Update autogenerated files
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos
parent
b1eaf6a2d9
commit
8dc98c9b8e
6
api/openapi-spec/swagger.json
generated
6
api/openapi-spec/swagger.json
generated
@ -7824,6 +7824,10 @@
|
||||
"description": "Use the host's pid namespace. Optional: Default to false.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostUsers": {
|
||||
"description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostname": {
|
||||
"description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.",
|
||||
"type": "string"
|
||||
@ -7860,7 +7864,7 @@
|
||||
},
|
||||
"os": {
|
||||
"$ref": "#/definitions/io.k8s.api.core.v1.PodOS",
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
},
|
||||
"overhead": {
|
||||
"additionalProperties": {
|
||||
|
||||
@ -5032,6 +5032,10 @@
|
||||
"description": "Use the host's pid namespace. Optional: Default to false.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostUsers": {
|
||||
"description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostname": {
|
||||
"description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.",
|
||||
"type": "string"
|
||||
@ -5083,7 +5087,7 @@
|
||||
"$ref": "#/components/schemas/io.k8s.api.core.v1.PodOS"
|
||||
}
|
||||
],
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
},
|
||||
"overhead": {
|
||||
"additionalProperties": {
|
||||
|
||||
@ -3455,6 +3455,10 @@
|
||||
"description": "Use the host's pid namespace. Optional: Default to false.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostUsers": {
|
||||
"description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostname": {
|
||||
"description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.",
|
||||
"type": "string"
|
||||
@ -3506,7 +3510,7 @@
|
||||
"$ref": "#/components/schemas/io.k8s.api.core.v1.PodOS"
|
||||
}
|
||||
],
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
},
|
||||
"overhead": {
|
||||
"additionalProperties": {
|
||||
|
||||
@ -2534,6 +2534,10 @@
|
||||
"description": "Use the host's pid namespace. Optional: Default to false.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostUsers": {
|
||||
"description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"hostname": {
|
||||
"description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.",
|
||||
"type": "string"
|
||||
@ -2585,7 +2589,7 @@
|
||||
"$ref": "#/components/schemas/io.k8s.api.core.v1.PodOS"
|
||||
}
|
||||
],
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
"description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
|
||||
},
|
||||
"overhead": {
|
||||
"additionalProperties": {
|
||||
|
||||
2
pkg/apis/core/v1/zz_generated.conversion.go
generated
2
pkg/apis/core/v1/zz_generated.conversion.go
generated
@ -6093,6 +6093,7 @@ func autoConvert_core_PodSecurityContext_To_v1_PodSecurityContext(in *core.PodSe
|
||||
// INFO: in.HostPID opted out of conversion generation
|
||||
// INFO: in.HostIPC opted out of conversion generation
|
||||
// INFO: in.ShareProcessNamespace opted out of conversion generation
|
||||
// INFO: in.HostUsers opted out of conversion generation
|
||||
out.SELinuxOptions = (*v1.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
|
||||
out.WindowsOptions = (*v1.WindowsSecurityContextOptions)(unsafe.Pointer(in.WindowsOptions))
|
||||
out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
|
||||
@ -6186,6 +6187,7 @@ func autoConvert_v1_PodSpec_To_core_PodSpec(in *v1.PodSpec, out *core.PodSpec, s
|
||||
out.TopologySpreadConstraints = *(*[]core.TopologySpreadConstraint)(unsafe.Pointer(&in.TopologySpreadConstraints))
|
||||
out.SetHostnameAsFQDN = (*bool)(unsafe.Pointer(in.SetHostnameAsFQDN))
|
||||
out.OS = (*core.PodOS)(unsafe.Pointer(in.OS))
|
||||
// INFO: in.HostUsers opted out of conversion generation
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
5
pkg/apis/core/zz_generated.deepcopy.go
generated
5
pkg/apis/core/zz_generated.deepcopy.go
generated
@ -3736,6 +3736,11 @@ func (in *PodSecurityContext) DeepCopyInto(out *PodSecurityContext) {
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.HostUsers != nil {
|
||||
in, out := &in.HostUsers, &out.HostUsers
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.SELinuxOptions != nil {
|
||||
in, out := &in.SELinuxOptions, &out.SELinuxOptions
|
||||
*out = new(SELinuxOptions)
|
||||
|
||||
9
pkg/generated/openapi/zz_generated.openapi.go
generated
9
pkg/generated/openapi/zz_generated.openapi.go
generated
@ -22196,10 +22196,17 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA
|
||||
},
|
||||
"os": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup",
|
||||
Description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup",
|
||||
Ref: ref("k8s.io/api/core/v1.PodOS"),
|
||||
},
|
||||
},
|
||||
"hostUsers": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
Required: []string{"containers"},
|
||||
},
|
||||
|
||||
1828
staging/src/k8s.io/api/core/v1/generated.pb.go
generated
1828
staging/src/k8s.io/api/core/v1/generated.pb.go
generated
File diff suppressed because it is too large
Load Diff
@ -3712,6 +3712,7 @@ message PodSpec {
|
||||
// If the OS field is set to windows, following fields must be unset:
|
||||
// - spec.hostPID
|
||||
// - spec.hostIPC
|
||||
// - spec.hostUsers
|
||||
// - spec.securityContext.seLinuxOptions
|
||||
// - spec.securityContext.seccompProfile
|
||||
// - spec.securityContext.fsGroup
|
||||
@ -3732,6 +3733,19 @@ message PodSpec {
|
||||
// - spec.containers[*].securityContext.runAsGroup
|
||||
// +optional
|
||||
optional PodOS os = 36;
|
||||
|
||||
// Use the host's user namespace.
