PodSecurityPolicyTemplate

Create a PodSecurityPolicyTemplate Resource

new PodSecurityPolicyTemplate(name: string, args?: PodSecurityPolicyTemplateArgs, opts?: CustomResourceOptions);

def PodSecurityPolicyTemplate(resource_name, opts=None, allow_privilege_escalation=None, allowed_capabilities=None, allowed_csi_drivers=None, allowed_flex_volumes=None, allowed_host_paths=None, allowed_proc_mount_types=None, allowed_unsafe_sysctls=None, annotations=None, default_add_capabilities=None, default_allow_privilege_escalation=None, description=None, forbidden_sysctls=None, fs_group=None, host_ipc=None, host_network=None, host_pid=None, host_ports=None, labels=None, name=None, privileged=None, read_only_root_filesystem=None, required_drop_capabilities=None, run_as_group=None, run_as_user=None, runtime_class=None, se_linux=None, supplemental_group=None, volumes=None, __props__=None);

func NewPodSecurityPolicyTemplate(ctx *Context, name string, args *PodSecurityPolicyTemplateArgs, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)

public PodSecurityPolicyTemplate(string name, PodSecurityPolicyTemplateArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args PodSecurityPolicyTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PodSecurityPolicyTemplateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PodSecurityPolicyTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

PodSecurityPolicyTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The PodSecurityPolicyTemplate resource accepts the following input properties:

AllowPrivilegeEscalation bool: = (Optional)
AllowedCapabilities List<string>: (list)
AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriverArgs>: (list)
AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolumeArgs>: (list)
AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPathArgs>: (list)
AllowedProcMountTypes List<string>: (list)
AllowedUnsafeSysctls List<string>: (list)
Annotations Dictionary<string, object>: Annotations for PodSecurityPolicyTemplate object (map)
DefaultAddCapabilities List<string>: (list)
DefaultAllowPrivilegeEscalation bool: (list)
Description string: The PodSecurityPolicyTemplate description (string)
ForbiddenSysctls List<string>: (list)
FsGroup PodSecurityPolicyTemplateFsGroupArgs: (list maxitems:1)
HostIpc bool: (bool)
HostNetwork bool: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
HostPid bool: (bool)
HostPorts List<PodSecurityPolicyTemplateHostPortArgs>: (list)
Labels Dictionary<string, object>: Labels for PodSecurityPolicyTemplate object (map)
Name string: The name of the PodSecurityPolicyTemplate (string)
Privileged bool: (bool)
ReadOnlyRootFilesystem bool: (bool)
RequiredDropCapabilities List<string>: (list)
RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs: (list maxitems:1)
RunAsUser PodSecurityPolicyTemplateRunAsUserArgs: (list maxitems:1)
RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs: (list maxitems:1)
SeLinux PodSecurityPolicyTemplateSeLinuxArgs: (list maxitems:1)
SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs: (list maxitems:1)
Volumes List<string>: (list)

AllowPrivilegeEscalation bool: = (Optional)
AllowedCapabilities []string: (list)
AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriver: (list)
AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolume: (list)
AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPath: (list)
AllowedProcMountTypes []string: (list)
AllowedUnsafeSysctls []string: (list)
Annotations map[string]interface{}: Annotations for PodSecurityPolicyTemplate object (map)
DefaultAddCapabilities []string: (list)
DefaultAllowPrivilegeEscalation bool: (list)
Description string: The PodSecurityPolicyTemplate description (string)
ForbiddenSysctls []string: (list)
FsGroup PodSecurityPolicyTemplateFsGroup: (list maxitems:1)
HostIpc bool: (bool)
HostNetwork bool: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
HostPid bool: (bool)
HostPorts []PodSecurityPolicyTemplateHostPort: (list)
Labels map[string]interface{}: Labels for PodSecurityPolicyTemplate object (map)
Name string: The name of the PodSecurityPolicyTemplate (string)
Privileged bool: (bool)
ReadOnlyRootFilesystem bool: (bool)
RequiredDropCapabilities []string: (list)
RunAsGroup PodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
RunAsUser PodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
RuntimeClass PodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
SeLinux PodSecurityPolicyTemplateSeLinux: (list maxitems:1)
SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
Volumes []string: (list)

