github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #113467 from pacoxu/psp-cleanup

Browse Source 
Remove PodSecurityPolicy related code except client-go & API type
This commit is contained in:
Kubernetes Prow Robot 2023-01-11 14:28:07 -08:00 committed by GitHub
commit 08d9a0ef5b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
63 changed files with 242 additions and 12052 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/api-rules/violation_exceptions.list
View File

@ -155,7 +155,6 @@ API rule violation: list_type_missing,k8s.io/api/core/v1,TopologySelectorLabelRe
API rule violation: list_type_missing,k8s.io/api/core/v1,TopologySelectorTerm,MatchLabelExpressions
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,DaemonSetStatus,Conditions
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,DeploymentStatus,Conditions
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,FSGroupStrategyOptions,Ranges
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,HTTPIngressRuleValue,Paths
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IPBlock,Except
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,IngressLoadBalancerStatus,Ingress
@ -169,22 +168,7 @@ API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolic
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicySpec,Egress
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicySpec,Ingress
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,NetworkPolicySpec,PolicyTypes
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,AllowedCSIDrivers
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,AllowedCapabilities
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,AllowedFlexVolumes
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,AllowedHostPaths
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,AllowedProcMountTypes
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,AllowedUnsafeSysctls
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,DefaultAddCapabilities
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,ForbiddenSysctls
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,HostPorts
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,RequiredDropCapabilities
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,PodSecurityPolicySpec,Volumes
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,ReplicaSetStatus,Conditions
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,RunAsGroupStrategyOptions,Ranges
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,RunAsUserStrategyOptions,Ranges
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,RuntimeClassStrategyOptions,AllowedRuntimeClassNames
API rule violation: list_type_missing,k8s.io/api/extensions/v1beta1,SupplementalGroupsStrategyOptions,Ranges
API rule violation: list_type_missing,k8s.io/api/imagepolicy/v1alpha1,ImageReviewSpec,Containers
API rule violation: list_type_missing,k8s.io/api/networking/v1,IPBlock,Except
API rule violation: list_type_missing,k8s.io/api/networking/v1,IngressLoadBalancerStatus,Ingress

8
pkg/api/podsecuritypolicy/OWNERS
View File

@ -1,8 +0,0 @@
# See the OWNERS docs at https://go.k8s.io/owners
# approval on api packages bubbles to api-approvers
reviewers:
- sig-auth-policy-approvers
- sig-auth-policy-reviewers
labels:
- sig/auth

44
pkg/api/podsecuritypolicy/util.go
View File

@ -1,44 +0,0 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package podsecuritypolicy
import (
utilfeature "k8s.io/apiserver/pkg/util/feature"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/features"
)
// DropDisabledFields removes disabled fields from the pod security policy spec.
// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pod security policy spec.
func DropDisabledFields(pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) && !allowedProcMountTypesInUse(oldPSPSpec) {
pspSpec.AllowedProcMountTypes = nil
}
}
func allowedProcMountTypesInUse(oldPSPSpec *policy.PodSecurityPolicySpec) bool {
if oldPSPSpec == nil {
return false
}
if oldPSPSpec.AllowedProcMountTypes != nil {
return true
}
return false
}

110
pkg/api/podsecuritypolicy/util_test.go
View File

@ -1,110 +0,0 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package podsecuritypolicy
import (
"fmt"
"reflect"
"testing"
"github.com/google/go-cmp/cmp"
utilfeature "k8s.io/apiserver/pkg/util/feature"
featuregatetesting "k8s.io/component-base/featuregate/testing"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/features"
)
func TestDropAllowedProcMountTypes(t *testing.T) {
allowedProcMountTypes := []api.ProcMountType{api.UnmaskedProcMount}
scWithoutAllowedProcMountTypes := func() *policy.PodSecurityPolicySpec {
return &policy.PodSecurityPolicySpec{}
}
scWithAllowedProcMountTypes := func() *policy.PodSecurityPolicySpec {
return &policy.PodSecurityPolicySpec{
AllowedProcMountTypes: allowedProcMountTypes,
}
}
scInfo := []struct {
description string
hasAllowedProcMountTypes bool
sc func() *policy.PodSecurityPolicySpec
}{
{
description: "PodSecurityPolicySpec Without AllowedProcMountTypes",
hasAllowedProcMountTypes: false,
sc: scWithoutAllowedProcMountTypes,
},
{
description: "PodSecurityPolicySpec With AllowedProcMountTypes",
hasAllowedProcMountTypes: true,
sc: scWithAllowedProcMountTypes,
},
{
description: "is nil",
hasAllowedProcMountTypes: false,
sc: func() *policy.PodSecurityPolicySpec { return nil },
},
}
for _, enabled := range []bool{true, false} {
for _, oldPSPSpecInfo := range scInfo {
for _, newPSPSpecInfo := range scInfo {
oldPSPSpecHasAllowedProcMountTypes, oldPSPSpec := oldPSPSpecInfo.hasAllowedProcMountTypes, oldPSPSpecInfo.sc()
newPSPSpecHasAllowedProcMountTypes, newPSPSpec := newPSPSpecInfo.hasAllowedProcMountTypes, newPSPSpecInfo.sc()
if newPSPSpec == nil {
continue
}
t.Run(fmt.Sprintf("feature enabled=%v, old PodSecurityPolicySpec %v, new PodSecurityPolicySpec %v", enabled, oldPSPSpecInfo.description, newPSPSpecInfo.description), func(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ProcMountType, enabled)()
DropDisabledFields(newPSPSpec, oldPSPSpec)
// old PodSecurityPolicySpec should never be changed
if !reflect.DeepEqual(oldPSPSpec, oldPSPSpecInfo.sc()) {
t.Errorf("old PodSecurityPolicySpec changed: %v", cmp.Diff(oldPSPSpec, oldPSPSpecInfo.sc()))
}
switch {
case enabled || oldPSPSpecHasAllowedProcMountTypes:
// new PodSecurityPolicySpec should not be changed if the feature is enabled, or if the old PodSecurityPolicySpec had AllowedProcMountTypes
if !reflect.DeepEqual(newPSPSpec, newPSPSpecInfo.sc()) {
t.Errorf("new PodSecurityPolicySpec changed: %v", cmp.Diff(newPSPSpec, newPSPSpecInfo.sc()))
}
case newPSPSpecHasAllowedProcMountTypes:
// new PodSecurityPolicySpec should be changed
if reflect.DeepEqual(newPSPSpec, newPSPSpecInfo.sc()) {
t.Errorf("new PodSecurityPolicySpec was not changed")
}
// new PodSecurityPolicySpec should not have AllowedProcMountTypes
if !reflect.DeepEqual(newPSPSpec, scWithoutAllowedProcMountTypes()) {
t.Errorf("new PodSecurityPolicySpec had PodSecurityPolicySpecAllowedProcMountTypes: %v", cmp.Diff(newPSPSpec, scWithoutAllowedProcMountTypes()))
}
default:
// new PodSecurityPolicySpec should not need to be changed
if !reflect.DeepEqual(newPSPSpec, newPSPSpecInfo.sc()) {
t.Errorf("new PodSecurityPolicySpec changed: %v", cmp.Diff(newPSPSpec, newPSPSpecInfo.sc()))
}
}
})
}
}
}
}

2
pkg/api/testing/defaulting_test.go
View File

@ -115,8 +115,6 @@ func TestDefaulting(t *testing.T) {
{Group: "apps", Version: "v1", Kind: "DeploymentList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "Ingress"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "IngressList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "PodSecurityPolicy"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "PodSecurityPolicyList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSet"}: {},
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSetList"}: {},
{Group: "apps", Version: "v1", Kind: "ReplicaSet"}: {},

3
pkg/apis/extensions/register.go
View File

@ -22,7 +22,6 @@ import (
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/networking"
"k8s.io/kubernetes/pkg/apis/policy"
)
// GroupName is the group name use in this package
@ -60,8 +59,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&networking.IngressList{},
&apps.ReplicaSet{},
&apps.ReplicaSetList{},
&policy.PodSecurityPolicy{},
&policy.PodSecurityPolicyList{},
&autoscaling.Scale{},
&networking.NetworkPolicy{},
&networking.NetworkPolicyList{},

9
pkg/apis/extensions/v1beta1/defaults.go
View File

@ -70,15 +70,6 @@ func SetDefaults_DaemonSet(obj *extensionsv1beta1.DaemonSet) {
}
}
func SetDefaults_PodSecurityPolicySpec(obj *extensionsv1beta1.PodSecurityPolicySpec) {
// This field was added after PodSecurityPolicy was released.
// Policies that do not include this field must remain as permissive as they were prior to the introduction of this field.
if obj.AllowPrivilegeEscalation == nil {
t := true
obj.AllowPrivilegeEscalation = &t
}
}
func SetDefaults_Deployment(obj *extensionsv1beta1.Deployment) {
// Default labels and selector to labels from pod template spec.
labels := obj.Spec.Template.Labels

9
pkg/apis/extensions/v1beta1/defaults_test.go
View File

@ -520,15 +520,6 @@ func TestDefaultRequestIsNotSetForReplicaSet(t *testing.T) {
}
}
func TestDefaultAllowPrivilegeEscalationForPodSecurityPolicy(t *testing.T) {
psp := &extensionsv1beta1.PodSecurityPolicy{}
output := roundTrip(t, runtime.Object(psp))
psp2 := output.(*extensionsv1beta1.PodSecurityPolicy)
if psp2.Spec.AllowPrivilegeEscalation == nil || *psp2.Spec.AllowPrivilegeEscalation != true {
t.Errorf("Expected default to true, got: %#v", psp2.Spec.AllowPrivilegeEscalation)
}
}
func TestSetDefaultNetworkPolicy(t *testing.T) {
tests := []struct {
original *extensionsv1beta1.NetworkPolicy

533
pkg/apis/extensions/v1beta1/zz_generated.conversion.go generated
View File

@ -35,7 +35,6 @@ import (
core "k8s.io/kubernetes/pkg/apis/core"
corev1 "k8s.io/kubernetes/pkg/apis/core/v1"
networking "k8s.io/kubernetes/pkg/apis/networking"
policy "k8s.io/kubernetes/pkg/apis/policy"
)
func init() {
@ -45,36 +44,6 @@ func init() {
// RegisterConversions adds conversion functions to the given scheme.
// Public to allow building arbitrary schemes.
func RegisterConversions(s *runtime.Scheme) error {
if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedCSIDriver)(nil), (*policy.AllowedCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(a.(*v1beta1.AllowedCSIDriver), b.(*policy.AllowedCSIDriver), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.AllowedCSIDriver)(nil), (*v1beta1.AllowedCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(a.(*policy.AllowedCSIDriver), b.(*v1beta1.AllowedCSIDriver), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedFlexVolume)(nil), (*policy.AllowedFlexVolume)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(a.(*v1beta1.AllowedFlexVolume), b.(*policy.AllowedFlexVolume), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.AllowedFlexVolume)(nil), (*v1beta1.AllowedFlexVolume)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(a.(*policy.AllowedFlexVolume), b.(*v1beta1.AllowedFlexVolume), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.AllowedHostPath)(nil), (*policy.AllowedHostPath)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(a.(*v1beta1.AllowedHostPath), b.(*policy.AllowedHostPath), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.AllowedHostPath)(nil), (*v1beta1.AllowedHostPath)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(a.(*policy.AllowedHostPath), b.(*v1beta1.AllowedHostPath), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.DaemonSet)(nil), (*apps.DaemonSet)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_DaemonSet_To_apps_DaemonSet(a.(*v1beta1.DaemonSet), b.(*apps.DaemonSet), scope)
}); err != nil {
@ -205,16 +174,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.FSGroupStrategyOptions)(nil), (*policy.FSGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(a.(*v1beta1.FSGroupStrategyOptions), b.(*policy.FSGroupStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.FSGroupStrategyOptions)(nil), (*v1beta1.FSGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(a.(*policy.FSGroupStrategyOptions), b.(*v1beta1.FSGroupStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.HTTPIngressPath)(nil), (*networking.HTTPIngressPath)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(a.(*v1beta1.HTTPIngressPath), b.(*networking.HTTPIngressPath), scope)
}); err != nil {
@ -235,26 +194,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.HostPortRange)(nil), (*policy.HostPortRange)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_HostPortRange_To_policy_HostPortRange(a.(*v1beta1.HostPortRange), b.(*policy.HostPortRange), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.HostPortRange)(nil), (*v1beta1.HostPortRange)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_HostPortRange_To_v1beta1_HostPortRange(a.(*policy.HostPortRange), b.(*v1beta1.HostPortRange), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.IDRange)(nil), (*policy.IDRange)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_IDRange_To_policy_IDRange(a.(*v1beta1.IDRange), b.(*policy.IDRange), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.IDRange)(nil), (*v1beta1.IDRange)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_IDRange_To_v1beta1_IDRange(a.(*policy.IDRange), b.(*v1beta1.IDRange), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.Ingress)(nil), (*networking.Ingress)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_Ingress_To_networking_Ingress(a.(*v1beta1.Ingress), b.(*networking.Ingress), scope)
}); err != nil {
@ -395,36 +334,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicy)(nil), (*policy.PodSecurityPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(a.(*v1beta1.PodSecurityPolicy), b.(*policy.PodSecurityPolicy), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicy)(nil), (*v1beta1.PodSecurityPolicy)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(a.(*policy.PodSecurityPolicy), b.(*v1beta1.PodSecurityPolicy), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicyList)(nil), (*policy.PodSecurityPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(a.(*v1beta1.PodSecurityPolicyList), b.(*policy.PodSecurityPolicyList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicyList)(nil), (*v1beta1.PodSecurityPolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(a.(*policy.PodSecurityPolicyList), b.(*v1beta1.PodSecurityPolicyList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.PodSecurityPolicySpec)(nil), (*policy.PodSecurityPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(a.(*v1beta1.PodSecurityPolicySpec), b.(*policy.PodSecurityPolicySpec), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.PodSecurityPolicySpec)(nil), (*v1beta1.PodSecurityPolicySpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(a.(*policy.PodSecurityPolicySpec), b.(*v1beta1.PodSecurityPolicySpec), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.ReplicaSet)(nil), (*apps.ReplicaSet)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_ReplicaSet_To_apps_ReplicaSet(a.(*v1beta1.ReplicaSet), b.(*apps.ReplicaSet), scope)
}); err != nil {
@ -505,46 +414,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsGroupStrategyOptions)(nil), (*policy.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(a.(*v1beta1.RunAsGroupStrategyOptions), b.(*policy.RunAsGroupStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.RunAsGroupStrategyOptions)(nil), (*v1beta1.RunAsGroupStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(a.(*policy.RunAsGroupStrategyOptions), b.(*v1beta1.RunAsGroupStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.RunAsUserStrategyOptions)(nil), (*policy.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(a.(*v1beta1.RunAsUserStrategyOptions), b.(*policy.RunAsUserStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.RunAsUserStrategyOptions)(nil), (*v1beta1.RunAsUserStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(a.(*policy.RunAsUserStrategyOptions), b.(*v1beta1.RunAsUserStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.RuntimeClassStrategyOptions)(nil), (*policy.RuntimeClassStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(a.(*v1beta1.RuntimeClassStrategyOptions), b.(*policy.RuntimeClassStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.RuntimeClassStrategyOptions)(nil), (*v1beta1.RuntimeClassStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(a.(*policy.RuntimeClassStrategyOptions), b.(*v1beta1.RuntimeClassStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.SELinuxStrategyOptions)(nil), (*policy.SELinuxStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(a.(*v1beta1.SELinuxStrategyOptions), b.(*policy.SELinuxStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.SELinuxStrategyOptions)(nil), (*v1beta1.SELinuxStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(a.(*policy.SELinuxStrategyOptions), b.(*v1beta1.SELinuxStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.Scale)(nil), (*autoscaling.Scale)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_Scale_To_autoscaling_Scale(a.(*v1beta1.Scale), b.(*autoscaling.Scale), scope)
}); err != nil {
@ -565,16 +434,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1beta1.SupplementalGroupsStrategyOptions)(nil), (*policy.SupplementalGroupsStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(a.(*v1beta1.SupplementalGroupsStrategyOptions), b.(*policy.SupplementalGroupsStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*policy.SupplementalGroupsStrategyOptions)(nil), (*v1beta1.SupplementalGroupsStrategyOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(a.(*policy.SupplementalGroupsStrategyOptions), b.(*v1beta1.SupplementalGroupsStrategyOptions), scope)
}); err != nil {
return err
}
if err := s.AddConversionFunc((*autoscaling.ScaleStatus)(nil), (*v1beta1.ScaleStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(a.(*autoscaling.ScaleStatus), b.(*v1beta1.ScaleStatus), scope)
}); err != nil {
@ -648,68 +507,6 @@ func RegisterConversions(s *runtime.Scheme) error {
return nil
}
func autoConvert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in *v1beta1.AllowedCSIDriver, out *policy.AllowedCSIDriver, s conversion.Scope) error {
out.Name = in.Name
return nil
}
// Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver is an autogenerated conversion function.
func Convert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in *v1beta1.AllowedCSIDriver, out *policy.AllowedCSIDriver, s conversion.Scope) error {
return autoConvert_v1beta1_AllowedCSIDriver_To_policy_AllowedCSIDriver(in, out, s)
}
func autoConvert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in *policy.AllowedCSIDriver, out *v1beta1.AllowedCSIDriver, s conversion.Scope) error {
out.Name = in.Name
return nil
}
// Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver is an autogenerated conversion function.
func Convert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in *policy.AllowedCSIDriver, out *v1beta1.AllowedCSIDriver, s conversion.Scope) error {
return autoConvert_policy_AllowedCSIDriver_To_v1beta1_AllowedCSIDriver(in, out, s)
}
func autoConvert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *policy.AllowedFlexVolume, s conversion.Scope) error {
out.Driver = in.Driver
return nil
}
// Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume is an autogenerated conversion function.
func Convert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in *v1beta1.AllowedFlexVolume, out *policy.AllowedFlexVolume, s conversion.Scope) error {
return autoConvert_v1beta1_AllowedFlexVolume_To_policy_AllowedFlexVolume(in, out, s)
}
func autoConvert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *policy.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error {
out.Driver = in.Driver
return nil
}
// Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume is an autogenerated conversion function.
func Convert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in *policy.AllowedFlexVolume, out *v1beta1.AllowedFlexVolume, s conversion.Scope) error {
return autoConvert_policy_AllowedFlexVolume_To_v1beta1_AllowedFlexVolume(in, out, s)
}
func autoConvert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in *v1beta1.AllowedHostPath, out *policy.AllowedHostPath, s conversion.Scope) error {
out.PathPrefix = in.PathPrefix
out.ReadOnly = in.ReadOnly
return nil
}
// Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath is an autogenerated conversion function.
func Convert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in *v1beta1.AllowedHostPath, out *policy.AllowedHostPath, s conversion.Scope) error {
return autoConvert_v1beta1_AllowedHostPath_To_policy_AllowedHostPath(in, out, s)
}
func autoConvert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in *policy.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error {
out.PathPrefix = in.PathPrefix
out.ReadOnly = in.ReadOnly
return nil
}
// Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath is an autogenerated conversion function.
func Convert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in *policy.AllowedHostPath, out *v1beta1.AllowedHostPath, s conversion.Scope) error {
return autoConvert_policy_AllowedHostPath_To_v1beta1_AllowedHostPath(in, out, s)
}
func autoConvert_v1beta1_DaemonSet_To_apps_DaemonSet(in *v1beta1.DaemonSet, out *apps.DaemonSet, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1beta1_DaemonSetSpec_To_apps_DaemonSetSpec(&in.Spec, &out.Spec, s); err != nil {
@ -1178,28 +975,6 @@ func Convert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in *apps.Depl
return autoConvert_apps_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in, out, s)
}
func autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error {
out.Rule = policy.FSGroupStrategyType(in.Rule)
out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions is an autogenerated conversion function.
func Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in *v1beta1.FSGroupStrategyOptions, out *policy.FSGroupStrategyOptions, s conversion.Scope) error {
return autoConvert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(in, out, s)
}
func autoConvert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *policy.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error {
out.Rule = v1beta1.FSGroupStrategyType(in.Rule)
out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions is an autogenerated conversion function.
func Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *policy.FSGroupStrategyOptions, out *v1beta1.FSGroupStrategyOptions, s conversion.Scope) error {
return autoConvert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in, out, s)
}
func autoConvert_v1beta1_HTTPIngressPath_To_networking_HTTPIngressPath(in *v1beta1.HTTPIngressPath, out *networking.HTTPIngressPath, s conversion.Scope) error {
out.Path = in.Path
out.PathType = (*networking.PathType)(unsafe.Pointer(in.PathType))
@ -1268,50 +1043,6 @@ func Convert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in
return autoConvert_networking_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue(in, out, s)
}
func autoConvert_v1beta1_HostPortRange_To_policy_HostPortRange(in *v1beta1.HostPortRange, out *policy.HostPortRange, s conversion.Scope) error {
out.Min = in.Min
out.Max = in.Max
return nil
}
// Convert_v1beta1_HostPortRange_To_policy_HostPortRange is an autogenerated conversion function.
func Convert_v1beta1_HostPortRange_To_policy_HostPortRange(in *v1beta1.HostPortRange, out *policy.HostPortRange, s conversion.Scope) error {
return autoConvert_v1beta1_HostPortRange_To_policy_HostPortRange(in, out, s)
}
func autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error {
out.Min = in.Min
out.Max = in.Max
return nil
}
// Convert_policy_HostPortRange_To_v1beta1_HostPortRange is an autogenerated conversion function.
func Convert_policy_HostPortRange_To_v1beta1_HostPortRange(in *policy.HostPortRange, out *v1beta1.HostPortRange, s conversion.Scope) error {
return autoConvert_policy_HostPortRange_To_v1beta1_HostPortRange(in, out, s)
}
func autoConvert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error {
out.Min = in.Min
out.Max = in.Max
return nil
}
// Convert_v1beta1_IDRange_To_policy_IDRange is an autogenerated conversion function.
func Convert_v1beta1_IDRange_To_policy_IDRange(in *v1beta1.IDRange, out *policy.IDRange, s conversion.Scope) error {
return autoConvert_v1beta1_IDRange_To_policy_IDRange(in, out, s)
}
func autoConvert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error {
out.Min = in.Min
out.Max = in.Max
return nil
}
// Convert_policy_IDRange_To_v1beta1_IDRange is an autogenerated conversion function.
func Convert_policy_IDRange_To_v1beta1_IDRange(in *policy.IDRange, out *v1beta1.IDRange, s conversion.Scope) error {
return autoConvert_policy_IDRange_To_v1beta1_IDRange(in, out, s)
}
func autoConvert_v1beta1_IPBlock_To_networking_IPBlock(in *v1beta1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
out.CIDR = in.CIDR
out.Except = *(*[]string)(unsafe.Pointer(&in.Except))
@ -1901,160 +1632,6 @@ func Convert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(in *n
return autoConvert_networking_NetworkPolicyStatus_To_v1beta1_NetworkPolicyStatus(in, out, s)
}
func autoConvert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *policy.PodSecurityPolicy, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil {
return err
}
return nil
}
// Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy is an autogenerated conversion function.
func Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *policy.PodSecurityPolicy, s conversion.Scope) error {
return autoConvert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(in, out, s)
}
func autoConvert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *policy.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil {
return err
}
return nil
}
// Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy is an autogenerated conversion function.
func Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in *policy.PodSecurityPolicy, out *v1beta1.PodSecurityPolicy, s conversion.Scope) error {
return autoConvert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(in, out, s)
}
func autoConvert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *policy.PodSecurityPolicyList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]policy.PodSecurityPolicy, len(*in))
for i := range *in {
if err := Convert_v1beta1_PodSecurityPolicy_To_policy_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Items = nil
}
return nil
}
// Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList is an autogenerated conversion function.
func Convert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList, out *policy.PodSecurityPolicyList, s conversion.Scope) error {
return autoConvert_v1beta1_PodSecurityPolicyList_To_policy_PodSecurityPolicyList(in, out, s)
}
func autoConvert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *policy.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]v1beta1.PodSecurityPolicy, len(*in))
for i := range *in {
if err := Convert_policy_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.Items = nil
}
return nil
}
// Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList is an autogenerated conversion function.
func Convert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in *policy.PodSecurityPolicyList, out *v1beta1.PodSecurityPolicyList, s conversion.Scope) error {
return autoConvert_policy_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(in, out, s)
}
func autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *policy.PodSecurityPolicySpec, s conversion.Scope) error {
out.Privileged = in.Privileged
out.DefaultAddCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities))
out.RequiredDropCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities))
out.AllowedCapabilities = *(*[]core.Capability)(unsafe.Pointer(&in.AllowedCapabilities))
out.Volumes = *(*[]policy.FSType)(unsafe.Pointer(&in.Volumes))
out.HostNetwork = in.HostNetwork
out.HostPorts = *(*[]policy.HostPortRange)(unsafe.Pointer(&in.HostPorts))
out.HostPID = in.HostPID
out.HostIPC = in.HostIPC
if err := Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil {
return err
}
if err := Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
return err
}
out.RunAsGroup = (*policy.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup))
if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
return err
}
if err := Convert_v1beta1_FSGroupStrategyOptions_To_policy_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil {
return err
}
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
if err := metav1.Convert_Pointer_bool_To_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil {
return err
}
out.AllowedHostPaths = *(*[]policy.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths))
out.AllowedFlexVolumes = *(*[]policy.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes))
out.AllowedCSIDrivers = *(*[]policy.AllowedCSIDriver)(unsafe.Pointer(&in.AllowedCSIDrivers))
out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls))
out.ForbiddenSysctls = *(*[]string)(unsafe.Pointer(&in.ForbiddenSysctls))
out.AllowedProcMountTypes = *(*[]core.ProcMountType)(unsafe.Pointer(&in.AllowedProcMountTypes))
out.RuntimeClass = (*policy.RuntimeClassStrategyOptions)(unsafe.Pointer(in.RuntimeClass))
return nil
}
// Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec is an autogenerated conversion function.
func Convert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in *v1beta1.PodSecurityPolicySpec, out *policy.PodSecurityPolicySpec, s conversion.Scope) error {
return autoConvert_v1beta1_PodSecurityPolicySpec_To_policy_PodSecurityPolicySpec(in, out, s)
}
func autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *policy.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
out.Privileged = in.Privileged
out.DefaultAddCapabilities = *(*[]v1.Capability)(unsafe.Pointer(&in.DefaultAddCapabilities))
out.RequiredDropCapabilities = *(*[]v1.Capability)(unsafe.Pointer(&in.RequiredDropCapabilities))
out.AllowedCapabilities = *(*[]v1.Capability)(unsafe.Pointer(&in.AllowedCapabilities))
out.Volumes = *(*[]v1beta1.FSType)(unsafe.Pointer(&in.Volumes))
out.HostNetwork = in.HostNetwork
out.HostPorts = *(*[]v1beta1.HostPortRange)(unsafe.Pointer(&in.HostPorts))
out.HostPID = in.HostPID
out.HostIPC = in.HostIPC
if err := Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(&in.SELinux, &out.SELinux, s); err != nil {
return err
}
if err := Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil {
return err
}
out.RunAsGroup = (*v1beta1.RunAsGroupStrategyOptions)(unsafe.Pointer(in.RunAsGroup))
if err := Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil {
return err
}
if err := Convert_policy_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil {
return err
}
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
if err := metav1.Convert_bool_To_Pointer_bool(&in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation, s); err != nil {
return err
}
out.AllowedHostPaths = *(*[]v1beta1.AllowedHostPath)(unsafe.Pointer(&in.AllowedHostPaths))
out.AllowedFlexVolumes = *(*[]v1beta1.AllowedFlexVolume)(unsafe.Pointer(&in.AllowedFlexVolumes))
out.AllowedCSIDrivers = *(*[]v1beta1.AllowedCSIDriver)(unsafe.Pointer(&in.AllowedCSIDrivers))
out.AllowedUnsafeSysctls = *(*[]string)(unsafe.Pointer(&in.AllowedUnsafeSysctls))
out.ForbiddenSysctls = *(*[]string)(unsafe.Pointer(&in.ForbiddenSysctls))
out.AllowedProcMountTypes = *(*[]v1.ProcMountType)(unsafe.Pointer(&in.AllowedProcMountTypes))
out.RuntimeClass = (*v1beta1.RuntimeClassStrategyOptions)(unsafe.Pointer(in.RuntimeClass))
return nil
}
// Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec is an autogenerated conversion function.
func Convert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *policy.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
return autoConvert_policy_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s)
}
func autoConvert_v1beta1_ReplicaSet_To_apps_ReplicaSet(in *v1beta1.ReplicaSet, out *apps.ReplicaSet, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1beta1_ReplicaSetSpec_To_apps_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil {
@ -2301,94 +1878,6 @@ func Convert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in
return autoConvert_apps_RollingUpdateDeployment_To_v1beta1_RollingUpdateDeployment(in, out, s)
}
func autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error {
out.Rule = policy.RunAsGroupStrategy(in.Rule)
out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions is an autogenerated conversion function.
func Convert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in *v1beta1.RunAsGroupStrategyOptions, out *policy.RunAsGroupStrategyOptions, s conversion.Scope) error {
return autoConvert_v1beta1_RunAsGroupStrategyOptions_To_policy_RunAsGroupStrategyOptions(in, out, s)
}
func autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error {
out.Rule = v1beta1.RunAsGroupStrategy(in.Rule)
out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions is an autogenerated conversion function.
func Convert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in *policy.RunAsGroupStrategyOptions, out *v1beta1.RunAsGroupStrategyOptions, s conversion.Scope) error {
return autoConvert_policy_RunAsGroupStrategyOptions_To_v1beta1_RunAsGroupStrategyOptions(in, out, s)
}
func autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error {
out.Rule = policy.RunAsUserStrategy(in.Rule)
out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions is an autogenerated conversion function.
func Convert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in *v1beta1.RunAsUserStrategyOptions, out *policy.RunAsUserStrategyOptions, s conversion.Scope) error {
return autoConvert_v1beta1_RunAsUserStrategyOptions_To_policy_RunAsUserStrategyOptions(in, out, s)
}
func autoConvert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *policy.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error {
out.Rule = v1beta1.RunAsUserStrategy(in.Rule)
out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions is an autogenerated conversion function.
func Convert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in *policy.RunAsUserStrategyOptions, out *v1beta1.RunAsUserStrategyOptions, s conversion.Scope) error {
return autoConvert_policy_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(in, out, s)
}
func autoConvert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in *v1beta1.RuntimeClassStrategyOptions, out *policy.RuntimeClassStrategyOptions, s conversion.Scope) error {
out.AllowedRuntimeClassNames = *(*[]string)(unsafe.Pointer(&in.AllowedRuntimeClassNames))
out.DefaultRuntimeClassName = (*string)(unsafe.Pointer(in.DefaultRuntimeClassName))
return nil
}
// Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions is an autogenerated conversion function.
func Convert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in *v1beta1.RuntimeClassStrategyOptions, out *policy.RuntimeClassStrategyOptions, s conversion.Scope) error {
return autoConvert_v1beta1_RuntimeClassStrategyOptions_To_policy_RuntimeClassStrategyOptions(in, out, s)
}
func autoConvert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in *policy.RuntimeClassStrategyOptions, out *v1beta1.RuntimeClassStrategyOptions, s conversion.Scope) error {
out.AllowedRuntimeClassNames = *(*[]string)(unsafe.Pointer(&in.AllowedRuntimeClassNames))
out.DefaultRuntimeClassName = (*string)(unsafe.Pointer(in.DefaultRuntimeClassName))
return nil
}
// Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions is an autogenerated conversion function.
func Convert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in *policy.RuntimeClassStrategyOptions, out *v1beta1.RuntimeClassStrategyOptions, s conversion.Scope) error {
return autoConvert_policy_RuntimeClassStrategyOptions_To_v1beta1_RuntimeClassStrategyOptions(in, out, s)
}
func autoConvert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *policy.SELinuxStrategyOptions, s conversion.Scope) error {
out.Rule = policy.SELinuxStrategy(in.Rule)
out.SELinuxOptions = (*core.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
return nil
}
// Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions is an autogenerated conversion function.
func Convert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in *v1beta1.SELinuxStrategyOptions, out *policy.SELinuxStrategyOptions, s conversion.Scope) error {
return autoConvert_v1beta1_SELinuxStrategyOptions_To_policy_SELinuxStrategyOptions(in, out, s)
}
func autoConvert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *policy.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error {
out.Rule = v1beta1.SELinuxStrategy(in.Rule)
out.SELinuxOptions = (*v1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
return nil
}
// Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions is an autogenerated conversion function.
func Convert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in *policy.SELinuxStrategyOptions, out *v1beta1.SELinuxStrategyOptions, s conversion.Scope) error {
return autoConvert_policy_SELinuxStrategyOptions_To_v1beta1_SELinuxStrategyOptions(in, out, s)
}
func autoConvert_v1beta1_Scale_To_autoscaling_Scale(in *v1beta1.Scale, out *autoscaling.Scale, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1beta1_ScaleSpec_To_autoscaling_ScaleSpec(&in.Spec, &out.Spec, s); err != nil {
@ -2453,25 +1942,3 @@ func autoConvert_autoscaling_ScaleStatus_To_v1beta1_ScaleStatus(in *autoscaling.
// WARNING: in.Selector requires manual conversion: inconvertible types (string vs map[string]string)
return nil
}
func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
out.Rule = policy.SupplementalGroupsStrategyType(in.Rule)
out.Ranges = *(*[]policy.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions is an autogenerated conversion function.
func Convert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in *v1beta1.SupplementalGroupsStrategyOptions, out *policy.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
return autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_policy_SupplementalGroupsStrategyOptions(in, out, s)
}
func autoConvert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *policy.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
out.Rule = v1beta1.SupplementalGroupsStrategyType(in.Rule)
out.Ranges = *(*[]v1beta1.IDRange)(unsafe.Pointer(&in.Ranges))
return nil
}
// Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions is an autogenerated conversion function.
func Convert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *policy.SupplementalGroupsStrategyOptions, out *v1beta1.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
return autoConvert_policy_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in, out, s)
}