|
||||
// Optional: Default to true.
|
||||
// If set to true or not present, the pod will be run in the host user namespace, useful
|
||||
// for when the pod needs a feature only available to the host user namespace, such as
|
||||
// loading a kernel module with CAP_SYS_MODULE.
|
||||
// When set to false, a new userns is created for the pod. Setting false is useful for
|
||||
// mitigating container breakout vulnerabilities even allowing users to run their
|
||||
// containers as root without actually having root privileges on the host.
|
||||
// This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
|
||||
// +k8s:conversion-gen=false
|
||||
// +optional
|
||||
optional bool hostUsers = 37;
|
||||
}
|
||||
|
||||
// PodStatus represents information about the status of a pod. Status may trail the actual
|
||||
|
||||
@ -1670,7 +1670,8 @@ var map_PodSpec = map[string]string{
|
||||
"overhead": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md",
|
||||
"topologySpreadConstraints": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.",
|
||||
"setHostnameAsFQDN": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.",
|
||||
"os": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup",
|
||||
"os": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup",
|
||||
"hostUsers": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.",
|
||||
}
|
||||
|
||||
func (PodSpec) SwaggerDoc() map[string]string {
|
||||
|
||||
@ -3954,6 +3954,11 @@ func (in *PodSpec) DeepCopyInto(out *PodSpec) {
|
||||
*out = new(PodOS)
|
||||
**out = **in
|
||||
}
|
||||
if in.HostUsers != nil {
|
||||
in, out := &in.HostUsers, &out.HostUsers
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@ -1625,7 +1625,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"updateStrategy": {
|
||||
|
||||
Binary file not shown.
@ -592,6 +592,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"strategy": {
|
||||
|
||||
Binary file not shown.
@ -600,6 +600,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1627,7 +1627,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
Binary file not shown.
@ -592,6 +592,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"volumeClaimTemplates": [
|
||||
|
||||
Binary file not shown.
@ -598,6 +598,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"strategy": {
|
||||
|
||||
Binary file not shown.
@ -602,6 +602,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"volumeClaimTemplates": [
|
||||
|
||||
Binary file not shown.
@ -598,6 +598,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1625,7 +1625,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"updateStrategy": {
|
||||
|
||||
Binary file not shown.
@ -592,6 +592,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"strategy": {
|
||||
|
||||
Binary file not shown.
@ -600,6 +600,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1627,7 +1627,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
Binary file not shown.
@ -592,6 +592,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"volumeClaimTemplates": [
|
||||
|
||||
Binary file not shown.
@ -598,6 +598,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1679,7 +1679,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"ttlSecondsAfterFinished": 8,
|
||||
|
||||
Binary file not shown.
@ -633,6 +633,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1630,7 +1630,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"ttlSecondsAfterFinished": 8,
|
||||
|
||||
BIN
staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.pb
vendored
BIN
staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.pb
vendored
Binary file not shown.
@ -597,6 +597,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1679,7 +1679,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"ttlSecondsAfterFinished": 8,
|
||||
|
||||
Binary file not shown.
