paramType": "body",
"name": "body",
"description": "",
"required": true,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the PodSecurityPolicy",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.PodSecurityPolicy"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"application/json-patch+json",
"application/merge-patch+json",
"application/strategic-merge-patch+json"
]
},
{
"type": "unversioned.Status",
"method": "DELETE",
"summary": "delete a PodSecurityPolicy",
"nickname": "deleteNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "v1.DeleteOptions",
"paramType": "body",
"name": "body",
"description": "",
"required": true,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the PodSecurityPolicy",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "unversioned.Status"
}
],
"produces": [
"application/json",
"application/yaml"
],
"consumes": [
"*/*"
]
}
]
},
{
"path": "/apis/extensions/v1beta1/watch/podsecuritypolicies/{name}",
"description": "API at /apis/extensions/v1beta1",
"operations": [
{
"type": "json.WatchEvent",
"method": "GET",
"summary": "watch changes to an object of kind PodSecurityPolicy",
"nickname": "watchNamespacedPodSecurityPolicy",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "labelSelector",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "fieldSelector",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"required": false,
"allowMultiple": false
},
{
"type": "boolean",
"paramType": "query",
"name": "watch",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "query",
"name": "resourceVersion",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history.",
"required": false,
"allowMultiple": false
},
{
"type": "integer",
"paramType": "query",
"name": "timeoutSeconds",
"description": "Timeout for the list/watch call.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the PodSecurityPolicy",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "json.WatchEvent"
}
],
"produces": [
"application/json"
],
"consumes": [
"*/*"
]
}
]
},
{
"path": "/apis/extensions/v1beta1/namespaces/{namespace}/replicasets",
"description": "API at /apis/extensions/v1beta1",
@@ -5886,188 +5344,6 @@
}
}
},
"v1beta1.PodSecurityPolicyList": {
"id": "v1beta1.PodSecurityPolicyList",
"description": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
"required": [
"items"
],
"properties": {
"kind": {
"type": "string",
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds"
},
"apiVersion": {
"type": "string",
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources"
},
"metadata": {
"$ref": "unversioned.ListMeta",
"description": "Standard list metadata. More info: http://docs.k8s.io/api-conventions.md#metadata"
},
"items": {
"type": "array",
"items": {
"$ref": "v1beta1.PodSecurityPolicy"
},
"description": "Items is a list of schema objects."
}
}
},
"v1beta1.PodSecurityPolicy": {
"id": "v1beta1.PodSecurityPolicy",
"description": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"properties": {
"kind": {
"type": "string",
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds"
},
"apiVersion": {
"type": "string",
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources"
},
"metadata": {
"$ref": "v1.ObjectMeta",
"description": "Standard object's metadata. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"
},
"spec": {
"$ref": "v1beta1.PodSecurityPolicySpec",
"description": "Spec defines the policy enforced."
}
}
},
"v1beta1.PodSecurityPolicySpec": {
"id": "v1beta1.PodSecurityPolicySpec",
"description": "Pod Security Policy Spec defines the policy enforced.",
"properties": {
"privileged": {
"type": "boolean",
"description": "privileged determines if a pod can request to be run as privileged."
},
"capabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "capabilities is a list of capabilities that can be added."
},
"volumes": {
"type": "array",
"items": {
"$ref": "v1beta1.FSType"
},
"description": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used."
},
"hostNetwork": {
"type": "boolean",
"description": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec."
},
"hostPorts": {
"type": "array",
"items": {
"$ref": "v1beta1.HostPortRange"
},
"description": "hostPorts determines which host port ranges are allowed to be exposed."
},
"hostPID": {
"type": "boolean",
"description": "hostPID determines if the policy allows the use of HostPID in the pod spec."
},
"hostIPC": {
"type": "boolean",
"description": "hostIPC determines if the policy allows the use of HostIPC in the pod spec."
},
"seLinuxContext": {
"$ref": "v1beta1.SELinuxContextStrategyOptions",
"description": "seLinuxContext is the strategy that will dictate the allowable labels that may be set."
},
"runAsUser": {
"$ref": "v1beta1.RunAsUserStrategyOptions",
"description": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set."
}
}
},
"v1beta1.FSType": {
"id": "v1beta1.FSType",
"properties": {}
},
"v1beta1.HostPortRange": {
"id": "v1beta1.HostPortRange",
"description": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"required": [
"min",
"max"
],
"properties": {
"min": {
"type": "integer",
"format": "int32",
"description": "min is the start of the range, inclusive."
},
"max": {
"type": "integer",
"format": "int32",
"description": "max is the end of the range, inclusive."
}
}
},
"v1beta1.SELinuxContextStrategyOptions": {
"id": "v1beta1.SELinuxContextStrategyOptions",
"description": "SELinux Context Strategy Options defines the strategy type and any options used to create the strategy.",
"required": [
"type"
],
"properties": {
"type": {
"type": "string",
"description": "type is the strategy that will dictate the allowable labels that may be set."
},
"seLinuxOptions": {
"$ref": "v1.SELinuxOptions",
"description": "seLinuxOptions required to run as; required for MustRunAs More info: http://releases.k8s.io/HEAD/docs/design/security_context.md#security-context"
}
}
},
"v1beta1.RunAsUserStrategyOptions": {
"id": "v1beta1.RunAsUserStrategyOptions",
"description": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
"required": [
"type"
],
"properties": {
"type": {
"type": "string",
"description": "type is the strategy that will dictate the allowable RunAsUser values that may be set."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of uids that may be used."
}
}
},
"v1beta1.IDRange": {
"id": "v1beta1.IDRange",
"description": "ID Range provides a min/max of an allowed range of IDs.",
"required": [
"min",
"max"
],
"properties": {
"min": {
"type": "integer",
"format": "int64",
"description": "Min is the start of the range, inclusive."
},
"max": {
"type": "integer",
"format": "int64",
"description": "Max is the end of the range, inclusive."
}
}
},
"v1beta1.ReplicaSetList": {
"id": "v1beta1.ReplicaSetList",
"description": "ReplicaSetList is a collection of ReplicaSets.",