13
pkg/apis/extensions/v1beta1/zz_generated.defaults.go generated
View File

@ -39,8 +39,6 @@ func RegisterDefaults(scheme *runtime.Scheme) error {
scheme.AddTypeDefaultingFunc(&v1beta1.IngressList{}, func(obj interface{}) { SetObjectDefaults_IngressList(obj.(*v1beta1.IngressList)) })
scheme.AddTypeDefaultingFunc(&v1beta1.NetworkPolicy{}, func(obj interface{}) { SetObjectDefaults_NetworkPolicy(obj.(*v1beta1.NetworkPolicy)) })
scheme.AddTypeDefaultingFunc(&v1beta1.NetworkPolicyList{}, func(obj interface{}) { SetObjectDefaults_NetworkPolicyList(obj.(*v1beta1.NetworkPolicyList)) })
scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicy{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicy(obj.(*v1beta1.PodSecurityPolicy)) })
scheme.AddTypeDefaultingFunc(&v1beta1.PodSecurityPolicyList{}, func(obj interface{}) { SetObjectDefaults_PodSecurityPolicyList(obj.(*v1beta1.PodSecurityPolicyList)) })
scheme.AddTypeDefaultingFunc(&v1beta1.ReplicaSet{}, func(obj interface{}) { SetObjectDefaults_ReplicaSet(obj.(*v1beta1.ReplicaSet)) })
scheme.AddTypeDefaultingFunc(&v1beta1.ReplicaSetList{}, func(obj interface{}) { SetObjectDefaults_ReplicaSetList(obj.(*v1beta1.ReplicaSetList)) })
return nil
@ -626,17 +624,6 @@ func SetObjectDefaults_NetworkPolicyList(in *v1beta1.NetworkPolicyList) {
}
}
func SetObjectDefaults_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy) {
SetDefaults_PodSecurityPolicySpec(&in.Spec)
}
func SetObjectDefaults_PodSecurityPolicyList(in *v1beta1.PodSecurityPolicyList) {
for i := range in.Items {
a := &in.Items[i]
SetObjectDefaults_PodSecurityPolicy(a)
}
}
func SetObjectDefaults_ReplicaSet(in *v1beta1.ReplicaSet) {
SetDefaults_ReplicaSet(in)
v1.SetDefaults_PodSpec(&in.Spec.Template.Spec)