allowPrivilegeEscalation boolean: = (Optional)
allowedCapabilities string[]: (list)
allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]: (list)
allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]: (list)
allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]: (list)
allowedProcMountTypes string[]: (list)
allowedUnsafeSysctls string[]: (list)
annotations {[key: string]: any}: Annotations for PodSecurityPolicyTemplate object (map)
defaultAddCapabilities string[]: (list)
defaultAllowPrivilegeEscalation boolean: (list)
description string: The PodSecurityPolicyTemplate description (string)
forbiddenSysctls string[]: (list)
fsGroup PodSecurityPolicyTemplateFsGroup: (list maxitems:1)
hostIpc boolean: (bool)
hostNetwork boolean: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
hostPid boolean: (bool)
hostPorts PodSecurityPolicyTemplateHostPort[]: (list)
labels {[key: string]: any}: Labels for PodSecurityPolicyTemplate object (map)
name string: The name of the PodSecurityPolicyTemplate (string)
privileged boolean: (bool)
readOnlyRootFilesystem boolean: (bool)
requiredDropCapabilities string[]: (list)
runAsGroup PodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
runAsUser PodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
runtimeClass PodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
seLinux PodSecurityPolicyTemplateSeLinux: (list maxitems:1)
supplementalGroup PodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
volumes string[]: (list)

allow_privilege_escalation bool: = (Optional)
allowed_capabilities List[str]: (list)
allowed_csi_drivers List[PodSecurityPolicyTemplateAllowedCsiDriver]: (list)
allowed_flex_volumes List[PodSecurityPolicyTemplateAllowedFlexVolume]: (list)
allowed_host_paths List[PodSecurityPolicyTemplateAllowedHostPath]: (list)
allowed_proc_mount_types List[str]: (list)
allowed_unsafe_sysctls List[str]: (list)
annotations Dict[str, Any]: Annotations for PodSecurityPolicyTemplate object (map)
default_add_capabilities List[str]: (list)
default_allow_privilege_escalation bool: (list)
description str: The PodSecurityPolicyTemplate description (string)
forbidden_sysctls List[str]: (list)
fs_group Dict[PodSecurityPolicyTemplateFsGroup]: (list maxitems:1)
host_ipc bool: (bool)
host_network bool: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
host_pid bool: (bool)
host_ports List[PodSecurityPolicyTemplateHostPort]: (list)
labels Dict[str, Any]: Labels for PodSecurityPolicyTemplate object (map)
name str: The name of the PodSecurityPolicyTemplate (string)
privileged bool: (bool)
read_only_root_filesystem bool: (bool)
required_drop_capabilities List[str]: (list)
run_as_group Dict[PodSecurityPolicyTemplateRunAsGroup]: (list maxitems:1)
run_as_user Dict[PodSecurityPolicyTemplateRunAsUser]: (list maxitems:1)
runtime_class Dict[PodSecurityPolicyTemplateRuntimeClass]: (list maxitems:1)
se_linux Dict[PodSecurityPolicyTemplateSeLinux]: (list maxitems:1)
supplemental_group Dict[PodSecurityPolicyTemplateSupplementalGroup]: (list maxitems:1)
volumes List[str]: (list)

Outputs

All input properties are implicitly available as output properties. Additionally, the PodSecurityPolicyTemplate resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing PodSecurityPolicyTemplate Resource

