Merge pull request #43946 from jhorwit2/jah/host-path-psp

Automatic merge from submit-queue (batch tested with PRs 46489, 46281, 46463, 46114, 43946)

Allow PSP's to specify a whitelist of allowed paths for host volume

**What this PR does / why we need it**:

This PR adds the ability to whitelist paths for the host volume to ensure pods cannot access directories they aren't supposed to. E.g. `/var/lib/kubelet`, `/etc/kubernetes/*`, etc. 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #29326


**Special notes for your reviewer**:

**Release note**:

```release-note
Allow PSP's to specify a whitelist of allowed paths for host volume based on path prefixes
```

docs/api-reference/extensions/v1beta1/definitions.html

@@ -7655,6 +7655,13 @@ Both these may change in the future. Incoming requests are matched against the h
 <td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">allowedHostPaths</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">AllowedHostPaths is a white list of allowed host path prefixes. Empty indicates that all host paths may be used.</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
+<td class="tableblock halign-left valign-top"></td>
+</tr>
 </tbody>
 </table>
 
@@ -8120,7 +8127,7 @@ Both these may change in the future. Incoming requests are matched against the h
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2017-05-27 18:54:49 UTC
+Last updated 2017-05-29 17:05:24 UTC
 </div>
 </div>
 </body>