719
pkg/generated/openapi/zz_generated.openapi.go generated
View File

@ -559,9 +559,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"k8s.io/api/events/v1beta1.Event": schema_k8sio_api_events_v1beta1_Event(ref),
"k8s.io/api/events/v1beta1.EventList": schema_k8sio_api_events_v1beta1_EventList(ref),
"k8s.io/api/events/v1beta1.EventSeries": schema_k8sio_api_events_v1beta1_EventSeries(ref),
"k8s.io/api/extensions/v1beta1.AllowedCSIDriver": schema_k8sio_api_extensions_v1beta1_AllowedCSIDriver(ref),
"k8s.io/api/extensions/v1beta1.AllowedFlexVolume": schema_k8sio_api_extensions_v1beta1_AllowedFlexVolume(ref),
"k8s.io/api/extensions/v1beta1.AllowedHostPath": schema_k8sio_api_extensions_v1beta1_AllowedHostPath(ref),
"k8s.io/api/extensions/v1beta1.DaemonSet": schema_k8sio_api_extensions_v1beta1_DaemonSet(ref),
"k8s.io/api/extensions/v1beta1.DaemonSetCondition": schema_k8sio_api_extensions_v1beta1_DaemonSetCondition(ref),
"k8s.io/api/extensions/v1beta1.DaemonSetList": schema_k8sio_api_extensions_v1beta1_DaemonSetList(ref),
@ -575,11 +572,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"k8s.io/api/extensions/v1beta1.DeploymentSpec": schema_k8sio_api_extensions_v1beta1_DeploymentSpec(ref),
"k8s.io/api/extensions/v1beta1.DeploymentStatus": schema_k8sio_api_extensions_v1beta1_DeploymentStatus(ref),
"k8s.io/api/extensions/v1beta1.DeploymentStrategy": schema_k8sio_api_extensions_v1beta1_DeploymentStrategy(ref),
"k8s.io/api/extensions/v1beta1.FSGroupStrategyOptions": schema_k8sio_api_extensions_v1beta1_FSGroupStrategyOptions(ref),
"k8s.io/api/extensions/v1beta1.HTTPIngressPath": schema_k8sio_api_extensions_v1beta1_HTTPIngressPath(ref),
"k8s.io/api/extensions/v1beta1.HTTPIngressRuleValue": schema_k8sio_api_extensions_v1beta1_HTTPIngressRuleValue(ref),
"k8s.io/api/extensions/v1beta1.HostPortRange": schema_k8sio_api_extensions_v1beta1_HostPortRange(ref),
"k8s.io/api/extensions/v1beta1.IDRange": schema_k8sio_api_extensions_v1beta1_IDRange(ref),
"k8s.io/api/extensions/v1beta1.IPBlock": schema_k8sio_api_extensions_v1beta1_IPBlock(ref),
"k8s.io/api/extensions/v1beta1.Ingress": schema_k8sio_api_extensions_v1beta1_Ingress(ref),
"k8s.io/api/extensions/v1beta1.IngressBackend": schema_k8sio_api_extensions_v1beta1_IngressBackend(ref),
@ -600,9 +594,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"k8s.io/api/extensions/v1beta1.NetworkPolicyPort": schema_k8sio_api_extensions_v1beta1_NetworkPolicyPort(ref),
"k8s.io/api/extensions/v1beta1.NetworkPolicySpec": schema_k8sio_api_extensions_v1beta1_NetworkPolicySpec(ref),
"k8s.io/api/extensions/v1beta1.NetworkPolicyStatus": schema_k8sio_api_extensions_v1beta1_NetworkPolicyStatus(ref),
"k8s.io/api/extensions/v1beta1.PodSecurityPolicy": schema_k8sio_api_extensions_v1beta1_PodSecurityPolicy(ref),
"k8s.io/api/extensions/v1beta1.PodSecurityPolicyList": schema_k8sio_api_extensions_v1beta1_PodSecurityPolicyList(ref),
"k8s.io/api/extensions/v1beta1.PodSecurityPolicySpec": schema_k8sio_api_extensions_v1beta1_PodSecurityPolicySpec(ref),
"k8s.io/api/extensions/v1beta1.ReplicaSet": schema_k8sio_api_extensions_v1beta1_ReplicaSet(ref),
"k8s.io/api/extensions/v1beta1.ReplicaSetCondition": schema_k8sio_api_extensions_v1beta1_ReplicaSetCondition(ref),
"k8s.io/api/extensions/v1beta1.ReplicaSetList": schema_k8sio_api_extensions_v1beta1_ReplicaSetList(ref),
@ -611,14 +602,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"k8s.io/api/extensions/v1beta1.RollbackConfig": schema_k8sio_api_extensions_v1beta1_RollbackConfig(ref),
"k8s.io/api/extensions/v1beta1.RollingUpdateDaemonSet": schema_k8sio_api_extensions_v1beta1_RollingUpdateDaemonSet(ref),
"k8s.io/api/extensions/v1beta1.RollingUpdateDeployment": schema_k8sio_api_extensions_v1beta1_RollingUpdateDeployment(ref),
"k8s.io/api/extensions/v1beta1.RunAsGroupStrategyOptions": schema_k8sio_api_extensions_v1beta1_RunAsGroupStrategyOptions(ref),
"k8s.io/api/extensions/v1beta1.RunAsUserStrategyOptions": schema_k8sio_api_extensions_v1beta1_RunAsUserStrategyOptions(ref),
"k8s.io/api/extensions/v1beta1.RuntimeClassStrategyOptions": schema_k8sio_api_extensions_v1beta1_RuntimeClassStrategyOptions(ref),
"k8s.io/api/extensions/v1beta1.SELinuxStrategyOptions": schema_k8sio_api_extensions_v1beta1_SELinuxStrategyOptions(ref),
"k8s.io/api/extensions/v1beta1.Scale": schema_k8sio_api_extensions_v1beta1_Scale(ref),
"k8s.io/api/extensions/v1beta1.ScaleSpec": schema_k8sio_api_extensions_v1beta1_ScaleSpec(ref),
"k8s.io/api/extensions/v1beta1.ScaleStatus": schema_k8sio_api_extensions_v1beta1_ScaleStatus(ref),
"k8s.io/api/extensions/v1beta1.SupplementalGroupsStrategyOptions": schema_k8sio_api_extensions_v1beta1_SupplementalGroupsStrategyOptions(ref),
"k8s.io/api/flowcontrol/v1alpha1.FlowDistinguisherMethod": schema_k8sio_api_flowcontrol_v1alpha1_FlowDistinguisherMethod(ref),
"k8s.io/api/flowcontrol/v1alpha1.FlowSchema": schema_k8sio_api_flowcontrol_v1alpha1_FlowSchema(ref),
"k8s.io/api/flowcontrol/v1alpha1.FlowSchemaCondition": schema_k8sio_api_flowcontrol_v1alpha1_FlowSchemaCondition(ref),
@ -28863,77 +28849,6 @@ func schema_k8sio_api_events_v1beta1_EventSeries(ref common.ReferenceCallback) c
}
}
func schema_k8sio_api_extensions_v1beta1_AllowedCSIDriver(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"name": {
SchemaProps: spec.SchemaProps{
Description: "Name is the registered name of the CSI driver",
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"name"},
},
},
}
}
func schema_k8sio_api_extensions_v1beta1_AllowedFlexVolume(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "AllowedFlexVolume represents a single Flexvolume that is allowed to be used. Deprecated: use AllowedFlexVolume from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"driver": {
SchemaProps: spec.SchemaProps{
Description: "driver is the name of the Flexvolume driver.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"driver"},
},
},
}
}
func schema_k8sio_api_extensions_v1beta1_AllowedHostPath(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined. Deprecated: use AllowedHostPath from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"pathPrefix": {
SchemaProps: spec.SchemaProps{
Description: "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
Type: []string{"string"},
Format: "",
},
},
"readOnly": {
SchemaProps: spec.SchemaProps{
Description: "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.",
Type: []string{"boolean"},
Format: "",
},
},
},
},
},
}
}
func schema_k8sio_api_extensions_v1beta1_DaemonSet(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@ -29692,42 +29607,6 @@ func schema_k8sio_api_extensions_v1beta1_DeploymentStrategy(ref common.Reference
}
}
func schema_k8sio_api_extensions_v1beta1_FSGroupStrategyOptions(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "FSGroupStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use FSGroupStrategyOptions from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rule": {
SchemaProps: spec.SchemaProps{
Description: "rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
Type: []string{"string"},
Format: "",
},
},
"ranges": {
SchemaProps: spec.SchemaProps{
Description: "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.IDRange"),
},
},
},
},
},
},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.IDRange"},
}
}
func schema_k8sio_api_extensions_v1beta1_HTTPIngressPath(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@ -29795,66 +29674,6 @@ func schema_k8sio_api_extensions_v1beta1_HTTPIngressRuleValue(ref common.Referen
}
}
func schema_k8sio_api_extensions_v1beta1_HostPortRange(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined. Deprecated: use HostPortRange from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"min": {
SchemaProps: spec.SchemaProps{
Description: "min is the start of the range, inclusive.",
Default: 0,
Type: []string{"integer"},
Format: "int32",
},
},
"max": {
SchemaProps: spec.SchemaProps{
Description: "max is the end of the range, inclusive.",
Default: 0,
Type: []string{"integer"},
Format: "int32",
},
},
},
Required: []string{"min", "max"},
},
},
}
}
func schema_k8sio_api_extensions_v1beta1_IDRange(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "IDRange provides a min/max of an allowed range of IDs. Deprecated: use IDRange from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"min": {
SchemaProps: spec.SchemaProps{
Description: "min is the start of the range, inclusive.",
Default: 0,
Type: []string{"integer"},
Format: "int64",
},
},
"max": {
SchemaProps: spec.SchemaProps{
Description: "max is the end of the range, inclusive.",
Default: 0,
Type: []string{"integer"},
Format: "int64",
},
},
},
Required: []string{"min", "max"},
},
},
}
}
func schema_k8sio_api_extensions_v1beta1_IPBlock(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@ -30666,366 +30485,6 @@ func schema_k8sio_api_extensions_v1beta1_NetworkPolicyStatus(ref common.Referenc
}
}
func schema_k8sio_api_extensions_v1beta1_PodSecurityPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated: use PodSecurityPolicy from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"kind": {
SchemaProps: spec.SchemaProps{
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
Type: []string{"string"},
Format: "",
},
},
"apiVersion": {
SchemaProps: spec.SchemaProps{
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
Type: []string{"string"},
Format: "",
},
},
"metadata": {
SchemaProps: spec.SchemaProps{
Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
Default: map[string]interface{}{},
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
},
},
"spec": {
SchemaProps: spec.SchemaProps{
Description: "spec defines the policy enforced.",
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.PodSecurityPolicySpec"),
},
},
},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.PodSecurityPolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}
func schema_k8sio_api_extensions_v1beta1_PodSecurityPolicyList(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "PodSecurityPolicyList is a list of PodSecurityPolicy objects. Deprecated: use PodSecurityPolicyList from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"kind": {
SchemaProps: spec.SchemaProps{
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
Type: []string{"string"},
Format: "",
},
},
"apiVersion": {
SchemaProps: spec.SchemaProps{
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
Type: []string{"string"},
Format: "",
},
},
"metadata": {
SchemaProps: spec.SchemaProps{
Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
Default: map[string]interface{}{},
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"),
},
},
"items": {
SchemaProps: spec.SchemaProps{
Description: "items is a list of schema objects.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.PodSecurityPolicy"),
},
},
},
},
},
},
Required: []string{"items"},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.PodSecurityPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
}
}
func schema_k8sio_api_extensions_v1beta1_PodSecurityPolicySpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "PodSecurityPolicySpec defines the policy enforced. Deprecated: use PodSecurityPolicySpec from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"privileged": {
SchemaProps: spec.SchemaProps{
Description: "privileged determines if a pod can request to be run as privileged.",
Type: []string{"boolean"},
Format: "",
},
},
"defaultAddCapabilities": {
SchemaProps: spec.SchemaProps{
Description: "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"requiredDropCapabilities": {
SchemaProps: spec.SchemaProps{
Description: "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"allowedCapabilities": {
SchemaProps: spec.SchemaProps{
Description: "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"volumes": {
SchemaProps: spec.SchemaProps{
Description: "volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"hostNetwork": {
SchemaProps: spec.SchemaProps{
Description: "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
Type: []string{"boolean"},
Format: "",
},
},
"hostPorts": {
SchemaProps: spec.SchemaProps{
Description: "hostPorts determines which host port ranges are allowed to be exposed.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.HostPortRange"),
},
},
},
},
},
"hostPID": {
SchemaProps: spec.SchemaProps{
Description: "hostPID determines if the policy allows the use of HostPID in the pod spec.",
Type: []string{"boolean"},
Format: "",
},
},
"hostIPC": {
SchemaProps: spec.SchemaProps{
Description: "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
Type: []string{"boolean"},
Format: "",
},
},
"seLinux": {
SchemaProps: spec.SchemaProps{
Description: "seLinux is the strategy that will dictate the allowable labels that may be set.",
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.SELinuxStrategyOptions"),
},
},
"runAsUser": {
SchemaProps: spec.SchemaProps{
Description: "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.RunAsUserStrategyOptions"),
},
},
"runAsGroup": {
SchemaProps: spec.SchemaProps{
Description: "RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
Ref: ref("k8s.io/api/extensions/v1beta1.RunAsGroupStrategyOptions"),
},
},
"supplementalGroups": {
SchemaProps: spec.SchemaProps{
Description: "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.SupplementalGroupsStrategyOptions"),
},
},
"fsGroup": {
SchemaProps: spec.SchemaProps{
Description: "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.FSGroupStrategyOptions"),
},
},
"readOnlyRootFilesystem": {
SchemaProps: spec.SchemaProps{
Description: "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
Type: []string{"boolean"},
Format: "",
},
},
"defaultAllowPrivilegeEscalation": {
SchemaProps: spec.SchemaProps{
Description: "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
Type: []string{"boolean"},
Format: "",
},
},
"allowPrivilegeEscalation": {
SchemaProps: spec.SchemaProps{
Description: "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
Type: []string{"boolean"},
Format: "",
},
},
"allowedHostPaths": {
SchemaProps: spec.SchemaProps{
Description: "allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.AllowedHostPath"),
},
},
},
},
},
"allowedFlexVolumes": {
SchemaProps: spec.SchemaProps{
Description: "allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.AllowedFlexVolume"),
},
},
},
},
},
"allowedCSIDrivers": {
SchemaProps: spec.SchemaProps{
Description: "AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.AllowedCSIDriver"),
},
},
},
},
},
"allowedUnsafeSysctls": {
SchemaProps: spec.SchemaProps{
Description: "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"forbiddenSysctls": {
SchemaProps: spec.SchemaProps{
Description: "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"allowedProcMountTypes": {
SchemaProps: spec.SchemaProps{
Description: "AllowedProcMountTypes is an allowlist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"runtimeClass": {
SchemaProps: spec.SchemaProps{
Description: "runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.",
Ref: ref("k8s.io/api/extensions/v1beta1.RuntimeClassStrategyOptions"),
},
},
},
Required: []string{"seLinux", "runAsUser", "supplementalGroups", "fsGroup"},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.AllowedCSIDriver", "k8s.io/api/extensions/v1beta1.AllowedFlexVolume", "k8s.io/api/extensions/v1beta1.AllowedHostPath", "k8s.io/api/extensions/v1beta1.FSGroupStrategyOptions", "k8s.io/api/extensions/v1beta1.HostPortRange", "k8s.io/api/extensions/v1beta1.RunAsGroupStrategyOptions", "k8s.io/api/extensions/v1beta1.RunAsUserStrategyOptions", "k8s.io/api/extensions/v1beta1.RuntimeClassStrategyOptions", "k8s.io/api/extensions/v1beta1.SELinuxStrategyOptions", "k8s.io/api/extensions/v1beta1.SupplementalGroupsStrategyOptions"},
}
}
func schema_k8sio_api_extensions_v1beta1_ReplicaSet(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@ -31368,148 +30827,6 @@ func schema_k8sio_api_extensions_v1beta1_RollingUpdateDeployment(ref common.Refe
}
}
func schema_k8sio_api_extensions_v1beta1_RunAsGroupStrategyOptions(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rule": {
SchemaProps: spec.SchemaProps{
Description: "rule is the strategy that will dictate the allowable RunAsGroup values that may be set.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"ranges": {
SchemaProps: spec.SchemaProps{
Description: "ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.IDRange"),
},
},
},
},
},
},
Required: []string{"rule"},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.IDRange"},
}
}
func schema_k8sio_api_extensions_v1beta1_RunAsUserStrategyOptions(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rule": {
SchemaProps: spec.SchemaProps{
Description: "rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"ranges": {
SchemaProps: spec.SchemaProps{
Description: "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.IDRange"),
},
},
},
},
},
},
Required: []string{"rule"},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.IDRange"},
}
}
func schema_k8sio_api_extensions_v1beta1_RuntimeClassStrategyOptions(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"allowedRuntimeClassNames": {
SchemaProps: spec.SchemaProps{
Description: "allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
"defaultRuntimeClassName": {
SchemaProps: spec.SchemaProps{
Description: "defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"allowedRuntimeClassNames"},
},
},
}
}
func schema_k8sio_api_extensions_v1beta1_SELinuxStrategyOptions(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use SELinuxStrategyOptions from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rule": {
SchemaProps: spec.SchemaProps{
Description: "rule is the strategy that will dictate the allowable labels that may be set.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"seLinuxOptions": {
SchemaProps: spec.SchemaProps{
Description: "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/",
Ref: ref("k8s.io/api/core/v1.SELinuxOptions"),
},
},
},
Required: []string{"rule"},
},
},
Dependencies: []string{
"k8s.io/api/core/v1.SELinuxOptions"},
}
}
func schema_k8sio_api_extensions_v1beta1_Scale(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@ -31630,42 +30947,6 @@ func schema_k8sio_api_extensions_v1beta1_ScaleStatus(ref common.ReferenceCallbac
}
}
func schema_k8sio_api_extensions_v1beta1_SupplementalGroupsStrategyOptions(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rule": {
SchemaProps: spec.SchemaProps{
Description: "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
Type: []string{"string"},
Format: "",
},
},
"ranges": {
SchemaProps: spec.SchemaProps{
Description: "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/api/extensions/v1beta1.IDRange"),
},
},
},
},
},
},
},
},
Dependencies: []string{
"k8s.io/api/extensions/v1beta1.IDRange"},
}
}
func schema_k8sio_api_flowcontrol_v1alpha1_FlowDistinguisherMethod(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{

2
pkg/kubeapiserver/default_storage_factory_builder.go
View File

@ -43,8 +43,6 @@ var SpecialDefaultResourcePrefixes = map[schema.GroupResource]string{
{Group: "", Resource: "services"}: "services/specs",
{Group: "extensions", Resource: "ingresses"}: "ingress",
{Group: "networking.k8s.io", Resource: "ingresses"}: "ingress",
{Group: "extensions", Resource: "podsecuritypolicies"}: "podsecuritypolicy",
{Group: "policy", Resource: "podsecuritypolicies"}: "podsecuritypolicy",
}
// DefaultWatchCacheSizes defines default resources for which watchcache

48
pkg/printers/internalversion/printers.go
View File

@ -38,7 +38,6 @@ import (
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
flowcontrolv1beta3 "k8s.io/api/flowcontrol/v1beta3"
networkingv1alpha1 "k8s.io/api/networking/v1alpha1"
policyv1beta1 "k8s.io/api/policy/v1beta1"
rbacv1beta1 "k8s.io/api/rbac/v1beta1"
resourcev1alpha1 "k8s.io/api/resource/v1alpha1"
schedulingv1 "k8s.io/api/scheduling/v1"
@ -367,20 +366,6 @@ func AddHandlers(h printers.PrintHandler) {
_ = h.TableHandler(configMapColumnDefinitions, printConfigMap)
_ = h.TableHandler(configMapColumnDefinitions, printConfigMapList)
podSecurityPolicyColumnDefinitions := []metav1.TableColumnDefinition{
{Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]},
{Name: "Priv", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["privileged"]},
{Name: "Caps", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["allowedCapabilities"]},
{Name: "SELinux", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["seLinux"]},
{Name: "RunAsUser", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["runAsUser"]},
{Name: "FsGroup", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["fsGroup"]},
{Name: "SupGroup", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["supplementalGroups"]},
{Name: "ReadOnlyRootFs", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["readOnlyRootFilesystem"]},
{Name: "Volumes", Type: "string", Description: policyv1beta1.PodSecurityPolicySpec{}.SwaggerDoc()["volumes"]},
}
_ = h.TableHandler(podSecurityPolicyColumnDefinitions, printPodSecurityPolicy)
_ = h.TableHandler(podSecurityPolicyColumnDefinitions, printPodSecurityPolicyList)
networkPolicyColumnDefinitioins := []metav1.TableColumnDefinition{
{Name: "Name", Type: "string", Format: "name", Description: metav1.ObjectMeta{}.SwaggerDoc()["name"]},
{Name: "Pod-Selector", Type: "string", Description: extensionsv1beta1.NetworkPolicySpec{}.SwaggerDoc()["podSelector"]},
@ -2326,39 +2311,6 @@ func printConfigMapList(list *api.ConfigMapList, options printers.GenerateOption
return rows, nil
}
func printPodSecurityPolicy(obj *policy.PodSecurityPolicy, options printers.GenerateOptions) ([]metav1.TableRow, error) {
row := metav1.TableRow{
Object: runtime.RawExtension{Object: obj},
}
capabilities := make([]string, len(obj.Spec.AllowedCapabilities))
for i, c := range obj.Spec.AllowedCapabilities {
capabilities[i] = string(c)
}
volumes := make([]string, len(obj.Spec.Volumes))
for i, v := range obj.Spec.Volumes {
volumes[i] = string(v)
}
row.Cells = append(row.Cells, obj.Name, fmt.Sprintf("%v", obj.Spec.Privileged),
strings.Join(capabilities, ","), string(obj.Spec.SELinux.Rule),
string(obj.Spec.RunAsUser.Rule), string(obj.Spec.FSGroup.Rule),
string(obj.Spec.SupplementalGroups.Rule), obj.Spec.ReadOnlyRootFilesystem,
strings.Join(volumes, ","))
return []metav1.TableRow{row}, nil
}
func printPodSecurityPolicyList(list *policy.PodSecurityPolicyList, options printers.GenerateOptions) ([]metav1.TableRow, error) {
rows := make([]metav1.TableRow, 0, len(list.Items))
for i := range list.Items {
r, err := printPodSecurityPolicy(&list.Items[i], options)
if err != nil {
return nil, err
}
rows = append(rows, r...)
}
return rows, nil
}
func printNetworkPolicy(obj *networking.NetworkPolicy, options printers.GenerateOptions) ([]metav1.TableRow, error) {
row := metav1.TableRow{
Object: runtime.RawExtension{Object: obj},

6
pkg/printers/internalversion/printers_test.go
View File

@ -6097,12 +6097,6 @@ func TestTableRowDeepCopyShouldNotPanic(t *testing.T) {
return printConfigMap(&api.ConfigMap{}, printers.GenerateOptions{})
},
},
{
name: "PodSecurityPolicy",
printer: func() ([]metav1.TableRow, error) {
return printPodSecurityPolicy(&policy.PodSecurityPolicy{}, printers.GenerateOptions{})
},
},
{
name: "NetworkPolicy",
printer: func() ([]metav1.TableRow, error) {

19
pkg/registry/policy/podsecuritypolicy/doc.go
View File

@ -1,19 +0,0 @@
/*
Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package podsecuritypolicy provides Registry interface and its REST
// implementation for storing PodSecurityPolicy api objects.
package podsecuritypolicy // import "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy"

60
pkg/registry/policy/podsecuritypolicy/storage/storage.go
View File

@ -1,60 +0,0 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package storage
import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/registry/generic"
genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/printers"
printersinternal "k8s.io/kubernetes/pkg/printers/internalversion"
printerstorage "k8s.io/kubernetes/pkg/printers/storage"
"k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy"
)
// REST implements a RESTStorage for PodSecurityPolicies.
type REST struct {
*genericregistry.Store
}
// NewREST returns a RESTStorage object that will work against PodSecurityPolicy objects.
func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) {
store := &genericregistry.Store{
NewFunc: func() runtime.Object { return &policy.PodSecurityPolicy{} },
NewListFunc: func() runtime.Object { return &policy.PodSecurityPolicyList{} },
DefaultQualifiedResource: policy.Resource("podsecuritypolicies"),
SingularQualifiedResource: policy.Resource("podsecuritypolicy"),
CreateStrategy: podsecuritypolicy.Strategy,
UpdateStrategy: podsecuritypolicy.Strategy,
DeleteStrategy: podsecuritypolicy.Strategy,
ReturnDeletedObject: true,
TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)},
}
options := &generic.StoreOptions{RESTOptions: optsGetter}
if err := store.CompleteWithOptions(options); err != nil {
return nil, err
}
return &REST{store}, nil
}
// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource.
func (r *REST) ShortNames() []string {
return []string{"psp"}
}

156
pkg/registry/policy/podsecuritypolicy/storage/storage_test.go
View File

@ -1,156 +0,0 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package storage
import (
"testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/kubernetes/pkg/apis/policy"
// Ensure that policy/v1beta1 package is initialized.
_ "k8s.io/api/policy/v1beta1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/registry/generic"
genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing"
etcd3testing "k8s.io/apiserver/pkg/storage/etcd3/testing"
"k8s.io/kubernetes/pkg/registry/registrytest"
)
func newStorage(t *testing.T) (*REST, *etcd3testing.EtcdTestServer) {
etcdStorage, server := registrytest.NewEtcdStorage(t, "policy")
restOptions := generic.RESTOptions{
StorageConfig: etcdStorage,
Decorator: generic.UndecoratedStorage,
DeleteCollectionWorkers: 1,
ResourcePrefix: "podsecuritypolicies",
}
rest, err := NewREST(restOptions)
if err != nil {
t.Fatalf("unexpected error from REST storage: %v", err)
}
return rest, server
}
func validNewPodSecurityPolicy() *policy.PodSecurityPolicy {
return &policy.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "foo",
},
Spec: policy.PodSecurityPolicySpec{
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyRunAsAny,
},
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyRunAsAny,
},
RunAsGroup: &policy.RunAsGroupStrategyOptions{
Rule: policy.RunAsGroupStrategyRunAsAny,
},
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyRunAsAny,
},
SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
Rule: policy.SupplementalGroupsStrategyRunAsAny,
},
},
}
}
func TestCreate(t *testing.T) {
storage, server := newStorage(t)
defer server.Terminate(t)
defer storage.Store.DestroyFunc()
test := genericregistrytest.New(t, storage.Store).ClusterScope()
psp := validNewPodSecurityPolicy()
psp.ObjectMeta = metav1.ObjectMeta{GenerateName: "foo-"}
test.TestCreate(
// valid
psp,
// invalid
&policy.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{Name: "name with spaces"},
},
)
}
func TestUpdate(t *testing.T) {
storage, server := newStorage(t)
defer server.Terminate(t)
defer storage.Store.DestroyFunc()
test := genericregistrytest.New(t, storage.Store).ClusterScope()
test.TestUpdate(
// valid
validNewPodSecurityPolicy(),
// updateFunc
func(obj runtime.Object) runtime.Object {
object := obj.(*policy.PodSecurityPolicy)
object.Labels = map[string]string{"a": "b"}
return object
},
)
}
func TestDelete(t *testing.T) {
storage, server := newStorage(t)
defer server.Terminate(t)
defer storage.Store.DestroyFunc()
test := genericregistrytest.New(t, storage.Store).ClusterScope().ReturnDeletedObject()
test.TestDelete(validNewPodSecurityPolicy())
}
func TestGet(t *testing.T) {
storage, server := newStorage(t)
defer server.Terminate(t)
defer storage.Store.DestroyFunc()
test := genericregistrytest.New(t, storage.Store).ClusterScope()
test.TestGet(validNewPodSecurityPolicy())
}
func TestList(t *testing.T) {
storage, server := newStorage(t)
defer server.Terminate(t)
defer storage.Store.DestroyFunc()
test := genericregistrytest.New(t, storage.Store).ClusterScope()
test.TestList(validNewPodSecurityPolicy())
}
func TestWatch(t *testing.T) {
storage, server := newStorage(t)
defer server.Terminate(t)
defer storage.Store.DestroyFunc()
test := genericregistrytest.New(t, storage.Store).ClusterScope()
test.TestWatch(
validNewPodSecurityPolicy(),
// matching labels
[]labels.Set{},
// not matching labels
[]labels.Set{
{"foo": "bar"},
},
// matching fields
[]fields.Set{
{"metadata.name": "foo"},
},
// not matching fields
[]fields.Set{
{"metadata.name": "bar"},
{"name": "foo"},
},
)
}

88
pkg/registry/policy/podsecuritypolicy/strategy.go
View File

@ -1,88 +0,0 @@
/*
Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package podsecuritypolicy
import (
"context"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/apiserver/pkg/registry/rest"
"k8s.io/apiserver/pkg/storage/names"
"k8s.io/kubernetes/pkg/api/legacyscheme"
psputil "k8s.io/kubernetes/pkg/api/podsecuritypolicy"
"k8s.io/kubernetes/pkg/apis/policy"
"k8s.io/kubernetes/pkg/apis/policy/validation"
)
// strategy implements behavior for PodSecurityPolicy objects
type strategy struct {
runtime.ObjectTyper
names.NameGenerator
}
// Strategy is the default logic that applies when creating and updating PodSecurityPolicy
// objects via the REST API.
var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator}
var _ = rest.RESTCreateStrategy(Strategy)
var _ = rest.RESTUpdateStrategy(Strategy)
func (strategy) NamespaceScoped() bool {
return false
}
func (strategy) AllowCreateOnUpdate() bool {
return false
}
func (strategy) AllowUnconditionalUpdate() bool {
return true
}
func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
psp := obj.(*policy.PodSecurityPolicy)
psputil.DropDisabledFields(&psp.Spec, nil)
}
func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
newPsp := obj.(*policy.PodSecurityPolicy)
oldPsp := old.(*policy.PodSecurityPolicy)
psputil.DropDisabledFields(&newPsp.Spec, &oldPsp.Spec)
}
func (strategy) Canonicalize(obj runtime.Object) {
}
func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy))
}
// WarningsOnCreate returns warnings for the creation of the given object.
func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil }
func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy))
}
// WarningsOnUpdate returns warnings for the given update.
func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string {
return nil
}