Get an existing PodSecurityPolicyTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PodSecurityPolicyTemplateState, opts?: CustomResourceOptions): PodSecurityPolicyTemplate

static get(resource_name, id, opts=None, allow_privilege_escalation=None, allowed_capabilities=None, allowed_csi_drivers=None, allowed_flex_volumes=None, allowed_host_paths=None, allowed_proc_mount_types=None, allowed_unsafe_sysctls=None, annotations=None, default_add_capabilities=None, default_allow_privilege_escalation=None, description=None, forbidden_sysctls=None, fs_group=None, host_ipc=None, host_network=None, host_pid=None, host_ports=None, labels=None, name=None, privileged=None, read_only_root_filesystem=None, required_drop_capabilities=None, run_as_group=None, run_as_user=None, runtime_class=None, se_linux=None, supplemental_group=None, volumes=None, __props__=None);

func GetPodSecurityPolicyTemplate(ctx *Context, name string, id IDInput, state *PodSecurityPolicyTemplateState, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)

public static PodSecurityPolicyTemplate Get(string name, Input<string> id, PodSecurityPolicyTemplateState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowPrivilegeEscalation bool: = (Optional)
AllowedCapabilities List<string>: (list)
AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriverArgs>: (list)
AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolumeArgs>: (list)
AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPathArgs>: (list)
AllowedProcMountTypes List<string>: (list)
AllowedUnsafeSysctls List<string>: (list)
Annotations Dictionary<string, object>: Annotations for PodSecurityPolicyTemplate object (map)
DefaultAddCapabilities List<string>: (list)
DefaultAllowPrivilegeEscalation bool: (list)
Description string: The PodSecurityPolicyTemplate description (string)
ForbiddenSysctls List<string>: (list)
FsGroup PodSecurityPolicyTemplateFsGroupArgs: (list maxitems:1)
HostIpc bool: (bool)
HostNetwork bool: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
HostPid bool: (bool)
HostPorts List<PodSecurityPolicyTemplateHostPortArgs>: (list)
Labels Dictionary<string, object>: Labels for PodSecurityPolicyTemplate object (map)
Name string: The name of the PodSecurityPolicyTemplate (string)
Privileged bool: (bool)
ReadOnlyRootFilesystem bool: (bool)
RequiredDropCapabilities List<string>: (list)
RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs: (list maxitems:1)
RunAsUser PodSecurityPolicyTemplateRunAsUserArgs: (list maxitems:1)
RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs: (list maxitems:1)
SeLinux PodSecurityPolicyTemplateSeLinuxArgs: (list maxitems:1)
SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs: (list maxitems:1)
Volumes List<string>: (list)

AllowPrivilegeEscalation bool: = (Optional)
AllowedCapabilities []string: (list)
AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriver: (list)
AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolume: (list)
AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPath: (list)
AllowedProcMountTypes []string: (list)
AllowedUnsafeSysctls []string: (list)
Annotations map[string]interface{}: Annotations for PodSecurityPolicyTemplate object (map)
DefaultAddCapabilities []string: (list)
DefaultAllowPrivilegeEscalation bool: (list)
Description string: The PodSecurityPolicyTemplate description (string)
ForbiddenSysctls []string: (list)
FsGroup PodSecurityPolicyTemplateFsGroup: (list maxitems:1)
HostIpc bool: (bool)
HostNetwork bool: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
HostPid bool: (bool)
HostPorts []PodSecurityPolicyTemplateHostPort: (list)
Labels map[string]interface{}: Labels for PodSecurityPolicyTemplate object (map)
Name string: The name of the PodSecurityPolicyTemplate (string)
Privileged bool: (bool)
ReadOnlyRootFilesystem bool: (bool)
RequiredDropCapabilities []string: (list)
RunAsGroup PodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
RunAsUser PodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
RuntimeClass PodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
SeLinux PodSecurityPolicyTemplateSeLinux: (list maxitems:1)
SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
Volumes []string: (list)