@ -633,6 +633,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1673,7 +1673,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"ttlSecondsAfterFinished": 8,
|
||||
|
||||
Binary file not shown.
@ -630,6 +630,7 @@ template:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1567,7 +1567,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
},
|
||||
"status": {
|
||||
"phase": "phaseValue",
|
||||
|
||||
BIN
staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.pb
vendored
BIN
staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.pb
vendored
Binary file not shown.
@ -548,6 +548,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1610,7 +1610,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
}
|
||||
}
|
||||
Binary file not shown.
@ -581,6 +581,7 @@ template:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1616,7 +1616,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
Binary file not shown.
@ -586,6 +586,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1625,7 +1625,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"updateStrategy": {
|
||||
|
||||
Binary file not shown.
@ -592,6 +592,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1626,7 +1626,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
},
|
||||
"strategy": {
|
||||
|
||||
Binary file not shown.
@ -602,6 +602,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -1627,7 +1627,8 @@
|
||||
"setHostnameAsFQDN": true,
|
||||
"os": {
|
||||
"name": "nameValue"
|
||||
}
|
||||
},
|
||||
"hostUsers": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
Binary file not shown.
@ -592,6 +592,7 @@ spec:
|
||||
hostIPC: true
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
hostUsers: true
|
||||
hostname: hostnameValue
|
||||
imagePullSecrets:
|
||||
- name: nameValue
|
||||
|
||||
@ -41,7 +41,6 @@ type PodSpecApplyConfiguration struct {
|
||||
HostNetwork *bool `json:"hostNetwork,omitempty"`
|
||||
HostPID *bool `json:"hostPID,omitempty"`
|
||||
HostIPC *bool `json:"hostIPC,omitempty"`
|
||||
HostUsers *bool `json:"hostUsers,omitempty"`
|
||||
ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty"`
|
||||
SecurityContext *PodSecurityContextApplyConfiguration `json:"securityContext,omitempty"`
|
||||
ImagePullSecrets []LocalObjectReferenceApplyConfiguration `json:"imagePullSecrets,omitempty"`
|
||||
@ -62,6 +61,7 @@ type PodSpecApplyConfiguration struct {
|
||||
TopologySpreadConstraints []TopologySpreadConstraintApplyConfiguration `json:"topologySpreadConstraints,omitempty"`
|
||||
SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty"`
|
||||
OS *PodOSApplyConfiguration `json:"os,omitempty"`
|
||||
HostUsers *bool `json:"hostUsers,omitempty"`
|
||||
}
|
||||
|
||||
// PodSpecApplyConfiguration constructs an declarative configuration of the PodSpec type for use with
|
||||
@ -208,14 +208,6 @@ func (b *PodSpecApplyConfiguration) WithHostNetwork(value bool) *PodSpecApplyCon
|
||||
return b
|
||||
}
|
||||
|
||||
// WithHostUsers sets the HostUsers field in the declarative configuration to the given value
|
||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||
// If called multiple times, the HostUsers field is set to the value of the last call.
|
||||
func (b *PodSpecApplyConfiguration) WithHostUsers(value *bool) *PodSpecApplyConfiguration {
|
||||
b.HostUsers = value
|
||||
return b
|
||||
}
|
||||
|
||||
// WithHostPID sets the HostPID field in the declarative configuration to the given value
|
||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||
// If called multiple times, the HostPID field is set to the value of the last call.
|
||||
@ -416,3 +408,11 @@ func (b *PodSpecApplyConfiguration) WithOS(value *PodOSApplyConfiguration) *PodS
|
||||
b.OS = value
|
||||
return b
|
||||
}
|
||||
|
||||
// WithHostUsers sets the HostUsers field in the declarative configuration to the given value
|
||||
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
||||
// If called multiple times, the HostUsers field is set to the value of the last call.
|
||||
func (b *PodSpecApplyConfiguration) WithHostUsers(value bool) *PodSpecApplyConfiguration {
|
||||
b.HostUsers = &value
|
||||
return b
|
||||
}
|
||||
|
||||
@ -5762,6 +5762,9 @@ var schemaYAML = typed.YAMLObject(`types:
|
||||
- name: hostPID
|
||||
type:
|
||||
scalar: boolean
|
||||
- name: hostUsers
|
||||
type:
|
||||
scalar: boolean
|
||||
- name: hostname
|
||||
type:
|
||||
scalar: string
|
||||
|
||||
Loading…
Reference in New Issue
Block a user