104
pkg/registry/policy/podsecuritypolicy/strategy_test.go
View File

@ -1,104 +0,0 @@
/*
Copyright 2021 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package podsecuritypolicy
import (
"context"
"fmt"
"testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/apis/policy"
)
func TestAllowEphemeralVolumeType(t *testing.T) {
pspWithoutGenericVolume := func() *policy.PodSecurityPolicy {
return &policy.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "psp",
ResourceVersion: "1",
},
Spec: policy.PodSecurityPolicySpec{
RunAsUser: policy.RunAsUserStrategyOptions{
Rule: policy.RunAsUserStrategyMustRunAs,
},
SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
Rule: policy.SupplementalGroupsStrategyMustRunAs,
},
SELinux: policy.SELinuxStrategyOptions{
Rule: policy.SELinuxStrategyMustRunAs,
},
FSGroup: policy.FSGroupStrategyOptions{
Rule: policy.FSGroupStrategyMustRunAs,
},
},
}
}
pspWithGenericVolume := func() *policy.PodSecurityPolicy {
psp := pspWithoutGenericVolume()
psp.Spec.Volumes = append(psp.Spec.Volumes, policy.Ephemeral)
return psp
}
pspNil := func() *policy.PodSecurityPolicy {
return nil
}
pspInfo := []struct {
description string
hasGenericVolume bool
psp func() *policy.PodSecurityPolicy
}{
{
description: "PodSecurityPolicySpec Without GenericVolume",
hasGenericVolume: false,
psp: pspWithoutGenericVolume,
},
{
description: "PodSecurityPolicySpec With GenericVolume",
hasGenericVolume: true,
psp: pspWithGenericVolume,
},
{
description: "is nil",
hasGenericVolume: false,
psp: pspNil,
},
}
for _, oldPSPInfo := range pspInfo {
for _, newPSPInfo := range pspInfo {
oldPSP := oldPSPInfo.psp()
newPSP := newPSPInfo.psp()
if newPSP == nil {
continue
}
t.Run(fmt.Sprintf("old PodSecurityPolicySpec %v, new PodSecurityPolicySpec %v", oldPSPInfo.description, newPSPInfo.description), func(t *testing.T) {
var errs field.ErrorList
if oldPSP == nil {
errs = Strategy.Validate(context.Background(), newPSP)
} else {
errs = Strategy.ValidateUpdate(context.Background(), newPSP, oldPSP)
}
if len(errs) > 0 {
t.Errorf("expected no errors, got: %v", errs)
}
})
}
}
}

9
pkg/registry/policy/rest/storage_policy.go
View File

@ -26,7 +26,6 @@ import (
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/apis/policy"
poddisruptionbudgetstore "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage"
pspstore "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage"
)
type RESTStorageProvider struct{}
@ -64,14 +63,6 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorag
storage[resource+"/status"] = poddisruptionbudgetStatusStorage
}
if resource := "podsecuritypolicies"; apiResourceConfigSource.ResourceEnabled(policyapiv1beta1.SchemeGroupVersion.WithResource(resource)) {
rest, err := pspstore.NewREST(restOptionsGetter)
if err != nil {
return storage, err
}
storage[resource] = rest
}
return storage, nil
}

4334
staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go generated
View File

File diff suppressed because it is too large Load Diff

287
staging/src/k8s.io/api/extensions/v1beta1/generated.proto
View File

@ -30,37 +30,6 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "k8s.io/api/extensions/v1beta1";
// AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
message AllowedCSIDriver {
// Name is the registered name of the CSI driver
optional string name = 1;
}
// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
// Deprecated: use AllowedFlexVolume from policy API Group instead.
message AllowedFlexVolume {
// driver is the name of the Flexvolume driver.
optional string driver = 1;
}
// AllowedHostPath defines the host volume conditions that will be enabled by a policy
// for pods to use. It requires the path prefix to be defined.
// Deprecated: use AllowedHostPath from policy API Group instead.
message AllowedHostPath {
// pathPrefix is the path prefix that the host volume must match.
// It does not support `*`.
// Trailing slashes are trimmed when validating the path prefix with a host path.
//
// Examples:
// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
// `/foo` would not allow `/food` or `/etc/foo`
optional string pathPrefix = 1;
// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
// +optional
optional bool readOnly = 2;
}
// DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for
// more information.
// DaemonSet represents the configuration of a daemon set.
@ -398,19 +367,6 @@ message DeploymentStrategy {
optional RollingUpdateDeployment rollingUpdate = 2;
}
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
message FSGroupStrategyOptions {
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// +optional
optional string rule = 1;
// ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
// HTTPIngressPath associates a path with a backend. Incoming urls matching the
// path are forwarded to the backend.
message HTTPIngressPath {
@ -453,27 +409,6 @@ message HTTPIngressRuleValue {
repeated HTTPIngressPath paths = 1;
}
// HostPortRange defines a range of host ports that will be enabled by a policy
// for pods to use. It requires both the start and end to be defined.
// Deprecated: use HostPortRange from policy API Group instead.
message HostPortRange {
// min is the start of the range, inclusive.
optional int32 min = 1;
// max is the end of the range, inclusive.
optional int32 max = 2;
}
// IDRange provides a min/max of an allowed range of IDs.
// Deprecated: use IDRange from policy API Group instead.
message IDRange {
// min is the start of the range, inclusive.
optional int64 min = 1;
// max is the end of the range, inclusive.
optional int64 max = 2;
}
// DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock.
// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed
// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs
@ -875,164 +810,6 @@ message NetworkPolicyStatus {
repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 1;
}
// PodSecurityPolicy governs the ability to make requests that affect the Security Context
// that will be applied to a pod and container.
// Deprecated: use PodSecurityPolicy from policy API Group instead.
message PodSecurityPolicy {
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// spec defines the policy enforced.
// +optional
optional PodSecurityPolicySpec spec = 2;
}
// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
// Deprecated: use PodSecurityPolicyList from policy API Group instead.
message PodSecurityPolicyList {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is a list of schema objects.
repeated PodSecurityPolicy items = 2;
}
// PodSecurityPolicySpec defines the policy enforced.
// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
message PodSecurityPolicySpec {
// privileged determines if a pod can request to be run as privileged.
// +optional
optional bool privileged = 1;
// defaultAddCapabilities is the default set of capabilities that will be added to the container
// unless the pod spec specifically drops the capability. You may not list a capability in both
// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the allowedCapabilities list.
// +optional
repeated string defaultAddCapabilities = 2;
// requiredDropCapabilities are the capabilities that will be dropped from the container. These
// are required to be dropped and cannot be added.
// +optional
repeated string requiredDropCapabilities = 3;
// allowedCapabilities is a list of capabilities that can be requested to add to the container.
// Capabilities in this field may be added at the pod author's discretion.
// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
// +optional
repeated string allowedCapabilities = 4;
// volumes is an allowlist of volume plugins. Empty indicates that
// no volumes may be used. To allow all volumes you may use '*'.
// +optional
repeated string volumes = 5;
// hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
// +optional
optional bool hostNetwork = 6;
// hostPorts determines which host port ranges are allowed to be exposed.
// +optional
repeated HostPortRange hostPorts = 7;
// hostPID determines if the policy allows the use of HostPID in the pod spec.
// +optional
optional bool hostPID = 8;
// hostIPC determines if the policy allows the use of HostIPC in the pod spec.
// +optional
optional bool hostIPC = 9;
// seLinux is the strategy that will dictate the allowable labels that may be set.
optional SELinuxStrategyOptions seLinux = 10;
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
optional RunAsUserStrategyOptions runAsUser = 11;
// RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
// If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
// RunAsGroup feature gate to be enabled.
// +optional
optional RunAsGroupStrategyOptions runAsGroup = 22;
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
optional SupplementalGroupsStrategyOptions supplementalGroups = 12;
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
optional FSGroupStrategyOptions fsGroup = 13;
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
// system. If the container specifically requests to run with a non-read only root file system
// the PSP should deny the pod.
// If set to false the container may run with a read only root file system if it wishes but it
// will not be forced to.
// +optional
optional bool readOnlyRootFilesystem = 14;
// defaultAllowPrivilegeEscalation controls the default setting for whether a
// process can gain more privileges than its parent process.
// +optional
optional bool defaultAllowPrivilegeEscalation = 15;
// allowPrivilegeEscalation determines if a pod can request to allow
// privilege escalation. If unspecified, defaults to true.
// +optional
optional bool allowPrivilegeEscalation = 16;
// allowedHostPaths is an allowlist of host paths. Empty indicates
// that all host paths may be used.
// +optional
repeated AllowedHostPath allowedHostPaths = 17;
// allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all
// Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
// is allowed in the "volumes" field.
// +optional
repeated AllowedFlexVolume allowedFlexVolumes = 18;
// AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
// An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
// +optional
repeated AllowedCSIDriver allowedCSIDrivers = 23;
// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
// Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
//
// Examples:
// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
// +optional
repeated string allowedUnsafeSysctls = 19;
// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
//
// Examples:
// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
// +optional
repeated string forbiddenSysctls = 20;
// AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
// Empty or nil indicates that only the DefaultProcMountType may be used.
// This requires the ProcMountType feature flag to be enabled.
// +optional
repeated string allowedProcMountTypes = 21;
// runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
// If this field is omitted, the pod's runtimeClassName field is unrestricted.
// Enforcement of this field depends on the RuntimeClass feature gate being enabled.
// +optional
optional RuntimeClassStrategyOptions runtimeClass = 24;
}
// DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for
// more information.
// ReplicaSet ensures that a specified number of pod replicas are running at any given time.
@ -1227,57 +1004,6 @@ message RollingUpdateDeployment {
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 2;
}
// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.
message RunAsGroupStrategyOptions {
// rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
optional string rule = 1;
// ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
message RunAsUserStrategyOptions {
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
optional string rule = 1;
// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}
// RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses
// for a pod.
message RuntimeClassStrategyOptions {
// allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod.
// A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the
// list. An empty list requires the RuntimeClassName field to be unset.
repeated string allowedRuntimeClassNames = 1;
// defaultRuntimeClassName is the default RuntimeClassName to set on the pod.
// The default MUST be allowed by the allowedRuntimeClassNames list.
// A value of nil does not mutate the Pod.
// +optional
optional string defaultRuntimeClassName = 2;
}
// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
message SELinuxStrategyOptions {
// rule is the strategy that will dictate the allowable labels that may be set.
optional string rule = 1;
// seLinuxOptions required to run as; required for MustRunAs
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
// +optional
optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2;
}
// represents a scaling request for a resource.
message Scale {
// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
@ -1320,16 +1046,3 @@ message ScaleStatus {
optional string targetSelector = 3;
}
// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
message SupplementalGroupsStrategyOptions {
// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// +optional
optional string rule = 1;
// ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
repeated IDRange ranges = 2;
}

2
staging/src/k8s.io/api/extensions/v1beta1/register.go
View File

@ -54,8 +54,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&IngressList{},
&ReplicaSet{},
&ReplicaSetList{},
&PodSecurityPolicy{},
&PodSecurityPolicyList{},
&NetworkPolicy{},
&NetworkPolicyList{},
)

383
staging/src/k8s.io/api/extensions/v1beta1/types.go
View File

@ -1021,389 +1021,6 @@ type ReplicaSetCondition struct {
Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
}
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.2
// +k8s:prerelease-lifecycle-gen:deprecated=1.11
// +k8s:prerelease-lifecycle-gen:removed=1.16
// +k8s:prerelease-lifecycle-gen:replacement=policy,v1beta1,PodSecurityPolicy
// PodSecurityPolicy governs the ability to make requests that affect the Security Context
// that will be applied to a pod and container.
// Deprecated: use PodSecurityPolicy from policy API Group instead.
type PodSecurityPolicy struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// spec defines the policy enforced.
// +optional
Spec PodSecurityPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
// PodSecurityPolicySpec defines the policy enforced.
// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
type PodSecurityPolicySpec struct {
// privileged determines if a pod can request to be run as privileged.
// +optional
Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"`
// defaultAddCapabilities is the default set of capabilities that will be added to the container
// unless the pod spec specifically drops the capability. You may not list a capability in both
// defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
// allowed, and need not be included in the allowedCapabilities list.
// +optional
DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty" protobuf:"bytes,2,rep,name=defaultAddCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// requiredDropCapabilities are the capabilities that will be dropped from the container. These
// are required to be dropped and cannot be added.
// +optional
RequiredDropCapabilities []v1.Capability `json:"requiredDropCapabilities,omitempty" protobuf:"bytes,3,rep,name=requiredDropCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// allowedCapabilities is a list of capabilities that can be requested to add to the container.
// Capabilities in this field may be added at the pod author's discretion.
// You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
// +optional
AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty" protobuf:"bytes,4,rep,name=allowedCapabilities,casttype=k8s.io/api/core/v1.Capability"`
// volumes is an allowlist of volume plugins. Empty indicates that
// no volumes may be used. To allow all volumes you may use '*'.
// +optional
Volumes []FSType `json:"volumes,omitempty" protobuf:"bytes,5,rep,name=volumes,casttype=FSType"`
// hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
// +optional
HostNetwork bool `json:"hostNetwork,omitempty" protobuf:"varint,6,opt,name=hostNetwork"`
// hostPorts determines which host port ranges are allowed to be exposed.
// +optional
HostPorts []HostPortRange `json:"hostPorts,omitempty" protobuf:"bytes,7,rep,name=hostPorts"`
// hostPID determines if the policy allows the use of HostPID in the pod spec.
// +optional
HostPID bool `json:"hostPID,omitempty" protobuf:"varint,8,opt,name=hostPID"`
// hostIPC determines if the policy allows the use of HostIPC in the pod spec.
// +optional
HostIPC bool `json:"hostIPC,omitempty" protobuf:"varint,9,opt,name=hostIPC"`
// seLinux is the strategy that will dictate the allowable labels that may be set.
SELinux SELinuxStrategyOptions `json:"seLinux" protobuf:"bytes,10,opt,name=seLinux"`
// runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
RunAsUser RunAsUserStrategyOptions `json:"runAsUser" protobuf:"bytes,11,opt,name=runAsUser"`
// RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
// If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
// RunAsGroup feature gate to be enabled.
// +optional
RunAsGroup *RunAsGroupStrategyOptions `json:"runAsGroup,omitempty" protobuf:"bytes,22,opt,name=runAsGroup"`
// supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
SupplementalGroups SupplementalGroupsStrategyOptions `json:"supplementalGroups" protobuf:"bytes,12,opt,name=supplementalGroups"`
// fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
FSGroup FSGroupStrategyOptions `json:"fsGroup" protobuf:"bytes,13,opt,name=fsGroup"`
// readOnlyRootFilesystem when set to true will force containers to run with a read only root file
// system. If the container specifically requests to run with a non-read only root file system
// the PSP should deny the pod.
// If set to false the container may run with a read only root file system if it wishes but it
// will not be forced to.
// +optional
ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
// defaultAllowPrivilegeEscalation controls the default setting for whether a
// process can gain more privileges than its parent process.
// +optional
DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
// allowPrivilegeEscalation determines if a pod can request to allow
// privilege escalation. If unspecified, defaults to true.
// +optional
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`
// allowedHostPaths is an allowlist of host paths. Empty indicates
// that all host paths may be used.
// +optional
AllowedHostPaths []AllowedHostPath `json:"allowedHostPaths,omitempty" protobuf:"bytes,17,rep,name=allowedHostPaths"`
// allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all
// Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes
// is allowed in the "volumes" field.
// +optional
AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"`
// AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
// An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
// +optional
AllowedCSIDrivers []AllowedCSIDriver `json:"allowedCSIDrivers,omitempty" protobuf:"bytes,23,rep,name=allowedCSIDrivers"`
// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
// Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
//
// Examples:
// e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
// e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
// +optional
AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,19,rep,name=allowedUnsafeSysctls"`
// forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
// Each entry is either a plain sysctl name or ends in "*" in which case it is considered
// as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
//
// Examples:
// e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
// e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
// +optional
ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,20,rep,name=forbiddenSysctls"`
// AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
// Empty or nil indicates that only the DefaultProcMountType may be used.
// This requires the ProcMountType feature flag to be enabled.
// +optional
AllowedProcMountTypes []v1.ProcMountType `json:"allowedProcMountTypes,omitempty" protobuf:"bytes,21,opt,name=allowedProcMountTypes"`
// runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
// If this field is omitted, the pod's runtimeClassName field is unrestricted.
// Enforcement of this field depends on the RuntimeClass feature gate being enabled.
// +optional
RuntimeClass *RuntimeClassStrategyOptions `json:"runtimeClass,omitempty" protobuf:"bytes,24,opt,name=runtimeClass"`
}
// AllowedHostPath defines the host volume conditions that will be enabled by a policy
// for pods to use. It requires the path prefix to be defined.
// Deprecated: use AllowedHostPath from policy API Group instead.
type AllowedHostPath struct {
// pathPrefix is the path prefix that the host volume must match.
// It does not support `*`.
// Trailing slashes are trimmed when validating the path prefix with a host path.
//
// Examples:
// `/foo` would allow `/foo`, `/foo/` and `/foo/bar`
// `/foo` would not allow `/food` or `/etc/foo`
PathPrefix string `json:"pathPrefix,omitempty" protobuf:"bytes,1,rep,name=pathPrefix"`
// when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
// +optional
ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,2,opt,name=readOnly"`
}
// FSType gives strong typing to different file systems that are used by volumes.
// Deprecated: use FSType from policy API Group instead.
type FSType string
const (
AzureFile FSType = "azureFile"
Flocker FSType = "flocker"
FlexVolume FSType = "flexVolume"
HostPath FSType = "hostPath"
EmptyDir FSType = "emptyDir"
GCEPersistentDisk FSType = "gcePersistentDisk"
AWSElasticBlockStore FSType = "awsElasticBlockStore"
GitRepo FSType = "gitRepo"
Secret FSType = "secret"
NFS FSType = "nfs"
ISCSI FSType = "iscsi"
Glusterfs FSType = "glusterfs"
PersistentVolumeClaim FSType = "persistentVolumeClaim"
RBD FSType = "rbd"
Cinder FSType = "cinder"
CephFS FSType = "cephFS"
DownwardAPI FSType = "downwardAPI"
FC FSType = "fc"
ConfigMap FSType = "configMap"
Quobyte FSType = "quobyte"
AzureDisk FSType = "azureDisk"
CSI FSType = "csi"
All FSType = "*"
)
// AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
// Deprecated: use AllowedFlexVolume from policy API Group instead.
type AllowedFlexVolume struct {
// driver is the name of the Flexvolume driver.
Driver string `json:"driver" protobuf:"bytes,1,opt,name=driver"`
}
// AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
type AllowedCSIDriver struct {
// Name is the registered name of the CSI driver
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
}
// HostPortRange defines a range of host ports that will be enabled by a policy
// for pods to use. It requires both the start and end to be defined.
// Deprecated: use HostPortRange from policy API Group instead.
type HostPortRange struct {
// min is the start of the range, inclusive.
Min int32 `json:"min" protobuf:"varint,1,opt,name=min"`
// max is the end of the range, inclusive.
Max int32 `json:"max" protobuf:"varint,2,opt,name=max"`
}
// SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
type SELinuxStrategyOptions struct {
// rule is the strategy that will dictate the allowable labels that may be set.
Rule SELinuxStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=SELinuxStrategy"`
// seLinuxOptions required to run as; required for MustRunAs
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
// +optional
SELinuxOptions *v1.SELinuxOptions `json:"seLinuxOptions,omitempty" protobuf:"bytes,2,opt,name=seLinuxOptions"`
}
// SELinuxStrategy denotes strategy types for generating SELinux options for a
// Security Context.
// Deprecated: use SELinuxStrategy from policy API Group instead.
type SELinuxStrategy string
const (
// SELinuxStrategyMustRunAs means that container must have SELinux labels of X applied.
// Deprecated: use SELinuxStrategyMustRunAs from policy API Group instead.
SELinuxStrategyMustRunAs SELinuxStrategy = "MustRunAs"
// SELinuxStrategyRunAsAny means that container may make requests for any SELinux context labels.
// Deprecated: use SELinuxStrategyRunAsAny from policy API Group instead.
SELinuxStrategyRunAsAny SELinuxStrategy = "RunAsAny"
)
// RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
type RunAsUserStrategyOptions struct {
// rule is the strategy that will dictate the allowable RunAsUser values that may be set.
Rule RunAsUserStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsUserStrategy"`
// ranges are the allowed ranges of uids that may be used. If you would like to force a single uid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
// Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.
type RunAsGroupStrategyOptions struct {
// rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
Rule RunAsGroupStrategy `json:"rule" protobuf:"bytes,1,opt,name=rule,casttype=RunAsGroupStrategy"`
// ranges are the allowed ranges of gids that may be used. If you would like to force a single gid
// then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// IDRange provides a min/max of an allowed range of IDs.
// Deprecated: use IDRange from policy API Group instead.
type IDRange struct {
// min is the start of the range, inclusive.
Min int64 `json:"min" protobuf:"varint,1,opt,name=min"`
// max is the end of the range, inclusive.
Max int64 `json:"max" protobuf:"varint,2,opt,name=max"`
}
// RunAsUserStrategy denotes strategy types for generating RunAsUser values for a
// Security Context.
// Deprecated: use RunAsUserStrategy from policy API Group instead.
type RunAsUserStrategy string
const (
// RunAsUserStrategyMustRunAs means that container must run as a particular uid.
// Deprecated: use RunAsUserStrategyMustRunAs from policy API Group instead.
RunAsUserStrategyMustRunAs RunAsUserStrategy = "MustRunAs"
// RunAsUserStrategyMustRunAsNonRoot means that container must run as a non-root uid.
// Deprecated: use RunAsUserStrategyMustRunAsNonRoot from policy API Group instead.
RunAsUserStrategyMustRunAsNonRoot RunAsUserStrategy = "MustRunAsNonRoot"
// RunAsUserStrategyRunAsAny means that container may make requests for any uid.
// Deprecated: use RunAsUserStrategyRunAsAny from policy API Group instead.
RunAsUserStrategyRunAsAny RunAsUserStrategy = "RunAsAny"
)
// RunAsGroupStrategy denotes strategy types for generating RunAsGroup values for a
// Security Context.
// Deprecated: use RunAsGroupStrategy from policy API Group instead.
type RunAsGroupStrategy string
const (
// RunAsGroupStrategyMayRunAs means that container does not need to run with a particular gid.
// However, when RunAsGroup are specified, they have to fall in the defined range.
RunAsGroupStrategyMayRunAs RunAsGroupStrategy = "MayRunAs"
// RunAsGroupStrategyMustRunAs means that container must run as a particular gid.
// Deprecated: use RunAsGroupStrategyMustRunAs from policy API Group instead.
RunAsGroupStrategyMustRunAs RunAsGroupStrategy = "MustRunAs"
// RunAsGroupStrategyRunAsAny means that container may make requests for any gid.
// Deprecated: use RunAsGroupStrategyRunAsAny from policy API Group instead.
RunAsGroupStrategyRunAsAny RunAsGroupStrategy = "RunAsAny"
)
// FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
type FSGroupStrategyOptions struct {
// rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
// +optional
Rule FSGroupStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=FSGroupStrategyType"`
// ranges are the allowed ranges of fs groups. If you would like to force a single
// fs group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// FSGroupStrategyType denotes strategy types for generating FSGroup values for a
// SecurityContext
// Deprecated: use FSGroupStrategyType from policy API Group instead.
type FSGroupStrategyType string
const (
// FSGroupStrategyMustRunAs meant that container must have FSGroup of X applied.
// Deprecated: use FSGroupStrategyMustRunAs from policy API Group instead.
FSGroupStrategyMustRunAs FSGroupStrategyType = "MustRunAs"
// FSGroupStrategyRunAsAny means that container may make requests for any FSGroup labels.
// Deprecated: use FSGroupStrategyRunAsAny from policy API Group instead.
FSGroupStrategyRunAsAny FSGroupStrategyType = "RunAsAny"
)
// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
type SupplementalGroupsStrategyOptions struct {
// rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
// +optional
Rule SupplementalGroupsStrategyType `json:"rule,omitempty" protobuf:"bytes,1,opt,name=rule,casttype=SupplementalGroupsStrategyType"`
// ranges are the allowed ranges of supplemental groups. If you would like to force a single
// supplemental group then supply a single range with the same start and end. Required for MustRunAs.
// +optional
Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"`
}
// SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental
// groups for a SecurityContext.
// Deprecated: use SupplementalGroupsStrategyType from policy API Group instead.
type SupplementalGroupsStrategyType string
const (
// SupplementalGroupsStrategyMustRunAs means that container must run as a particular gid.
// Deprecated: use SupplementalGroupsStrategyMustRunAs from policy API Group instead.
SupplementalGroupsStrategyMustRunAs SupplementalGroupsStrategyType = "MustRunAs"
// SupplementalGroupsStrategyRunAsAny means that container may make requests for any gid.
// Deprecated: use SupplementalGroupsStrategyRunAsAny from policy API Group instead.
SupplementalGroupsStrategyRunAsAny SupplementalGroupsStrategyType = "RunAsAny"
)
// RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses
// for a pod.
type RuntimeClassStrategyOptions struct {
// allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod.
// A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the
// list. An empty list requires the RuntimeClassName field to be unset.
AllowedRuntimeClassNames []string `json:"allowedRuntimeClassNames" protobuf:"bytes,1,rep,name=allowedRuntimeClassNames"`
// defaultRuntimeClassName is the default RuntimeClassName to set on the pod.
// The default MUST be allowed by the allowedRuntimeClassNames list.
// A value of nil does not mutate the Pod.
// +optional
DefaultRuntimeClassName *string `json:"defaultRuntimeClassName,omitempty" protobuf:"bytes,2,opt,name=defaultRuntimeClassName"`
}
// AllowAllRuntimeClassNames can be used as a value for the
// RuntimeClassStrategyOptions.AllowedRuntimeClassNames field and means that any RuntimeClassName is
// allowed.
const AllowAllRuntimeClassNames = "*"
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.2
// +k8s:prerelease-lifecycle-gen:deprecated=1.11
// +k8s:prerelease-lifecycle-gen:removed=1.16
// +k8s:prerelease-lifecycle-gen:replacement=policy,v1beta1,PodSecurityPolicyList
// PodSecurityPolicyList is a list of PodSecurityPolicy objects.
// Deprecated: use PodSecurityPolicyList from policy API Group instead.
type PodSecurityPolicyList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// items is a list of schema objects.
Items []PodSecurityPolicy `json:"items" protobuf:"bytes,2,rep,name=items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.3

160
staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go generated
View File

@ -27,34 +27,6 @@ package v1beta1
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_AllowedCSIDriver = map[string]string{
"": "AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.",
"name": "Name is the registered name of the CSI driver",
}
func (AllowedCSIDriver) SwaggerDoc() map[string]string {
return map_AllowedCSIDriver
}
var map_AllowedFlexVolume = map[string]string{
"": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used. Deprecated: use AllowedFlexVolume from policy API Group instead.",
"driver": "driver is the name of the Flexvolume driver.",
}
func (AllowedFlexVolume) SwaggerDoc() map[string]string {
return map_AllowedFlexVolume
}
var map_AllowedHostPath = map[string]string{
"": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined. Deprecated: use AllowedHostPath from policy API Group instead.",
"pathPrefix": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`",
"readOnly": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.",
}
func (AllowedHostPath) SwaggerDoc() map[string]string {
return map_AllowedHostPath
}
var map_DaemonSet = map[string]string{
"": "DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for more information. DaemonSet represents the configuration of a daemon set.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@ -220,16 +192,6 @@ func (DeploymentStrategy) SwaggerDoc() map[string]string {
return map_DeploymentStrategy
}
var map_FSGroupStrategyOptions = map[string]string{
"": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use FSGroupStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext.",
"ranges": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.",
}
func (FSGroupStrategyOptions) SwaggerDoc() map[string]string {
return map_FSGroupStrategyOptions
}
var map_HTTPIngressPath = map[string]string{
"": "HTTPIngressPath associates a path with a backend. Incoming urls matching the path are forwarded to the backend.",
"path": "Path is matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/'. When unspecified, all paths from incoming requests are matched.",
@ -250,26 +212,6 @@ func (HTTPIngressRuleValue) SwaggerDoc() map[string]string {
return map_HTTPIngressRuleValue
}
var map_HostPortRange = map[string]string{
"": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined. Deprecated: use HostPortRange from policy API Group instead.",
"min": "min is the start of the range, inclusive.",
"max": "max is the end of the range, inclusive.",
}
func (HostPortRange) SwaggerDoc() map[string]string {
return map_HostPortRange
}
var map_IDRange = map[string]string{
"": "IDRange provides a min/max of an allowed range of IDs. Deprecated: use IDRange from policy API Group instead.",
"min": "min is the start of the range, inclusive.",
"max": "max is the end of the range, inclusive.",
}
func (IDRange) SwaggerDoc() map[string]string {
return map_IDRange
}
var map_IPBlock = map[string]string{
"": "DEPRECATED 1.9 - This group version of IPBlock is deprecated by networking/v1/IPBlock. IPBlock describes a particular CIDR (Ex. \"192.168.1.0/24\",\"2001:db8::/64\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.0/24\" or \"2001:db8::/64\"",
@ -476,58 +418,6 @@ func (NetworkPolicyStatus) SwaggerDoc() map[string]string {
return map_NetworkPolicyStatus
}
var map_PodSecurityPolicy = map[string]string{
"": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated: use PodSecurityPolicy from policy API Group instead.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
"spec": "spec defines the policy enforced.",
}
func (PodSecurityPolicy) SwaggerDoc() map[string]string {
return map_PodSecurityPolicy
}
var map_PodSecurityPolicyList = map[string]string{
"": "PodSecurityPolicyList is a list of PodSecurityPolicy objects. Deprecated: use PodSecurityPolicyList from policy API Group instead.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
"items": "items is a list of schema objects.",
}
func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
return map_PodSecurityPolicyList
}
var map_PodSecurityPolicySpec = map[string]string{
"": "PodSecurityPolicySpec defines the policy enforced. Deprecated: use PodSecurityPolicySpec from policy API Group instead.",
"privileged": "privileged determines if a pod can request to be run as privileged.",
"defaultAddCapabilities": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.",
"requiredDropCapabilities": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
"allowedCapabilities": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.",
"volumes": "volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
"hostNetwork": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.",
"hostPorts": "hostPorts determines which host port ranges are allowed to be exposed.",
"hostPID": "hostPID determines if the policy allows the use of HostPID in the pod spec.",
"hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.",
"seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.",
"runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.",
"runAsGroup": "RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.",
"supplementalGroups": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
"fsGroup": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
"readOnlyRootFilesystem": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
"defaultAllowPrivilegeEscalation": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.",
"allowPrivilegeEscalation": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
"allowedHostPaths": "allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used.",
"allowedFlexVolumes": "allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
"allowedCSIDrivers": "AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes.",
"allowedUnsafeSysctls": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
"forbiddenSysctls": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
"allowedProcMountTypes": "AllowedProcMountTypes is an allowlist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",
"runtimeClass": "runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.",
}
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
return map_PodSecurityPolicySpec
}
var map_ReplicaSet = map[string]string{
"": "DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for more information. ReplicaSet ensures that a specified number of pod replicas are running at any given time.",
"metadata": "If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@ -617,46 +507,6 @@ func (RollingUpdateDeployment) SwaggerDoc() map[string]string {
return map_RollingUpdateDeployment
}
var map_RunAsGroupStrategyOptions = map[string]string{
"": "RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsGroupStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate the allowable RunAsGroup values that may be set.",
"ranges": "ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.",
}
func (RunAsGroupStrategyOptions) SwaggerDoc() map[string]string {
return map_RunAsGroupStrategyOptions
}
var map_RunAsUserStrategyOptions = map[string]string{
"": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate the allowable RunAsUser values that may be set.",
"ranges": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.",
}
func (RunAsUserStrategyOptions) SwaggerDoc() map[string]string {
return map_RunAsUserStrategyOptions
}
var map_RuntimeClassStrategyOptions = map[string]string{
"": "RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.",
"allowedRuntimeClassNames": "allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.",
"defaultRuntimeClassName": "defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.",
}
func (RuntimeClassStrategyOptions) SwaggerDoc() map[string]string {
return map_RuntimeClassStrategyOptions
}
var map_SELinuxStrategyOptions = map[string]string{
"": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use SELinuxStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate the allowable labels that may be set.",
"seLinuxOptions": "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/",
}
func (SELinuxStrategyOptions) SwaggerDoc() map[string]string {
return map_SELinuxStrategyOptions
}
var map_Scale = map[string]string{
"": "represents a scaling request for a resource.",
"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
@ -688,14 +538,4 @@ func (ScaleStatus) SwaggerDoc() map[string]string {
return map_ScaleStatus
}
var map_SupplementalGroupsStrategyOptions = map[string]string{
"": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.",
"rule": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.",
"ranges": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.",
}
func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string {
return map_SupplementalGroupsStrategyOptions
}
// AUTO-GENERATED FUNCTIONS END HERE

366
staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go generated
View File

@ -28,54 +28,6 @@ import (
intstr "k8s.io/apimachinery/pkg/util/intstr"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AllowedCSIDriver) DeepCopyInto(out *AllowedCSIDriver) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedCSIDriver.
func (in *AllowedCSIDriver) DeepCopy() *AllowedCSIDriver {
if in == nil {
return nil
}
out := new(AllowedCSIDriver)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AllowedFlexVolume) DeepCopyInto(out *AllowedFlexVolume) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedFlexVolume.
func (in *AllowedFlexVolume) DeepCopy() *AllowedFlexVolume {
if in == nil {
return nil
}
out := new(AllowedFlexVolume)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AllowedHostPath) DeepCopyInto(out *AllowedHostPath) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedHostPath.
func (in *AllowedHostPath) DeepCopy() *AllowedHostPath {
if in == nil {
return nil
}
out := new(AllowedHostPath)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DaemonSet) DeepCopyInto(out *DaemonSet) {
*out = *in
@ -435,27 +387,6 @@ func (in *DeploymentStrategy) DeepCopy() *DeploymentStrategy {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FSGroupStrategyOptions) DeepCopyInto(out *FSGroupStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]IDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FSGroupStrategyOptions.
func (in *FSGroupStrategyOptions) DeepCopy() *FSGroupStrategyOptions {
if in == nil {
return nil
}
out := new(FSGroupStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPIngressPath) DeepCopyInto(out *HTTPIngressPath) {
*out = *in
@ -501,38 +432,6 @@ func (in *HTTPIngressRuleValue) DeepCopy() *HTTPIngressRuleValue {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HostPortRange) DeepCopyInto(out *HostPortRange) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPortRange.
func (in *HostPortRange) DeepCopy() *HostPortRange {
if in == nil {
return nil
}
out := new(HostPortRange)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IDRange) DeepCopyInto(out *IDRange) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDRange.
func (in *IDRange) DeepCopy() *IDRange {
if in == nil {
return nil
}
out := new(IDRange)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
*out = *in
@ -1062,161 +961,6 @@ func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicy.
func (in *PodSecurityPolicy) DeepCopy() *PodSecurityPolicy {
if in == nil {
return nil
}
out := new(PodSecurityPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PodSecurityPolicy) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityPolicyList) DeepCopyInto(out *PodSecurityPolicyList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]PodSecurityPolicy, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicyList.
func (in *PodSecurityPolicyList) DeepCopy() *PodSecurityPolicyList {
if in == nil {
return nil
}
out := new(PodSecurityPolicyList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *PodSecurityPolicyList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
*out = *in
if in.DefaultAddCapabilities != nil {
in, out := &in.DefaultAddCapabilities, &out.DefaultAddCapabilities
*out = make([]corev1.Capability, len(*in))
copy(*out, *in)
}
if in.RequiredDropCapabilities != nil {
in, out := &in.RequiredDropCapabilities, &out.RequiredDropCapabilities
*out = make([]corev1.Capability, len(*in))
copy(*out, *in)
}
if in.AllowedCapabilities != nil {
in, out := &in.AllowedCapabilities, &out.AllowedCapabilities
*out = make([]corev1.Capability, len(*in))
copy(*out, *in)
}
if in.Volumes != nil {
in, out := &in.Volumes, &out.Volumes
*out = make([]FSType, len(*in))
copy(*out, *in)
}
if in.HostPorts != nil {
in, out := &in.HostPorts, &out.HostPorts
*out = make([]HostPortRange, len(*in))
copy(*out, *in)
}
in.SELinux.DeepCopyInto(&out.SELinux)
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
if in.RunAsGroup != nil {
in, out := &in.RunAsGroup, &out.RunAsGroup
*out = new(RunAsGroupStrategyOptions)
(*in).DeepCopyInto(*out)
}
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
in.FSGroup.DeepCopyInto(&out.FSGroup)
if in.DefaultAllowPrivilegeEscalation != nil {
in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
*out = new(bool)
**out = **in
}
if in.AllowPrivilegeEscalation != nil {
in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation
*out = new(bool)
**out = **in
}
if in.AllowedHostPaths != nil {
in, out := &in.AllowedHostPaths, &out.AllowedHostPaths
*out = make([]AllowedHostPath, len(*in))
copy(*out, *in)
}
if in.AllowedFlexVolumes != nil {
in, out := &in.AllowedFlexVolumes, &out.AllowedFlexVolumes
*out = make([]AllowedFlexVolume, len(*in))
copy(*out, *in)
}
if in.AllowedCSIDrivers != nil {
in, out := &in.AllowedCSIDrivers, &out.AllowedCSIDrivers
*out = make([]AllowedCSIDriver, len(*in))
copy(*out, *in)
}
if in.AllowedUnsafeSysctls != nil {
in, out := &in.AllowedUnsafeSysctls, &out.AllowedUnsafeSysctls
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.ForbiddenSysctls != nil {
in, out := &in.ForbiddenSysctls, &out.ForbiddenSysctls
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedProcMountTypes != nil {
in, out := &in.AllowedProcMountTypes, &out.AllowedProcMountTypes
*out = make([]corev1.ProcMountType, len(*in))
copy(*out, *in)
}
if in.RuntimeClass != nil {
in, out := &in.RuntimeClass, &out.RuntimeClass
*out = new(RuntimeClassStrategyOptions)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodSecurityPolicySpec.
func (in *PodSecurityPolicySpec) DeepCopy() *PodSecurityPolicySpec {
if in == nil {
return nil
}
out := new(PodSecurityPolicySpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ReplicaSet) DeepCopyInto(out *ReplicaSet) {
*out = *in
@ -1413,95 +1157,6 @@ func (in *RollingUpdateDeployment) DeepCopy() *RollingUpdateDeployment {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RunAsGroupStrategyOptions) DeepCopyInto(out *RunAsGroupStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]IDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsGroupStrategyOptions.
func (in *RunAsGroupStrategyOptions) DeepCopy() *RunAsGroupStrategyOptions {
if in == nil {
return nil
}
out := new(RunAsGroupStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RunAsUserStrategyOptions) DeepCopyInto(out *RunAsUserStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]IDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RunAsUserStrategyOptions.
func (in *RunAsUserStrategyOptions) DeepCopy() *RunAsUserStrategyOptions {
if in == nil {
return nil
}
out := new(RunAsUserStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RuntimeClassStrategyOptions) DeepCopyInto(out *RuntimeClassStrategyOptions) {
*out = *in
if in.AllowedRuntimeClassNames != nil {
in, out := &in.AllowedRuntimeClassNames, &out.AllowedRuntimeClassNames
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DefaultRuntimeClassName != nil {
in, out := &in.DefaultRuntimeClassName, &out.DefaultRuntimeClassName
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuntimeClassStrategyOptions.
func (in *RuntimeClassStrategyOptions) DeepCopy() *RuntimeClassStrategyOptions {
if in == nil {
return nil
}
out := new(RuntimeClassStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SELinuxStrategyOptions) DeepCopyInto(out *SELinuxStrategyOptions) {
*out = *in
if in.SELinuxOptions != nil {
in, out := &in.SELinuxOptions, &out.SELinuxOptions
*out = new(corev1.SELinuxOptions)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxStrategyOptions.
func (in *SELinuxStrategyOptions) DeepCopy() *SELinuxStrategyOptions {
if in == nil {
return nil
}
out := new(SELinuxStrategyOptions)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Scale) DeepCopyInto(out *Scale) {
*out = *in
@ -1568,24 +1223,3 @@ func (in *ScaleStatus) DeepCopy() *ScaleStatus {
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SupplementalGroupsStrategyOptions) DeepCopyInto(out *SupplementalGroupsStrategyOptions) {
*out = *in
if in.Ranges != nil {
in, out := &in.Ranges, &out.Ranges
*out = make([]IDRange, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SupplementalGroupsStrategyOptions.
func (in *SupplementalGroupsStrategyOptions) DeepCopy() *SupplementalGroupsStrategyOptions {
if in == nil {
return nil
}
out := new(SupplementalGroupsStrategyOptions)
in.DeepCopyInto(out)
return out
}

48
staging/src/k8s.io/api/extensions/v1beta1/zz_generated.prerelease-lifecycle.go generated
View File

@ -235,54 +235,6 @@ func (in *NetworkPolicyList) APILifecycleRemoved() (major, minor int) {
return 1, 16
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *PodSecurityPolicy) APILifecycleIntroduced() (major, minor int) {
return 1, 2
}
// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (in *PodSecurityPolicy) APILifecycleDeprecated() (major, minor int) {
return 1, 11
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *PodSecurityPolicy) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "policy", Version: "v1beta1", Kind: "PodSecurityPolicy"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *PodSecurityPolicy) APILifecycleRemoved() (major, minor int) {
return 1, 16
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *PodSecurityPolicyList) APILifecycleIntroduced() (major, minor int) {
return 1, 2
}
// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (in *PodSecurityPolicyList) APILifecycleDeprecated() (major, minor int) {
return 1, 11
}
// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type.
// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (in *PodSecurityPolicyList) APILifecycleReplacement() schema.GroupVersionKind {
return schema.GroupVersionKind{Group: "policy", Version: "v1beta1", Kind: "PodSecurityPolicyList"}
}
// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (in *PodSecurityPolicyList) APILifecycleRemoved() (major, minor int) {
return 1, 16
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *ReplicaSet) APILifecycleIntroduced() (major, minor int) {

149
staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.PodSecurityPolicy.json vendored
View File

@ -1,149 +0,0 @@
{
"kind": "PodSecurityPolicy",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "nameValue",
"generateName": "generateNameValue",
"namespace": "namespaceValue",
"selfLink": "selfLinkValue",
"uid": "uidValue",
"resourceVersion": "resourceVersionValue",
"generation": 7,
"creationTimestamp": "2008-01-01T01:01:01Z",
"deletionTimestamp": "2009-01-01T01:01:01Z",
"deletionGracePeriodSeconds": 10,
"labels": {
"labelsKey": "labelsValue"
},
"annotations": {
"annotationsKey": "annotationsValue"
},
"ownerReferences": [
{
"apiVersion": "apiVersionValue",
"kind": "kindValue",
"name": "nameValue",
"uid": "uidValue",
"controller": true,
"blockOwnerDeletion": true
}
],
"finalizers": [
"finalizersValue"
],
"managedFields": [
{
"manager": "managerValue",
"operation": "operationValue",
"apiVersion": "apiVersionValue",
"time": "2004-01-01T01:01:01Z",
"fieldsType": "fieldsTypeValue",
"fieldsV1": {},
"subresource": "subresourceValue"
}
]
},
"spec": {
"privileged": true,
"defaultAddCapabilities": [
"defaultAddCapabilitiesValue"
],
"requiredDropCapabilities": [
"requiredDropCapabilitiesValue"
],
"allowedCapabilities": [
"allowedCapabilitiesValue"
],
"volumes": [
"volumesValue"
],
"hostNetwork": true,
"hostPorts": [
{
"min": 1,
"max": 2
}
],
"hostPID": true,
"hostIPC": true,
"seLinux": {
"rule": "ruleValue",
"seLinuxOptions": {
"user": "userValue",
"role": "roleValue",
"type": "typeValue",
"level": "levelValue"
}
},
"runAsUser": {
"rule": "ruleValue",
"ranges": [
{
"min": 1,
"max": 2
}
]
},
"runAsGroup": {
"rule": "ruleValue",
"ranges": [
{
"min": 1,
"max": 2
}
]
},
"supplementalGroups": {
"rule": "ruleValue",
"ranges": [
{
"min": 1,
"max": 2
}
]
},
"fsGroup": {
"rule": "ruleValue",
"ranges": [
{
"min": 1,
"max": 2
}
]
},
"readOnlyRootFilesystem": true,
"defaultAllowPrivilegeEscalation": true,
"allowPrivilegeEscalation": true,
"allowedHostPaths": [
{
"pathPrefix": "pathPrefixValue",
"readOnly": true
}
],
"allowedFlexVolumes": [
{
"driver": "driverValue"
}
],
"allowedCSIDrivers": [
{
"name": "nameValue"
}
],
"allowedUnsafeSysctls": [
"allowedUnsafeSysctlsValue"
],
"forbiddenSysctls": [
"forbiddenSysctlsValue"
],
"allowedProcMountTypes": [
"allowedProcMountTypesValue"
],
"runtimeClass": {
"allowedRuntimeClassNames": [
"allowedRuntimeClassNamesValue"
],
"defaultRuntimeClassName": "defaultRuntimeClassNameValue"
}
}
}

BIN
staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.PodSecurityPolicy.pb vendored
View File

Binary file not shown.

97
staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.PodSecurityPolicy.yaml vendored
View File

@ -1,97 +0,0 @@
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
annotationsKey: annotationsValue
creationTimestamp: "2008-01-01T01:01:01Z"
deletionGracePeriodSeconds: 10
deletionTimestamp: "2009-01-01T01:01:01Z"
finalizers:
- finalizersValue
generateName: generateNameValue
generation: 7
labels:
labelsKey: labelsValue
managedFields:
- apiVersion: apiVersionValue
fieldsType: fieldsTypeValue
fieldsV1: {}
manager: managerValue
operation: operationValue
subresource: subresourceValue
time: "2004-01-01T01:01:01Z"
name: nameValue
namespace: namespaceValue
ownerReferences:
- apiVersion: apiVersionValue
blockOwnerDeletion: true
controller: true
kind: kindValue
name: nameValue
uid: uidValue
resourceVersion: resourceVersionValue
selfLink: selfLinkValue
uid: uidValue
spec:
allowPrivilegeEscalation: true
allowedCSIDrivers:
- name: nameValue
allowedCapabilities:
- allowedCapabilitiesValue
allowedFlexVolumes:
- driver: driverValue
allowedHostPaths:
- pathPrefix: pathPrefixValue
readOnly: true
allowedProcMountTypes:
- allowedProcMountTypesValue
allowedUnsafeSysctls:
- allowedUnsafeSysctlsValue
defaultAddCapabilities:
- defaultAddCapabilitiesValue
defaultAllowPrivilegeEscalation: true
forbiddenSysctls:
- forbiddenSysctlsValue
fsGroup:
ranges:
- max: 2
min: 1
rule: ruleValue
hostIPC: true
hostNetwork: true
hostPID: true
hostPorts:
- max: 2
min: 1
privileged: true
readOnlyRootFilesystem: true
requiredDropCapabilities:
- requiredDropCapabilitiesValue
runAsGroup:
ranges:
- max: 2
min: 1
rule: ruleValue
runAsUser:
ranges:
- max: 2
min: 1
rule: ruleValue
runtimeClass:
allowedRuntimeClassNames:
- allowedRuntimeClassNamesValue
defaultRuntimeClassName: defaultRuntimeClassNameValue
seLinux:
rule: ruleValue
seLinuxOptions:
level: levelValue
role: roleValue
type: typeValue
user: userValue
supplementalGroups:
ranges:
- max: 2
min: 1
rule: ruleValue
volumes:
- volumesValue

6
staging/src/k8s.io/apimachinery/pkg/api/meta/testrestmapper/test_restmapper.go
View File

@ -128,12 +128,6 @@ var rootScopedKinds = map[schema.GroupKind]bool{
{Group: "", Kind: "PersistentVolume"}: true,
{Group: "", Kind: "ComponentStatus"}: true,
{Group: "extensions", Kind: "PodSecurityPolicy"}: true,
{Group: "policy", Kind: "PodSecurityPolicy"}: true,
{Group: "extensions", Kind: "PodSecurityPolicy"}: true,
{Group: "rbac.authorization.k8s.io", Kind: "ClusterRole"}: true,
{Group: "rbac.authorization.k8s.io", Kind: "ClusterRoleBinding"}: true,

16
staging/src/k8s.io/apiserver/pkg/admission/attributes_test.go
View File

@ -27,22 +27,22 @@ func TestAddAnnotation(t *testing.T) {
attr := &attributesRecord{}
// test AddAnnotation
attr.AddAnnotation("podsecuritypolicy.admission.k8s.io/validate-policy", "privileged")
attr.AddAnnotation("podsecuritypolicy.admission.k8s.io/admit-policy", "privileged")
attr.AddAnnotation("foo.admission.k8s.io/key1", "value1")
attr.AddAnnotation("foo.admission.k8s.io/key2", "value2")
annotations := attr.getAnnotations(auditinternal.LevelMetadata)
assert.Equal(t, annotations["podsecuritypolicy.admission.k8s.io/validate-policy"], "privileged")
assert.Equal(t, annotations["foo.admission.k8s.io/key1"], "value1")
// test overwrite
assert.Error(t, attr.AddAnnotation("podsecuritypolicy.admission.k8s.io/validate-policy", "privileged-overwrite"),
assert.Error(t, attr.AddAnnotation("foo.admission.k8s.io/key1", "value1-overwrite"),
"admission annotations should not be allowd to be overwritten")
annotations = attr.getAnnotations(auditinternal.LevelMetadata)
assert.Equal(t, annotations["podsecuritypolicy.admission.k8s.io/validate-policy"], "privileged", "admission annotations should not be overwritten")
assert.Equal(t, annotations["foo.admission.k8s.io/key1"], "value1", "admission annotations should not be overwritten")
// test invalid plugin names
var testCases map[string]string = map[string]string{
"invalid dns subdomain": "INVALID-DNS-Subdomain/policy",
"no plugin name": "policy",
"no key name": "podsecuritypolicy.admission.k8s.io",
"no key name": "foo.admission.k8s.io",
"empty key": "",
}
for name, invalidKey := range testCases {
@ -57,8 +57,8 @@ func TestAddAnnotation(t *testing.T) {
t,
annotations,
map[string]string{
"podsecuritypolicy.admission.k8s.io/validate-policy": "privileged",
"podsecuritypolicy.admission.k8s.io/admit-policy": "privileged",
"foo.admission.k8s.io/key1": "value1",
"foo.admission.k8s.io/key2": "value2",
},
"unexpected final annotations",
)

1204
staging/src/k8s.io/cli-runtime/artifacts/openapi/swagger.json
View File

File diff suppressed because it is too large Load Diff

39
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/allowedcsidriver.go
View File

@ -1,39 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
// AllowedCSIDriverApplyConfiguration represents an declarative configuration of the AllowedCSIDriver type for use
// with apply.
type AllowedCSIDriverApplyConfiguration struct {
Name *string `json:"name,omitempty"`
}
// AllowedCSIDriverApplyConfiguration constructs an declarative configuration of the AllowedCSIDriver type for use with
// apply.
func AllowedCSIDriver() *AllowedCSIDriverApplyConfiguration {
return &AllowedCSIDriverApplyConfiguration{}
}
// WithName sets the Name field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Name field is set to the value of the last call.
func (b *AllowedCSIDriverApplyConfiguration) WithName(value string) *AllowedCSIDriverApplyConfiguration {
b.Name = &value
return b
}

39
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/allowedflexvolume.go
View File

@ -1,39 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
// AllowedFlexVolumeApplyConfiguration represents an declarative configuration of the AllowedFlexVolume type for use
// with apply.
type AllowedFlexVolumeApplyConfiguration struct {
Driver *string `json:"driver,omitempty"`
}
// AllowedFlexVolumeApplyConfiguration constructs an declarative configuration of the AllowedFlexVolume type for use with
// apply.
func AllowedFlexVolume() *AllowedFlexVolumeApplyConfiguration {
return &AllowedFlexVolumeApplyConfiguration{}
}
// WithDriver sets the Driver field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Driver field is set to the value of the last call.
func (b *AllowedFlexVolumeApplyConfiguration) WithDriver(value string) *AllowedFlexVolumeApplyConfiguration {
b.Driver = &value
return b
}

48
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/allowedhostpath.go
View File

@ -1,48 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
// AllowedHostPathApplyConfiguration represents an declarative configuration of the AllowedHostPath type for use
// with apply.
type AllowedHostPathApplyConfiguration struct {
PathPrefix *string `json:"pathPrefix,omitempty"`
ReadOnly *bool `json:"readOnly,omitempty"`
}
// AllowedHostPathApplyConfiguration constructs an declarative configuration of the AllowedHostPath type for use with
// apply.
func AllowedHostPath() *AllowedHostPathApplyConfiguration {
return &AllowedHostPathApplyConfiguration{}
}
// WithPathPrefix sets the PathPrefix field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PathPrefix field is set to the value of the last call.
func (b *AllowedHostPathApplyConfiguration) WithPathPrefix(value string) *AllowedHostPathApplyConfiguration {
b.PathPrefix = &value
return b
}
// WithReadOnly sets the ReadOnly field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ReadOnly field is set to the value of the last call.
func (b *AllowedHostPathApplyConfiguration) WithReadOnly(value bool) *AllowedHostPathApplyConfiguration {
b.ReadOnly = &value
return b
}

57
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/fsgroupstrategyoptions.go
View File

@ -1,57 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "k8s.io/api/extensions/v1beta1"
)
// FSGroupStrategyOptionsApplyConfiguration represents an declarative configuration of the FSGroupStrategyOptions type for use
// with apply.
type FSGroupStrategyOptionsApplyConfiguration struct {
Rule *v1beta1.FSGroupStrategyType `json:"rule,omitempty"`
Ranges []IDRangeApplyConfiguration `json:"ranges,omitempty"`
}
// FSGroupStrategyOptionsApplyConfiguration constructs an declarative configuration of the FSGroupStrategyOptions type for use with
// apply.
func FSGroupStrategyOptions() *FSGroupStrategyOptionsApplyConfiguration {
return &FSGroupStrategyOptionsApplyConfiguration{}
}
// WithRule sets the Rule field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Rule field is set to the value of the last call.
func (b *FSGroupStrategyOptionsApplyConfiguration) WithRule(value v1beta1.FSGroupStrategyType) *FSGroupStrategyOptionsApplyConfiguration {
b.Rule = &value
return b
}
// WithRanges adds the given value to the Ranges field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Ranges field.
func (b *FSGroupStrategyOptionsApplyConfiguration) WithRanges(values ...*IDRangeApplyConfiguration) *FSGroupStrategyOptionsApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithRanges")
}
b.Ranges = append(b.Ranges, *values[i])
}
return b
}

48
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/hostportrange.go
View File

@ -1,48 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
// HostPortRangeApplyConfiguration represents an declarative configuration of the HostPortRange type for use
// with apply.
type HostPortRangeApplyConfiguration struct {
Min *int32 `json:"min,omitempty"`
Max *int32 `json:"max,omitempty"`
}
// HostPortRangeApplyConfiguration constructs an declarative configuration of the HostPortRange type for use with
// apply.
func HostPortRange() *HostPortRangeApplyConfiguration {
return &HostPortRangeApplyConfiguration{}
}
// WithMin sets the Min field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Min field is set to the value of the last call.
func (b *HostPortRangeApplyConfiguration) WithMin(value int32) *HostPortRangeApplyConfiguration {
b.Min = &value
return b
}
// WithMax sets the Max field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Max field is set to the value of the last call.
func (b *HostPortRangeApplyConfiguration) WithMax(value int32) *HostPortRangeApplyConfiguration {
b.Max = &value
return b
}

48
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/idrange.go
View File

@ -1,48 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
// IDRangeApplyConfiguration represents an declarative configuration of the IDRange type for use
// with apply.
type IDRangeApplyConfiguration struct {
Min *int64 `json:"min,omitempty"`
Max *int64 `json:"max,omitempty"`
}
// IDRangeApplyConfiguration constructs an declarative configuration of the IDRange type for use with
// apply.
func IDRange() *IDRangeApplyConfiguration {
return &IDRangeApplyConfiguration{}
}
// WithMin sets the Min field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Min field is set to the value of the last call.
func (b *IDRangeApplyConfiguration) WithMin(value int64) *IDRangeApplyConfiguration {
b.Min = &value
return b
}
// WithMax sets the Max field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Max field is set to the value of the last call.
func (b *IDRangeApplyConfiguration) WithMax(value int64) *IDRangeApplyConfiguration {
b.Max = &value
return b
}

247
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/podsecuritypolicy.go
View File

@ -1,247 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
internal "k8s.io/client-go/applyconfigurations/internal"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
)
// PodSecurityPolicyApplyConfiguration represents an declarative configuration of the PodSecurityPolicy type for use
// with apply.
type PodSecurityPolicyApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:",inline"`
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
Spec *PodSecurityPolicySpecApplyConfiguration `json:"spec,omitempty"`
}
// PodSecurityPolicy constructs an declarative configuration of the PodSecurityPolicy type for use with
// apply.
func PodSecurityPolicy(name string) *PodSecurityPolicyApplyConfiguration {
b := &PodSecurityPolicyApplyConfiguration{}
b.WithName(name)
b.WithKind("PodSecurityPolicy")
b.WithAPIVersion("extensions/v1beta1")
return b
}
// ExtractPodSecurityPolicy extracts the applied configuration owned by fieldManager from
// podSecurityPolicy. If no managedFields are found in podSecurityPolicy for fieldManager, a
// PodSecurityPolicyApplyConfiguration is returned with only the Name, Namespace (if applicable),
// APIVersion and Kind populated. It is possible that no managed fields were found for because other
// field managers have taken ownership of all the fields previously owned by fieldManager, or because
// the fieldManager never owned fields any fields.
// podSecurityPolicy must be a unmodified PodSecurityPolicy API object that was retrieved from the Kubernetes API.
// ExtractPodSecurityPolicy provides a way to perform a extract/modify-in-place/apply workflow.
// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
// applied if another fieldManager has updated or force applied any of the previously applied fields.
// Experimental!
func ExtractPodSecurityPolicy(podSecurityPolicy *extensionsv1beta1.PodSecurityPolicy, fieldManager string) (*PodSecurityPolicyApplyConfiguration, error) {
return extractPodSecurityPolicy(podSecurityPolicy, fieldManager, "")
}
// ExtractPodSecurityPolicyStatus is the same as ExtractPodSecurityPolicy except
// that it extracts the status subresource applied configuration.
// Experimental!
func ExtractPodSecurityPolicyStatus(podSecurityPolicy *extensionsv1beta1.PodSecurityPolicy, fieldManager string) (*PodSecurityPolicyApplyConfiguration, error) {
return extractPodSecurityPolicy(podSecurityPolicy, fieldManager, "status")
}
func extractPodSecurityPolicy(podSecurityPolicy *extensionsv1beta1.PodSecurityPolicy, fieldManager string, subresource string) (*PodSecurityPolicyApplyConfiguration, error) {
b := &PodSecurityPolicyApplyConfiguration{}
err := managedfields.ExtractInto(podSecurityPolicy, internal.Parser().Type("io.k8s.api.extensions.v1beta1.PodSecurityPolicy"), fieldManager, b, subresource)
if err != nil {
return nil, err
}
b.WithName(podSecurityPolicy.Name)
b.WithKind("PodSecurityPolicy")
b.WithAPIVersion("extensions/v1beta1")
return b, nil
}
// WithKind sets the Kind field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Kind field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithKind(value string) *PodSecurityPolicyApplyConfiguration {
b.Kind = &value
return b
}
// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the APIVersion field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithAPIVersion(value string) *PodSecurityPolicyApplyConfiguration {
b.APIVersion = &value
return b
}
// WithName sets the Name field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Name field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithName(value string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.Name = &value
return b
}
// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the GenerateName field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithGenerateName(value string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.GenerateName = &value
return b
}
// WithNamespace sets the Namespace field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Namespace field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithNamespace(value string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.Namespace = &value
return b
}
// WithUID sets the UID field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the UID field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithUID(value types.UID) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.UID = &value
return b
}
// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ResourceVersion field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithResourceVersion(value string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.ResourceVersion = &value
return b
}
// WithGeneration sets the Generation field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Generation field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithGeneration(value int64) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.Generation = &value
return b
}
// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the CreationTimestamp field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.CreationTimestamp = &value
return b
}
// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.DeletionTimestamp = &value
return b
}
// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
b.DeletionGracePeriodSeconds = &value
return b
}
// WithLabels puts the entries into the Labels field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, the entries provided by each call will be put on the Labels field,
// overwriting an existing map entries in Labels field with the same key.
func (b *PodSecurityPolicyApplyConfiguration) WithLabels(entries map[string]string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
if b.Labels == nil && len(entries) > 0 {
b.Labels = make(map[string]string, len(entries))
}
for k, v := range entries {
b.Labels[k] = v
}
return b
}
// WithAnnotations puts the entries into the Annotations field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, the entries provided by each call will be put on the Annotations field,
// overwriting an existing map entries in Annotations field with the same key.
func (b *PodSecurityPolicyApplyConfiguration) WithAnnotations(entries map[string]string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
if b.Annotations == nil && len(entries) > 0 {
b.Annotations = make(map[string]string, len(entries))
}
for k, v := range entries {
b.Annotations[k] = v
}
return b
}
// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
func (b *PodSecurityPolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
for i := range values {
if values[i] == nil {
panic("nil value passed to WithOwnerReferences")
}
b.OwnerReferences = append(b.OwnerReferences, *values[i])
}
return b
}
// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Finalizers field.
func (b *PodSecurityPolicyApplyConfiguration) WithFinalizers(values ...string) *PodSecurityPolicyApplyConfiguration {
b.ensureObjectMetaApplyConfigurationExists()
for i := range values {
b.Finalizers = append(b.Finalizers, values[i])
}
return b
}
func (b *PodSecurityPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
if b.ObjectMetaApplyConfiguration == nil {
b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
}
}
// WithSpec sets the Spec field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Spec field is set to the value of the last call.
func (b *PodSecurityPolicyApplyConfiguration) WithSpec(value *PodSecurityPolicySpecApplyConfiguration) *PodSecurityPolicyApplyConfiguration {
b.Spec = value
return b
}

285
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/podsecuritypolicyspec.go
View File

@ -1,285 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
v1 "k8s.io/api/core/v1"
v1beta1 "k8s.io/api/extensions/v1beta1"
)
// PodSecurityPolicySpecApplyConfiguration represents an declarative configuration of the PodSecurityPolicySpec type for use
// with apply.
type PodSecurityPolicySpecApplyConfiguration struct {
Privileged *bool `json:"privileged,omitempty"`
DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty"`
RequiredDropCapabilities []v1.Capability `json:"requiredDropCapabilities,omitempty"`
AllowedCapabilities []v1.Capability `json:"allowedCapabilities,omitempty"`
Volumes []v1beta1.FSType `json:"volumes,omitempty"`
HostNetwork *bool `json:"hostNetwork,omitempty"`
HostPorts []HostPortRangeApplyConfiguration `json:"hostPorts,omitempty"`
HostPID *bool `json:"hostPID,omitempty"`
HostIPC *bool `json:"hostIPC,omitempty"`
SELinux *SELinuxStrategyOptionsApplyConfiguration `json:"seLinux,omitempty"`
RunAsUser *RunAsUserStrategyOptionsApplyConfiguration `json:"runAsUser,omitempty"`
RunAsGroup *RunAsGroupStrategyOptionsApplyConfiguration `json:"runAsGroup,omitempty"`
SupplementalGroups *SupplementalGroupsStrategyOptionsApplyConfiguration `json:"supplementalGroups,omitempty"`
FSGroup *FSGroupStrategyOptionsApplyConfiguration `json:"fsGroup,omitempty"`
ReadOnlyRootFilesystem *bool `json:"readOnlyRootFilesystem,omitempty"`
DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty"`
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty"`
AllowedHostPaths []AllowedHostPathApplyConfiguration `json:"allowedHostPaths,omitempty"`
AllowedFlexVolumes []AllowedFlexVolumeApplyConfiguration `json:"allowedFlexVolumes,omitempty"`
AllowedCSIDrivers []AllowedCSIDriverApplyConfiguration `json:"allowedCSIDrivers,omitempty"`
AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"`
ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty"`
AllowedProcMountTypes []v1.ProcMountType `json:"allowedProcMountTypes,omitempty"`
RuntimeClass *RuntimeClassStrategyOptionsApplyConfiguration `json:"runtimeClass,omitempty"`
}
// PodSecurityPolicySpecApplyConfiguration constructs an declarative configuration of the PodSecurityPolicySpec type for use with
// apply.
func PodSecurityPolicySpec() *PodSecurityPolicySpecApplyConfiguration {
return &PodSecurityPolicySpecApplyConfiguration{}
}
// WithPrivileged sets the Privileged field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Privileged field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithPrivileged(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.Privileged = &value
return b
}
// WithDefaultAddCapabilities adds the given value to the DefaultAddCapabilities field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the DefaultAddCapabilities field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithDefaultAddCapabilities(values ...v1.Capability) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.DefaultAddCapabilities = append(b.DefaultAddCapabilities, values[i])
}
return b
}
// WithRequiredDropCapabilities adds the given value to the RequiredDropCapabilities field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the RequiredDropCapabilities field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithRequiredDropCapabilities(values ...v1.Capability) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.RequiredDropCapabilities = append(b.RequiredDropCapabilities, values[i])
}
return b
}
// WithAllowedCapabilities adds the given value to the AllowedCapabilities field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedCapabilities field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowedCapabilities(values ...v1.Capability) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.AllowedCapabilities = append(b.AllowedCapabilities, values[i])
}
return b
}
// WithVolumes adds the given value to the Volumes field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Volumes field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithVolumes(values ...v1beta1.FSType) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.Volumes = append(b.Volumes, values[i])
}
return b
}
// WithHostNetwork sets the HostNetwork field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the HostNetwork field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithHostNetwork(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.HostNetwork = &value
return b
}
// WithHostPorts adds the given value to the HostPorts field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the HostPorts field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithHostPorts(values ...*HostPortRangeApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithHostPorts")
}
b.HostPorts = append(b.HostPorts, *values[i])
}
return b
}
// WithHostPID sets the HostPID field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the HostPID field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithHostPID(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.HostPID = &value
return b
}
// WithHostIPC sets the HostIPC field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the HostIPC field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithHostIPC(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.HostIPC = &value
return b
}
// WithSELinux sets the SELinux field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SELinux field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithSELinux(value *SELinuxStrategyOptionsApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
b.SELinux = value
return b
}
// WithRunAsUser sets the RunAsUser field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RunAsUser field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithRunAsUser(value *RunAsUserStrategyOptionsApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
b.RunAsUser = value
return b
}
// WithRunAsGroup sets the RunAsGroup field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RunAsGroup field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithRunAsGroup(value *RunAsGroupStrategyOptionsApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
b.RunAsGroup = value
return b
}
// WithSupplementalGroups sets the SupplementalGroups field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SupplementalGroups field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithSupplementalGroups(value *SupplementalGroupsStrategyOptionsApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
b.SupplementalGroups = value
return b
}
// WithFSGroup sets the FSGroup field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the FSGroup field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithFSGroup(value *FSGroupStrategyOptionsApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
b.FSGroup = value
return b
}
// WithReadOnlyRootFilesystem sets the ReadOnlyRootFilesystem field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ReadOnlyRootFilesystem field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithReadOnlyRootFilesystem(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.ReadOnlyRootFilesystem = &value
return b
}
// WithDefaultAllowPrivilegeEscalation sets the DefaultAllowPrivilegeEscalation field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the DefaultAllowPrivilegeEscalation field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithDefaultAllowPrivilegeEscalation(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.DefaultAllowPrivilegeEscalation = &value
return b
}
// WithAllowPrivilegeEscalation sets the AllowPrivilegeEscalation field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the AllowPrivilegeEscalation field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowPrivilegeEscalation(value bool) *PodSecurityPolicySpecApplyConfiguration {
b.AllowPrivilegeEscalation = &value
return b
}
// WithAllowedHostPaths adds the given value to the AllowedHostPaths field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedHostPaths field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowedHostPaths(values ...*AllowedHostPathApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithAllowedHostPaths")
}
b.AllowedHostPaths = append(b.AllowedHostPaths, *values[i])
}
return b
}
// WithAllowedFlexVolumes adds the given value to the AllowedFlexVolumes field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedFlexVolumes field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowedFlexVolumes(values ...*AllowedFlexVolumeApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithAllowedFlexVolumes")
}
b.AllowedFlexVolumes = append(b.AllowedFlexVolumes, *values[i])
}
return b
}
// WithAllowedCSIDrivers adds the given value to the AllowedCSIDrivers field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedCSIDrivers field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowedCSIDrivers(values ...*AllowedCSIDriverApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithAllowedCSIDrivers")
}
b.AllowedCSIDrivers = append(b.AllowedCSIDrivers, *values[i])
}
return b
}
// WithAllowedUnsafeSysctls adds the given value to the AllowedUnsafeSysctls field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedUnsafeSysctls field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowedUnsafeSysctls(values ...string) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.AllowedUnsafeSysctls = append(b.AllowedUnsafeSysctls, values[i])
}
return b
}
// WithForbiddenSysctls adds the given value to the ForbiddenSysctls field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the ForbiddenSysctls field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithForbiddenSysctls(values ...string) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.ForbiddenSysctls = append(b.ForbiddenSysctls, values[i])
}
return b
}
// WithAllowedProcMountTypes adds the given value to the AllowedProcMountTypes field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedProcMountTypes field.
func (b *PodSecurityPolicySpecApplyConfiguration) WithAllowedProcMountTypes(values ...v1.ProcMountType) *PodSecurityPolicySpecApplyConfiguration {
for i := range values {
b.AllowedProcMountTypes = append(b.AllowedProcMountTypes, values[i])
}
return b
}
// WithRuntimeClass sets the RuntimeClass field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RuntimeClass field is set to the value of the last call.
func (b *PodSecurityPolicySpecApplyConfiguration) WithRuntimeClass(value *RuntimeClassStrategyOptionsApplyConfiguration) *PodSecurityPolicySpecApplyConfiguration {
b.RuntimeClass = value
return b
}

57
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/runasgroupstrategyoptions.go
View File

@ -1,57 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "k8s.io/api/extensions/v1beta1"
)
// RunAsGroupStrategyOptionsApplyConfiguration represents an declarative configuration of the RunAsGroupStrategyOptions type for use
// with apply.
type RunAsGroupStrategyOptionsApplyConfiguration struct {
Rule *v1beta1.RunAsGroupStrategy `json:"rule,omitempty"`
Ranges []IDRangeApplyConfiguration `json:"ranges,omitempty"`
}
// RunAsGroupStrategyOptionsApplyConfiguration constructs an declarative configuration of the RunAsGroupStrategyOptions type for use with
// apply.
func RunAsGroupStrategyOptions() *RunAsGroupStrategyOptionsApplyConfiguration {
return &RunAsGroupStrategyOptionsApplyConfiguration{}
}
// WithRule sets the Rule field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Rule field is set to the value of the last call.
func (b *RunAsGroupStrategyOptionsApplyConfiguration) WithRule(value v1beta1.RunAsGroupStrategy) *RunAsGroupStrategyOptionsApplyConfiguration {
b.Rule = &value
return b
}
// WithRanges adds the given value to the Ranges field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Ranges field.
func (b *RunAsGroupStrategyOptionsApplyConfiguration) WithRanges(values ...*IDRangeApplyConfiguration) *RunAsGroupStrategyOptionsApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithRanges")
}
b.Ranges = append(b.Ranges, *values[i])
}
return b
}

57
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/runasuserstrategyoptions.go
View File

@ -1,57 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "k8s.io/api/extensions/v1beta1"
)
// RunAsUserStrategyOptionsApplyConfiguration represents an declarative configuration of the RunAsUserStrategyOptions type for use
// with apply.
type RunAsUserStrategyOptionsApplyConfiguration struct {
Rule *v1beta1.RunAsUserStrategy `json:"rule,omitempty"`
Ranges []IDRangeApplyConfiguration `json:"ranges,omitempty"`
}
// RunAsUserStrategyOptionsApplyConfiguration constructs an declarative configuration of the RunAsUserStrategyOptions type for use with
// apply.
func RunAsUserStrategyOptions() *RunAsUserStrategyOptionsApplyConfiguration {
return &RunAsUserStrategyOptionsApplyConfiguration{}
}
// WithRule sets the Rule field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Rule field is set to the value of the last call.
func (b *RunAsUserStrategyOptionsApplyConfiguration) WithRule(value v1beta1.RunAsUserStrategy) *RunAsUserStrategyOptionsApplyConfiguration {
b.Rule = &value
return b
}
// WithRanges adds the given value to the Ranges field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Ranges field.
func (b *RunAsUserStrategyOptionsApplyConfiguration) WithRanges(values ...*IDRangeApplyConfiguration) *RunAsUserStrategyOptionsApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithRanges")
}
b.Ranges = append(b.Ranges, *values[i])
}
return b
}

50
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/runtimeclassstrategyoptions.go
View File

@ -1,50 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
// RuntimeClassStrategyOptionsApplyConfiguration represents an declarative configuration of the RuntimeClassStrategyOptions type for use
// with apply.
type RuntimeClassStrategyOptionsApplyConfiguration struct {
AllowedRuntimeClassNames []string `json:"allowedRuntimeClassNames,omitempty"`
DefaultRuntimeClassName *string `json:"defaultRuntimeClassName,omitempty"`
}
// RuntimeClassStrategyOptionsApplyConfiguration constructs an declarative configuration of the RuntimeClassStrategyOptions type for use with
// apply.
func RuntimeClassStrategyOptions() *RuntimeClassStrategyOptionsApplyConfiguration {
return &RuntimeClassStrategyOptionsApplyConfiguration{}
}
// WithAllowedRuntimeClassNames adds the given value to the AllowedRuntimeClassNames field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the AllowedRuntimeClassNames field.
func (b *RuntimeClassStrategyOptionsApplyConfiguration) WithAllowedRuntimeClassNames(values ...string) *RuntimeClassStrategyOptionsApplyConfiguration {
for i := range values {
b.AllowedRuntimeClassNames = append(b.AllowedRuntimeClassNames, values[i])
}
return b
}
// WithDefaultRuntimeClassName sets the DefaultRuntimeClassName field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the DefaultRuntimeClassName field is set to the value of the last call.
func (b *RuntimeClassStrategyOptionsApplyConfiguration) WithDefaultRuntimeClassName(value string) *RuntimeClassStrategyOptionsApplyConfiguration {
b.DefaultRuntimeClassName = &value
return b
}

53
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/selinuxstrategyoptions.go
View File

@ -1,53 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "k8s.io/api/extensions/v1beta1"
v1 "k8s.io/client-go/applyconfigurations/core/v1"
)
// SELinuxStrategyOptionsApplyConfiguration represents an declarative configuration of the SELinuxStrategyOptions type for use
// with apply.
type SELinuxStrategyOptionsApplyConfiguration struct {
Rule *v1beta1.SELinuxStrategy `json:"rule,omitempty"`
SELinuxOptions *v1.SELinuxOptionsApplyConfiguration `json:"seLinuxOptions,omitempty"`
}
// SELinuxStrategyOptionsApplyConfiguration constructs an declarative configuration of the SELinuxStrategyOptions type for use with
// apply.
func SELinuxStrategyOptions() *SELinuxStrategyOptionsApplyConfiguration {
return &SELinuxStrategyOptionsApplyConfiguration{}
}
// WithRule sets the Rule field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Rule field is set to the value of the last call.
func (b *SELinuxStrategyOptionsApplyConfiguration) WithRule(value v1beta1.SELinuxStrategy) *SELinuxStrategyOptionsApplyConfiguration {
b.Rule = &value
return b
}
// WithSELinuxOptions sets the SELinuxOptions field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SELinuxOptions field is set to the value of the last call.
func (b *SELinuxStrategyOptionsApplyConfiguration) WithSELinuxOptions(value *v1.SELinuxOptionsApplyConfiguration) *SELinuxStrategyOptionsApplyConfiguration {
b.SELinuxOptions = value
return b
}

57
staging/src/k8s.io/client-go/applyconfigurations/extensions/v1beta1/supplementalgroupsstrategyoptions.go
View File

@ -1,57 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "k8s.io/api/extensions/v1beta1"
)
// SupplementalGroupsStrategyOptionsApplyConfiguration represents an declarative configuration of the SupplementalGroupsStrategyOptions type for use
// with apply.
type SupplementalGroupsStrategyOptionsApplyConfiguration struct {
Rule *v1beta1.SupplementalGroupsStrategyType `json:"rule,omitempty"`
Ranges []IDRangeApplyConfiguration `json:"ranges,omitempty"`
}
// SupplementalGroupsStrategyOptionsApplyConfiguration constructs an declarative configuration of the SupplementalGroupsStrategyOptions type for use with
// apply.
func SupplementalGroupsStrategyOptions() *SupplementalGroupsStrategyOptionsApplyConfiguration {
return &SupplementalGroupsStrategyOptionsApplyConfiguration{}
}
// WithRule sets the Rule field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Rule field is set to the value of the last call.
func (b *SupplementalGroupsStrategyOptionsApplyConfiguration) WithRule(value v1beta1.SupplementalGroupsStrategyType) *SupplementalGroupsStrategyOptionsApplyConfiguration {
b.Rule = &value
return b
}
// WithRanges adds the given value to the Ranges field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Ranges field.
func (b *SupplementalGroupsStrategyOptionsApplyConfiguration) WithRanges(values ...*IDRangeApplyConfiguration) *SupplementalGroupsStrategyOptionsApplyConfiguration {
for i := range values {
if values[i] == nil {
panic("nil value passed to WithRanges")
}
b.Ranges = append(b.Ranges, *values[i])
}
return b
}

246
staging/src/k8s.io/client-go/applyconfigurations/internal/internal.go
View File

@ -7734,29 +7734,6 @@ var schemaYAML = typed.YAMLObject(`types:
type:
namedType: io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime
default: {}
- name: io.k8s.api.extensions.v1beta1.AllowedCSIDriver
map:
fields:
- name: name
type:
scalar: string
default: ""
- name: io.k8s.api.extensions.v1beta1.AllowedFlexVolume
map:
fields:
- name: driver
type:
scalar: string
default: ""
- name: io.k8s.api.extensions.v1beta1.AllowedHostPath
map:
fields:
- name: pathPrefix
type:
scalar: string
- name: readOnly
type:
scalar: boolean
- name: io.k8s.api.extensions.v1beta1.DaemonSet
map:
fields:
@ -7992,18 +7969,6 @@ var schemaYAML = typed.YAMLObject(`types:
- name: type
type:
scalar: string
- name: io.k8s.api.extensions.v1beta1.FSGroupStrategyOptions
map:
fields:
- name: ranges
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.IDRange
elementRelationship: atomic
- name: rule
type:
scalar: string
- name: io.k8s.api.extensions.v1beta1.HTTPIngressPath
map:
fields:
@ -8026,28 +7991,6 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: io.k8s.api.extensions.v1beta1.HTTPIngressPath
elementRelationship: atomic
- name: io.k8s.api.extensions.v1beta1.HostPortRange
map:
fields:
- name: max
type:
scalar: numeric
default: 0
- name: min
type:
scalar: numeric
default: 0
- name: io.k8s.api.extensions.v1beta1.IDRange
map:
fields:
- name: max
type:
scalar: numeric
default: 0
- name: min
type:
scalar: numeric
default: 0
- name: io.k8s.api.extensions.v1beta1.IPBlock
map:
fields:
@ -8293,135 +8236,6 @@ var schemaYAML = typed.YAMLObject(`types:
elementRelationship: associative
keys:
- type
- name: io.k8s.api.extensions.v1beta1.PodSecurityPolicy
map:
fields:
- name: apiVersion
type:
scalar: string
- name: kind
type:
scalar: string
- name: metadata
type:
namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
default: {}
- name: spec
type:
namedType: io.k8s.api.extensions.v1beta1.PodSecurityPolicySpec
default: {}
- name: io.k8s.api.extensions.v1beta1.PodSecurityPolicySpec
map:
fields:
- name: allowPrivilegeEscalation
type:
scalar: boolean
- name: allowedCSIDrivers
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.AllowedCSIDriver
elementRelationship: atomic
- name: allowedCapabilities
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: allowedFlexVolumes
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.AllowedFlexVolume
elementRelationship: atomic
- name: allowedHostPaths
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.AllowedHostPath
elementRelationship: atomic
- name: allowedProcMountTypes
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: allowedUnsafeSysctls
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: defaultAddCapabilities
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: defaultAllowPrivilegeEscalation
type:
scalar: boolean
- name: forbiddenSysctls
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: fsGroup
type:
namedType: io.k8s.api.extensions.v1beta1.FSGroupStrategyOptions
default: {}
- name: hostIPC
type:
scalar: boolean
- name: hostNetwork
type:
scalar: boolean
- name: hostPID
type:
scalar: boolean
- name: hostPorts
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.HostPortRange
elementRelationship: atomic
- name: privileged
type:
scalar: boolean
- name: readOnlyRootFilesystem
type:
scalar: boolean
- name: requiredDropCapabilities
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: runAsGroup
type:
namedType: io.k8s.api.extensions.v1beta1.RunAsGroupStrategyOptions
- name: runAsUser
type:
namedType: io.k8s.api.extensions.v1beta1.RunAsUserStrategyOptions
default: {}
- name: runtimeClass
type:
namedType: io.k8s.api.extensions.v1beta1.RuntimeClassStrategyOptions
- name: seLinux
type:
namedType: io.k8s.api.extensions.v1beta1.SELinuxStrategyOptions
default: {}
- name: supplementalGroups
type:
namedType: io.k8s.api.extensions.v1beta1.SupplementalGroupsStrategyOptions
default: {}
- name: volumes
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: io.k8s.api.extensions.v1beta1.ReplicaSet
map:
fields:
@ -8531,66 +8345,6 @@ var schemaYAML = typed.YAMLObject(`types:
- name: maxUnavailable
type:
namedType: io.k8s.apimachinery.pkg.util.intstr.IntOrString
- name: io.k8s.api.extensions.v1beta1.RunAsGroupStrategyOptions
map:
fields:
- name: ranges
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.IDRange
elementRelationship: atomic
- name: rule
type:
scalar: string
default: ""
- name: io.k8s.api.extensions.v1beta1.RunAsUserStrategyOptions
map:
fields:
- name: ranges
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.IDRange
elementRelationship: atomic
- name: rule
type:
scalar: string
default: ""
- name: io.k8s.api.extensions.v1beta1.RuntimeClassStrategyOptions
map:
fields:
- name: allowedRuntimeClassNames
type:
list:
elementType:
scalar: string
elementRelationship: atomic
- name: defaultRuntimeClassName
type:
scalar: string
- name: io.k8s.api.extensions.v1beta1.SELinuxStrategyOptions
map:
fields:
- name: rule
type:
scalar: string
default: ""
- name: seLinuxOptions
type:
namedType: io.k8s.api.core.v1.SELinuxOptions
- name: io.k8s.api.extensions.v1beta1.SupplementalGroupsStrategyOptions
map:
fields:
- name: ranges
type:
list:
elementType:
namedType: io.k8s.api.extensions.v1beta1.IDRange
elementRelationship: atomic
- name: rule
type:
scalar: string
- name: io.k8s.api.flowcontrol.v1alpha1.FlowDistinguisherMethod
map:
fields:

26
staging/src/k8s.io/client-go/applyconfigurations/utils.go
View File

@ -937,12 +937,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &applyconfigurationseventsv1beta1.EventSeriesApplyConfiguration{}
// Group=extensions, Version=v1beta1
case extensionsv1beta1.SchemeGroupVersion.WithKind("AllowedCSIDriver"):
return &applyconfigurationsextensionsv1beta1.AllowedCSIDriverApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("AllowedFlexVolume"):
return &applyconfigurationsextensionsv1beta1.AllowedFlexVolumeApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("AllowedHostPath"):
return &applyconfigurationsextensionsv1beta1.AllowedHostPathApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("DaemonSet"):
return &applyconfigurationsextensionsv1beta1.DaemonSetApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("DaemonSetCondition"):
@ -963,16 +957,10 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &applyconfigurationsextensionsv1beta1.DeploymentStatusApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("DeploymentStrategy"):
return &applyconfigurationsextensionsv1beta1.DeploymentStrategyApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("FSGroupStrategyOptions"):
return &applyconfigurationsextensionsv1beta1.FSGroupStrategyOptionsApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("HostPortRange"):
return &applyconfigurationsextensionsv1beta1.HostPortRangeApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("HTTPIngressPath"):
return &applyconfigurationsextensionsv1beta1.HTTPIngressPathApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("HTTPIngressRuleValue"):
return &applyconfigurationsextensionsv1beta1.HTTPIngressRuleValueApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("IDRange"):
return &applyconfigurationsextensionsv1beta1.IDRangeApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("Ingress"):
return &applyconfigurationsextensionsv1beta1.IngressApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("IngressBackend"):
@ -1009,10 +997,6 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &applyconfigurationsextensionsv1beta1.NetworkPolicySpecApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("NetworkPolicyStatus"):
return &applyconfigurationsextensionsv1beta1.NetworkPolicyStatusApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("PodSecurityPolicy"):
return &applyconfigurationsextensionsv1beta1.PodSecurityPolicyApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("PodSecurityPolicySpec"):
return &applyconfigurationsextensionsv1beta1.PodSecurityPolicySpecApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("ReplicaSet"):
return &applyconfigurationsextensionsv1beta1.ReplicaSetApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("ReplicaSetCondition"):
@ -1027,18 +1011,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &applyconfigurationsextensionsv1beta1.RollingUpdateDaemonSetApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("RollingUpdateDeployment"):
return &applyconfigurationsextensionsv1beta1.RollingUpdateDeploymentApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("RunAsGroupStrategyOptions"):
return &applyconfigurationsextensionsv1beta1.RunAsGroupStrategyOptionsApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("RunAsUserStrategyOptions"):
return &applyconfigurationsextensionsv1beta1.RunAsUserStrategyOptionsApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("RuntimeClassStrategyOptions"):
return &applyconfigurationsextensionsv1beta1.RuntimeClassStrategyOptionsApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("Scale"):
return &applyconfigurationsextensionsv1beta1.ScaleApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("SELinuxStrategyOptions"):
return &applyconfigurationsextensionsv1beta1.SELinuxStrategyOptionsApplyConfiguration{}
case extensionsv1beta1.SchemeGroupVersion.WithKind("SupplementalGroupsStrategyOptions"):
return &applyconfigurationsextensionsv1beta1.SupplementalGroupsStrategyOptionsApplyConfiguration{}
// Group=flowcontrol.apiserver.k8s.io, Version=v1alpha1
case flowcontrolv1alpha1.SchemeGroupVersion.WithKind("FlowDistinguisherMethod"):

7
staging/src/k8s.io/client-go/informers/extensions/v1beta1/interface.go
View File

@ -32,8 +32,6 @@ type Interface interface {
Ingresses() IngressInformer
// NetworkPolicies returns a NetworkPolicyInformer.
NetworkPolicies() NetworkPolicyInformer
// PodSecurityPolicies returns a PodSecurityPolicyInformer.
PodSecurityPolicies() PodSecurityPolicyInformer
// ReplicaSets returns a ReplicaSetInformer.
ReplicaSets() ReplicaSetInformer
}
@ -69,11 +67,6 @@ func (v *version) NetworkPolicies() NetworkPolicyInformer {
return &networkPolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// PodSecurityPolicies returns a PodSecurityPolicyInformer.
func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer {
return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
// ReplicaSets returns a ReplicaSetInformer.
func (v *version) ReplicaSets() ReplicaSetInformer {
return &replicaSetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}

89
staging/src/k8s.io/client-go/informers/extensions/v1beta1/podsecuritypolicy.go
View File

@ -1,89 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1beta1
import (
"context"
time "time"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
kubernetes "k8s.io/client-go/kubernetes"
v1beta1 "k8s.io/client-go/listers/extensions/v1beta1"
cache "k8s.io/client-go/tools/cache"
)
// PodSecurityPolicyInformer provides access to a shared informer and lister for
// PodSecurityPolicies.
type PodSecurityPolicyInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1beta1.PodSecurityPolicyLister
}
type podSecurityPolicyInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.ExtensionsV1beta1().PodSecurityPolicies().List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.ExtensionsV1beta1().PodSecurityPolicies().Watch(context.TODO(), options)
},
},
&extensionsv1beta1.PodSecurityPolicy{},
resyncPeriod,
indexers,
)
}
func (f *podSecurityPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *podSecurityPolicyInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&extensionsv1beta1.PodSecurityPolicy{}, f.defaultInformer)
}
func (f *podSecurityPolicyInformer) Lister() v1beta1.PodSecurityPolicyLister {
return v1beta1.NewPodSecurityPolicyLister(f.Informer().GetIndexer())
}

2
staging/src/k8s.io/client-go/informers/generic.go
View File

@ -247,8 +247,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().Ingresses().Informer()}, nil
case extensionsv1beta1.SchemeGroupVersion.WithResource("networkpolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().NetworkPolicies().Informer()}, nil
case extensionsv1beta1.SchemeGroupVersion.WithResource("podsecuritypolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().PodSecurityPolicies().Informer()}, nil
case extensionsv1beta1.SchemeGroupVersion.WithResource("replicasets"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().V1beta1().ReplicaSets().Informer()}, nil

5
staging/src/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/extensions_client.go
View File

@ -32,7 +32,6 @@ type ExtensionsV1beta1Interface interface {
DeploymentsGetter
IngressesGetter
NetworkPoliciesGetter
PodSecurityPoliciesGetter
ReplicaSetsGetter
}
@ -57,10 +56,6 @@ func (c *ExtensionsV1beta1Client) NetworkPolicies(namespace string) NetworkPolic
return newNetworkPolicies(c, namespace)
}
func (c *ExtensionsV1beta1Client) PodSecurityPolicies() PodSecurityPolicyInterface {
return newPodSecurityPolicies(c)
}
func (c *ExtensionsV1beta1Client) ReplicaSets(namespace string) ReplicaSetInterface {
return newReplicaSets(c, namespace)
}

4
staging/src/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake/fake_extensions_client.go
View File

@ -44,10 +44,6 @@ func (c *FakeExtensionsV1beta1) NetworkPolicies(namespace string) v1beta1.Networ
return &FakeNetworkPolicies{c, namespace}
}
func (c *FakeExtensionsV1beta1) PodSecurityPolicies() v1beta1.PodSecurityPolicyInterface {
return &FakePodSecurityPolicies{c}
}
func (c *FakeExtensionsV1beta1) ReplicaSets(namespace string) v1beta1.ReplicaSetInterface {
return &FakeReplicaSets{c, namespace}
}

145
staging/src/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake/fake_podsecuritypolicy.go
View File

@ -1,145 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
json "encoding/json"
"fmt"
v1beta1 "k8s.io/api/extensions/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
extensionsv1beta1 "k8s.io/client-go/applyconfigurations/extensions/v1beta1"
testing "k8s.io/client-go/testing"
)
// FakePodSecurityPolicies implements PodSecurityPolicyInterface
type FakePodSecurityPolicies struct {
Fake *FakeExtensionsV1beta1
}
var podsecuritypoliciesResource = v1beta1.SchemeGroupVersion.WithResource("podsecuritypolicies")
var podsecuritypoliciesKind = v1beta1.SchemeGroupVersion.WithKind("PodSecurityPolicy")
// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
func (c *FakePodSecurityPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(podsecuritypoliciesResource, name), &v1beta1.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.PodSecurityPolicy), err
}
// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
func (c *FakePodSecurityPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PodSecurityPolicyList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(podsecuritypoliciesResource, podsecuritypoliciesKind, opts), &v1beta1.PodSecurityPolicyList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1beta1.PodSecurityPolicyList{ListMeta: obj.(*v1beta1.PodSecurityPolicyList).ListMeta}
for _, item := range obj.(*v1beta1.PodSecurityPolicyList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested podSecurityPolicies.
func (c *FakePodSecurityPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(podsecuritypoliciesResource, opts))
}
// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *FakePodSecurityPolicies) Create(ctx context.Context, podSecurityPolicy *v1beta1.PodSecurityPolicy, opts v1.CreateOptions) (result *v1beta1.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(podsecuritypoliciesResource, podSecurityPolicy), &v1beta1.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.PodSecurityPolicy), err
}
// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *FakePodSecurityPolicies) Update(ctx context.Context, podSecurityPolicy *v1beta1.PodSecurityPolicy, opts v1.UpdateOptions) (result *v1beta1.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(podsecuritypoliciesResource, podSecurityPolicy), &v1beta1.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.PodSecurityPolicy), err
}
// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs.
func (c *FakePodSecurityPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteActionWithOptions(podsecuritypoliciesResource, name, opts), &v1beta1.PodSecurityPolicy{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakePodSecurityPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(podsecuritypoliciesResource, listOpts)
_, err := c.Fake.Invokes(action, &v1beta1.PodSecurityPolicyList{})
return err
}
// Patch applies the patch and returns the patched podSecurityPolicy.
func (c *FakePodSecurityPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(podsecuritypoliciesResource, name, pt, data, subresources...), &v1beta1.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.PodSecurityPolicy), err
}
// Apply takes the given apply declarative configuration, applies it and returns the applied podSecurityPolicy.
func (c *FakePodSecurityPolicies) Apply(ctx context.Context, podSecurityPolicy *extensionsv1beta1.PodSecurityPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.PodSecurityPolicy, err error) {
if podSecurityPolicy == nil {
return nil, fmt.Errorf("podSecurityPolicy provided to Apply must not be nil")
}
data, err := json.Marshal(podSecurityPolicy)
if err != nil {
return nil, err
}
name := podSecurityPolicy.Name
if name == nil {
return nil, fmt.Errorf("podSecurityPolicy.Name must be provided to Apply")
}
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(podsecuritypoliciesResource, *name, types.ApplyPatchType, data), &v1beta1.PodSecurityPolicy{})
if obj == nil {
return nil, err
}
return obj.(*v1beta1.PodSecurityPolicy), err
}

2
staging/src/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/generated_expansion.go
View File

@ -24,6 +24,4 @@ type IngressExpansion interface{}
type NetworkPolicyExpansion interface{}
type PodSecurityPolicyExpansion interface{}
type ReplicaSetExpansion interface{}

197
staging/src/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/podsecuritypolicy.go
View File

@ -1,197 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1beta1
import (
"context"
json "encoding/json"
"fmt"
"time"
v1beta1 "k8s.io/api/extensions/v1beta1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
extensionsv1beta1 "k8s.io/client-go/applyconfigurations/extensions/v1beta1"
scheme "k8s.io/client-go/kubernetes/scheme"
rest "k8s.io/client-go/rest"
)
// PodSecurityPoliciesGetter has a method to return a PodSecurityPolicyInterface.
// A group's client should implement this interface.
type PodSecurityPoliciesGetter interface {
PodSecurityPolicies() PodSecurityPolicyInterface
}
// PodSecurityPolicyInterface has methods to work with PodSecurityPolicy resources.
type PodSecurityPolicyInterface interface {
Create(ctx context.Context, podSecurityPolicy *v1beta1.PodSecurityPolicy, opts v1.CreateOptions) (*v1beta1.PodSecurityPolicy, error)
Update(ctx context.Context, podSecurityPolicy *v1beta1.PodSecurityPolicy, opts v1.UpdateOptions) (*v1beta1.PodSecurityPolicy, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.PodSecurityPolicy, error)
List(ctx context.Context, opts v1.ListOptions) (*v1beta1.PodSecurityPolicyList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error)
Apply(ctx context.Context, podSecurityPolicy *extensionsv1beta1.PodSecurityPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.PodSecurityPolicy, err error)
PodSecurityPolicyExpansion
}
// podSecurityPolicies implements PodSecurityPolicyInterface
type podSecurityPolicies struct {
client rest.Interface
}
// newPodSecurityPolicies returns a PodSecurityPolicies
func newPodSecurityPolicies(c *ExtensionsV1beta1Client) *podSecurityPolicies {
return &podSecurityPolicies{
client: c.RESTClient(),
}
}
// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
func (c *podSecurityPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.PodSecurityPolicy, err error) {
result = &v1beta1.PodSecurityPolicy{}
err = c.client.Get().
Resource("podsecuritypolicies").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
func (c *podSecurityPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.PodSecurityPolicyList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1beta1.PodSecurityPolicyList{}
err = c.client.Get().
Resource("podsecuritypolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested podSecurityPolicies.
func (c *podSecurityPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Resource("podsecuritypolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *podSecurityPolicies) Create(ctx context.Context, podSecurityPolicy *v1beta1.PodSecurityPolicy, opts v1.CreateOptions) (result *v1beta1.PodSecurityPolicy, err error) {
result = &v1beta1.PodSecurityPolicy{}
err = c.client.Post().
Resource("podsecuritypolicies").
VersionedParams(&opts, scheme.ParameterCodec).
Body(podSecurityPolicy).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
func (c *podSecurityPolicies) Update(ctx context.Context, podSecurityPolicy *v1beta1.PodSecurityPolicy, opts v1.UpdateOptions) (result *v1beta1.PodSecurityPolicy, err error) {
result = &v1beta1.PodSecurityPolicy{}
err = c.client.Put().
Resource("podsecuritypolicies").
Name(podSecurityPolicy.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(podSecurityPolicy).
Do(ctx).
Into(result)
return
}
// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs.
func (c *podSecurityPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Resource("podsecuritypolicies").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *podSecurityPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Resource("podsecuritypolicies").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched podSecurityPolicy.
func (c *podSecurityPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error) {
result = &v1beta1.PodSecurityPolicy{}
err = c.client.Patch(pt).
Resource("podsecuritypolicies").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}
// Apply takes the given apply declarative configuration, applies it and returns the applied podSecurityPolicy.
func (c *podSecurityPolicies) Apply(ctx context.Context, podSecurityPolicy *extensionsv1beta1.PodSecurityPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.PodSecurityPolicy, err error) {
if podSecurityPolicy == nil {
return nil, fmt.Errorf("podSecurityPolicy provided to Apply must not be nil")
}
patchOpts := opts.ToPatchOptions()
data, err := json.Marshal(podSecurityPolicy)
if err != nil {
return nil, err
}
name := podSecurityPolicy.Name
if name == nil {
return nil, fmt.Errorf("podSecurityPolicy.Name must be provided to Apply")
}
result = &v1beta1.PodSecurityPolicy{}
err = c.client.Patch(types.ApplyPatchType).
Resource("podsecuritypolicies").
Name(*name).
VersionedParams(&patchOpts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

4
staging/src/k8s.io/client-go/listers/extensions/v1beta1/expansion_generated.go
View File

@ -41,7 +41,3 @@ type NetworkPolicyListerExpansion interface{}
// NetworkPolicyNamespaceListerExpansion allows custom methods to be added to
// NetworkPolicyNamespaceLister.
type NetworkPolicyNamespaceListerExpansion interface{}
// PodSecurityPolicyListerExpansion allows custom methods to be added to
// PodSecurityPolicyLister.
type PodSecurityPolicyListerExpansion interface{}

68
staging/src/k8s.io/client-go/listers/extensions/v1beta1/podsecuritypolicy.go
View File

@ -1,68 +0,0 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1beta1
import (
v1beta1 "k8s.io/api/extensions/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// PodSecurityPolicyLister helps list PodSecurityPolicies.
// All objects returned here must be treated as read-only.
type PodSecurityPolicyLister interface {
// List lists all PodSecurityPolicies in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error)
// Get retrieves the PodSecurityPolicy from the index for a given name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1beta1.PodSecurityPolicy, error)
PodSecurityPolicyListerExpansion
}
// podSecurityPolicyLister implements the PodSecurityPolicyLister interface.
type podSecurityPolicyLister struct {
indexer cache.Indexer
}
// NewPodSecurityPolicyLister returns a new PodSecurityPolicyLister.
func NewPodSecurityPolicyLister(indexer cache.Indexer) PodSecurityPolicyLister {
return &podSecurityPolicyLister{indexer: indexer}
}
// List lists all PodSecurityPolicies in the indexer.
func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1beta1.PodSecurityPolicy))
})
return ret, err
}
// Get retrieves the PodSecurityPolicy from the index for a given name.
func (s *podSecurityPolicyLister) Get(name string) (*v1beta1.PodSecurityPolicy, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1beta1.Resource("podsecuritypolicy"), name)
}
return obj.(*v1beta1.PodSecurityPolicy), nil
}

143
staging/src/k8s.io/kubectl/pkg/describe/describe.go
View File

@ -209,7 +209,6 @@ func describerMap(clientConfig *rest.Config) (map[schema.GroupKind]ResourceDescr
{Group: corev1.GroupName, Kind: "PriorityClass"}: &PriorityClassDescriber{c},
{Group: discoveryv1beta1.GroupName, Kind: "EndpointSlice"}: &EndpointSliceDescriber{c},
{Group: discoveryv1.GroupName, Kind: "EndpointSlice"}: &EndpointSliceDescriber{c},
{Group: policyv1beta1.GroupName, Kind: "PodSecurityPolicy"}: &PodSecurityPolicyDescriber{c},
{Group: autoscalingv2beta2.GroupName, Kind: "HorizontalPodAutoscaler"}: &HorizontalPodAutoscalerDescriber{c},
{Group: extensionsv1beta1.GroupName, Kind: "Ingress"}: &IngressDescriber{c},
{Group: networkingv1beta1.GroupName, Kind: "Ingress"}: &IngressDescriber{c},
@ -4890,84 +4889,6 @@ func describePriorityClass(pc *schedulingv1.PriorityClass, events *corev1.EventL
})
}
// PodSecurityPolicyDescriber generates information about a PodSecuritypolicyv1beta1.
type PodSecurityPolicyDescriber struct {
clientset.Interface
}
func (d *PodSecurityPolicyDescriber) Describe(namespace, name string, describerSettings DescriberSettings) (string, error) {
psp, err := d.PolicyV1beta1().PodSecurityPolicies().Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
return "", err
}
return describePodSecurityPolicy(psp)
}
func describePodSecurityPolicy(psp *policyv1beta1.PodSecurityPolicy) (string, error) {
return tabbedString(func(out io.Writer) error {
w := NewPrefixWriter(out)
w.Write(LEVEL_0, "Name:\t%s\n", psp.Name)
w.Write(LEVEL_0, "\nSettings:\n")
w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
if psp.Spec.AllowPrivilegeEscalation != nil {
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%t\n", *psp.Spec.AllowPrivilegeEscalation)
} else {
w.Write(LEVEL_1, "Allow Privilege Escalation:\t<unset>\n")
}
w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))
w.Write(LEVEL_1, "Allowed Volume Types:\t%s\n", fsTypeToString(psp.Spec.Volumes))
if len(psp.Spec.AllowedFlexVolumes) > 0 {
w.Write(LEVEL_1, "Allowed FlexVolume Types:\t%s\n", flexVolumesToString(psp.Spec.AllowedFlexVolumes))
}
if len(psp.Spec.AllowedCSIDrivers) > 0 {
w.Write(LEVEL_1, "Allowed CSI Drivers:\t%s\n", csiDriversToString(psp.Spec.AllowedCSIDrivers))
}
if len(psp.Spec.AllowedUnsafeSysctls) > 0 {
w.Write(LEVEL_1, "Allowed Unsafe Sysctls:\t%s\n", sysctlsToString(psp.Spec.AllowedUnsafeSysctls))
}
if len(psp.Spec.ForbiddenSysctls) > 0 {
w.Write(LEVEL_1, "Forbidden Sysctls:\t%s\n", sysctlsToString(psp.Spec.ForbiddenSysctls))
}
w.Write(LEVEL_1, "Allow Host Network:\t%t\n", psp.Spec.HostNetwork)
w.Write(LEVEL_1, "Allow Host Ports:\t%s\n", hostPortRangeToString(psp.Spec.HostPorts))
w.Write(LEVEL_1, "Allow Host PID:\t%t\n", psp.Spec.HostPID)
w.Write(LEVEL_1, "Allow Host IPC:\t%t\n", psp.Spec.HostIPC)
w.Write(LEVEL_1, "Read Only Root Filesystem:\t%v\n", psp.Spec.ReadOnlyRootFilesystem)
w.Write(LEVEL_1, "SELinux Context Strategy: %s\t\n", string(psp.Spec.SELinux.Rule))
var user, role, seLinuxType, level string
if psp.Spec.SELinux.SELinuxOptions != nil {
user = psp.Spec.SELinux.SELinuxOptions.User
role = psp.Spec.SELinux.SELinuxOptions.Role
seLinuxType = psp.Spec.SELinux.SELinuxOptions.Type
level = psp.Spec.SELinux.SELinuxOptions.Level
}
w.Write(LEVEL_2, "User:\t%s\n", stringOrNone(user))
w.Write(LEVEL_2, "Role:\t%s\n", stringOrNone(role))
w.Write(LEVEL_2, "Type:\t%s\n", stringOrNone(seLinuxType))
w.Write(LEVEL_2, "Level:\t%s\n", stringOrNone(level))
w.Write(LEVEL_1, "Run As User Strategy: %s\t\n", string(psp.Spec.RunAsUser.Rule))
w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.RunAsUser.Ranges))
w.Write(LEVEL_1, "FSGroup Strategy: %s\t\n", string(psp.Spec.FSGroup.Rule))
w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.FSGroup.Ranges))
w.Write(LEVEL_1, "Supplemental Groups Strategy: %s\t\n", string(psp.Spec.SupplementalGroups.Rule))
w.Write(LEVEL_2, "Ranges:\t%s\n", idRangeToString(psp.Spec.SupplementalGroups.Ranges))
return nil
})
}
func stringOrNone(s string) string {
return stringOrDefaultValue(s, "<none>")
}
@ -4979,70 +4900,6 @@ func stringOrDefaultValue(s, defaultValue string) string {
return defaultValue
}
func fsTypeToString(volumes []policyv1beta1.FSType) string {
strVolumes := []string{}
for _, v := range volumes {
strVolumes = append(strVolumes, string(v))
}
return stringOrNone(strings.Join(strVolumes, ","))
}
func flexVolumesToString(flexVolumes []policyv1beta1.AllowedFlexVolume) string {
volumes := []string{}
for _, flexVolume := range flexVolumes {
volumes = append(volumes, "driver="+flexVolume.Driver)
}
return stringOrDefaultValue(strings.Join(volumes, ","), "<all>")
}
func csiDriversToString(csiDrivers []policyv1beta1.AllowedCSIDriver) string {
drivers := []string{}
for _, csiDriver := range csiDrivers {
drivers = append(drivers, "driver="+csiDriver.Name)
}
return stringOrDefaultValue(strings.Join(drivers, ","), "<all>")
}
func sysctlsToString(sysctls []string) string {
return stringOrNone(strings.Join(sysctls, ","))
}
func hostPortRangeToString(ranges []policyv1beta1.HostPortRange) string {
formattedString := ""
if ranges != nil {
strRanges := []string{}
for _, r := range ranges {
strRanges = append(strRanges, fmt.Sprintf("%d-%d", r.Min, r.Max))
}
formattedString = strings.Join(strRanges, ",")
}
return stringOrNone(formattedString)
}
func idRangeToString(ranges []policyv1beta1.IDRange) string {
formattedString := ""
if ranges != nil {
strRanges := []string{}
for _, r := range ranges {
strRanges = append(strRanges, fmt.Sprintf("%d-%d", r.Min, r.Max))
}
formattedString = strings.Join(strRanges, ",")
}
return stringOrNone(formattedString)
}
func capsToString(caps []corev1.Capability) string {
formattedString := ""
if caps != nil {
strCaps := []string{}
for _, c := range caps {
strCaps = append(strCaps, string(c))
}
formattedString = strings.Join(strCaps, ",")
}
return stringOrNone(formattedString)
}
func policyTypesToString(pts []networkingv1.PolicyType) string {
formattedString := ""
if pts != nil {

65
staging/src/k8s.io/kubectl/pkg/describe/describe_test.go
View File

@ -20,7 +20,6 @@ import (
"bytes"
"fmt"
"reflect"
"regexp"
"strings"
"testing"
"time"
@ -4696,70 +4695,6 @@ URL: http://localhost
}
}
func TestDescribePodSecurityPolicy(t *testing.T) {
expected := []string{
"Name:\\s*mypsp",
"Allow Privileged:\\s*false",
"Allow Privilege Escalation:\\s*false",
"Default Add Capabilities:\\s*<none>",
"Required Drop Capabilities:\\s*<none>",
"Allowed Capabilities:\\s*<none>",
"Allowed Volume Types:\\s*<none>",
"Allowed Unsafe Sysctls:\\s*kernel\\.\\*,net\\.ipv4.ip_local_port_range",
"Forbidden Sysctls:\\s*net\\.ipv4\\.ip_default_ttl",
"Allow Host Network:\\s*false",
"Allow Host Ports:\\s*<none>",
"Allow Host PID:\\s*false",
"Allow Host IPC:\\s*false",
"Read Only Root Filesystem:\\s*false",
"SELinux Context Strategy: RunAsAny",
"User:\\s*<none>",
"Role:\\s*<none>",
"Type:\\s*<none>",
"Level:\\s*<none>",
"Run As User Strategy: RunAsAny",
"FSGroup Strategy: RunAsAny",
"Supplemental Groups Strategy: RunAsAny",
}
falseVal := false
fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "mypsp",
},
Spec: policyv1beta1.PodSecurityPolicySpec{
AllowPrivilegeEscalation: &falseVal,
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
SELinux: policyv1beta1.SELinuxStrategyOptions{
Rule: policyv1beta1.SELinuxStrategyRunAsAny,
},
RunAsUser: policyv1beta1.RunAsUserStrategyOptions{
Rule: policyv1beta1.RunAsUserStrategyRunAsAny,
},
FSGroup: policyv1beta1.FSGroupStrategyOptions{
Rule: policyv1beta1.FSGroupStrategyRunAsAny,
},
SupplementalGroups: policyv1beta1.SupplementalGroupsStrategyOptions{
Rule: policyv1beta1.SupplementalGroupsStrategyRunAsAny,
},
},
})
c := &describeClient{T: t, Namespace: "", Interface: fake}
d := PodSecurityPolicyDescriber{c}
out, err := d.Describe("", "mypsp", DescriberSettings{})
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
for _, item := range expected {
if matched, _ := regexp.MatchString(item, out); !matched {
t.Errorf("Expected to find %q in: %q", item, out)
}
}
}
func TestDescribeResourceQuota(t *testing.T) {
fake := fake.NewSimpleClientset(&corev1.ResourceQuota{
ObjectMeta: metav1.ObjectMeta{

1177
staging/src/k8s.io/kubectl/testdata/openapi/swagger.json vendored
View File

File diff suppressed because it is too large Load Diff

3
test/e2e/framework/.import-restrictions
View File

@ -193,9 +193,6 @@ rules:
- k8s.io/kubernetes/pkg/scheduler/profile
- k8s.io/kubernetes/pkg/scheduler/testing
- k8s.io/kubernetes/pkg/security/apparmor
- k8s.io/kubernetes/pkg/security/podsecuritypolicy/seccomp
- k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl
- k8s.io/kubernetes/pkg/security/podsecuritypolicy/util
- k8s.io/kubernetes/pkg/securitycontext
- k8s.io/kubernetes/pkg/serviceaccount
- k8s.io/kubernetes/pkg/util/async

4
test/integration/etcd/data.go
View File

@ -254,10 +254,6 @@ func GetEtcdStorageDataForNamespace(namespace string) map[schema.GroupVersionRes
Stub: `{"metadata": {"name": "pdb1"}, "spec": {"selector": {"matchLabels": {"anokkey": "anokvalue"}}}}`,
ExpectedEtcdPath: "/registry/poddisruptionbudgets/" + namespace + "/pdb1",
},
gvr("policy", "v1beta1", "podsecuritypolicies"): {
Stub: `{"metadata": {"name": "psp2"}, "spec": {"fsGroup": {"rule": "RunAsAny"}, "privileged": true, "runAsUser": {"rule": "RunAsAny"}, "seLinux": {"rule": "MustRunAs"}, "supplementalGroups": {"rule": "RunAsAny"}}}`,
ExpectedEtcdPath: "/registry/podsecuritypolicy/psp2",
},
// --
// k8s.io/kubernetes/pkg/apis/storage/v1alpha1