allowPrivilegeEscalation boolean: = (Optional)
allowedCapabilities string[]: (list)
allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]: (list)
allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]: (list)
allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]: (list)
allowedProcMountTypes string[]: (list)
allowedUnsafeSysctls string[]: (list)
annotations {[key: string]: any}: Annotations for PodSecurityPolicyTemplate object (map)
defaultAddCapabilities string[]: (list)
defaultAllowPrivilegeEscalation boolean: (list)
description string: The PodSecurityPolicyTemplate description (string)
forbiddenSysctls string[]: (list)
fsGroup PodSecurityPolicyTemplateFsGroup: (list maxitems:1)
hostIpc boolean: (bool)
hostNetwork boolean: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
hostPid boolean: (bool)
hostPorts PodSecurityPolicyTemplateHostPort[]: (list)
labels {[key: string]: any}: Labels for PodSecurityPolicyTemplate object (map)
name string: The name of the PodSecurityPolicyTemplate (string)
privileged boolean: (bool)
readOnlyRootFilesystem boolean: (bool)
requiredDropCapabilities string[]: (list)
runAsGroup PodSecurityPolicyTemplateRunAsGroup: (list maxitems:1)
runAsUser PodSecurityPolicyTemplateRunAsUser: (list maxitems:1)
runtimeClass PodSecurityPolicyTemplateRuntimeClass: (list maxitems:1)
seLinux PodSecurityPolicyTemplateSeLinux: (list maxitems:1)
supplementalGroup PodSecurityPolicyTemplateSupplementalGroup: (list maxitems:1)
volumes string[]: (list)

allow_privilege_escalation bool: = (Optional)
allowed_capabilities List[str]: (list)
allowed_csi_drivers List[PodSecurityPolicyTemplateAllowedCsiDriver]: (list)
allowed_flex_volumes List[PodSecurityPolicyTemplateAllowedFlexVolume]: (list)
allowed_host_paths List[PodSecurityPolicyTemplateAllowedHostPath]: (list)
allowed_proc_mount_types List[str]: (list)
allowed_unsafe_sysctls List[str]: (list)
annotations Dict[str, Any]: Annotations for PodSecurityPolicyTemplate object (map)
default_add_capabilities List[str]: (list)
default_allow_privilege_escalation bool: (list)
description str: The PodSecurityPolicyTemplate description (string)
forbidden_sysctls List[str]: (list)
fs_group Dict[PodSecurityPolicyTemplateFsGroup]: (list maxitems:1)
host_ipc bool: (bool)
host_network bool: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
host_pid bool: (bool)
host_ports List[PodSecurityPolicyTemplateHostPort]: (list)
labels Dict[str, Any]: Labels for PodSecurityPolicyTemplate object (map)
name str: The name of the PodSecurityPolicyTemplate (string)
privileged bool: (bool)
read_only_root_filesystem bool: (bool)
required_drop_capabilities List[str]: (list)
run_as_group Dict[PodSecurityPolicyTemplateRunAsGroup]: (list maxitems:1)
run_as_user Dict[PodSecurityPolicyTemplateRunAsUser]: (list maxitems:1)
runtime_class Dict[PodSecurityPolicyTemplateRuntimeClass]: (list maxitems:1)
se_linux Dict[PodSecurityPolicyTemplateSeLinux]: (list maxitems:1)
supplemental_group Dict[PodSecurityPolicyTemplateSupplementalGroup]: (list maxitems:1)
volumes List[str]: (list)

Supporting Types

PodSecurityPolicyTemplateAllowedCsiDriver

Name string: The name of the PodSecurityPolicyTemplate (string)

Name string: The name of the PodSecurityPolicyTemplate (string)

name string: The name of the PodSecurityPolicyTemplate (string)

name str: The name of the PodSecurityPolicyTemplate (string)

PodSecurityPolicyTemplateAllowedFlexVolume

Driver string

Driver string

driver string

driver str

PodSecurityPolicyTemplateAllowedHostPath

PathPrefix string: (string)
ReadOnly bool: (string)

PathPrefix string: (string)
ReadOnly bool: (string)

pathPrefix string: (string)
readOnly boolean: (string)

pathPrefix str: (string)
readOnly bool: (string)

PodSecurityPolicyTemplateFsGroup

Ranges List<PodSecurityPolicyTemplateFsGroupRangeArgs>: (list)
Rule string: (string)

Ranges []PodSecurityPolicyTemplateFsGroupRange: (list)
Rule string: (string)

ranges PodSecurityPolicyTemplateFsGroupRange[]: (list)
rule string: (string)

ranges List[PodSecurityPolicyTemplateFsGroupRange]: (list)
rule str: (string)

PodSecurityPolicyTemplateFsGroupRange

Max int: (int)
Min int: (int)

Max int: (int)
Min int: (int)

max number: (int)
min number: (int)

max float: (int)
min float: (int)

PodSecurityPolicyTemplateHostPort

Max int: (int)
Min int: (int)

Max int: (int)
Min int: (int)

max number: (int)
min number: (int)

max float: (int)
min float: (int)

PodSecurityPolicyTemplateRunAsGroup

Rule string: (string)
Ranges List<PodSecurityPolicyTemplateRunAsGroupRangeArgs>: (list)

Rule string: (string)
Ranges []PodSecurityPolicyTemplateRunAsGroupRange: (list)

rule string: (string)
ranges PodSecurityPolicyTemplateRunAsGroupRange[]: (list)

rule str: (string)
ranges List[PodSecurityPolicyTemplateRunAsGroupRange]: (list)

PodSecurityPolicyTemplateRunAsGroupRange

Max int: (int)
Min int: (int)

Max int: (int)
Min int: (int)

max number: (int)
min number: (int)

max float: (int)
min float: (int)

PodSecurityPolicyTemplateRunAsUser

Rule string: (string)
Ranges List<PodSecurityPolicyTemplateRunAsUserRangeArgs>: (list)

Rule string: (string)
Ranges []PodSecurityPolicyTemplateRunAsUserRange: (list)

rule string: (string)
ranges PodSecurityPolicyTemplateRunAsUserRange[]: (list)

rule str: (string)
ranges List[PodSecurityPolicyTemplateRunAsUserRange]: (list)

PodSecurityPolicyTemplateRunAsUserRange

Max int: (int)
Min int: (int)

Max int: (int)
Min int: (int)

max number: (int)
min number: (int)

max float: (int)
min float: (int)

PodSecurityPolicyTemplateRuntimeClass

AllowedRuntimeClassNames List<string>: (list)
DefaultRuntimeClassName string: (string)

AllowedRuntimeClassNames []string: (list)
DefaultRuntimeClassName string: (string)

allowedRuntimeClassNames string[]: (list)
defaultRuntimeClassName string: (string)

allowedRuntimeClassNames List[str]: (list)
defaultRuntimeClassName str: (string)

PodSecurityPolicyTemplateSeLinux

Rule string: (string)
SeLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs: (list maxitems:1)

Rule string: (string)
SeLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOption: (list maxitems:1)

rule string: (string)
seLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOption: (list maxitems:1)

rule str: (string)
seLinuxOption Dict[PodSecurityPolicyTemplateSeLinuxSeLinuxOption]: (list maxitems:1)

PodSecurityPolicyTemplateSeLinuxSeLinuxOption

Level string: (string)
Role string: (string)
Type string: (string)
User string: (string)

Level string: (string)
Role string: (string)
Type string: (string)
User string: (string)

level string: (string)
role string: (string)
type string: (string)
user string: (string)

level str: (string)
role str: (string)
type str: (string)
user str: (string)

PodSecurityPolicyTemplateSupplementalGroup

Ranges List<PodSecurityPolicyTemplateSupplementalGroupRangeArgs>: (list)
Rule string: (string)

Ranges []PodSecurityPolicyTemplateSupplementalGroupRange: (list)
Rule string: (string)

ranges PodSecurityPolicyTemplateSupplementalGroupRange[]: (list)
rule string: (string)

ranges List[PodSecurityPolicyTemplateSupplementalGroupRange]: (list)
rule str: (string)

PodSecurityPolicyTemplateSupplementalGroupRange

Max int: (int)
Min int: (int)

Max int: (int)
Min int: (int)

max number: (int)
min number: (int)

max float: (int)
min float: (int)

Package Details

Repository: https://github.com/pulumi/pulumi-rancher2
License: Apache-2.0
Notes: This Pulumi package is based on the rancher2 Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud