v1.PodSecurityPolicySubjectReview

You are viewing documentation for a release that is no longer supported. The latest supported version of version 3 is [3.11]. For the most recent version 4, see [4]

You are viewing documentation for a release that is no longer supported. The latest supported version of version 3 is [3.11]. For the most recent version 4, see [4]

Description

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.

Object Schema

Expand or mouse-over a field for more information about it.

  1. apiVersion:
  2. kind:
  3. spec:
  4. groups:
  5. - [string]:
  6. template:
  7. metadata:
  8. annotations:
  9. [string]:
  10. clusterName:
  11. creationTimestamp:
  12. deletionGracePeriodSeconds:
  13. deletionTimestamp:
  14. finalizers:
  15. - [string]:
  16. generateName:
  17. generation:
  18. initializers:
  19. pending:
  20. - name:
  21. result:
  22. apiVersion:
  23. code:
  24. details:
  25. causes:
  26. - field:
  27. message:
  28. reason:
  29. group:
  30. kind:
  31. name:
  32. retryAfterSeconds:
  33. uid:
  34. kind:
  35. message:
  36. metadata:
  37. resourceVersion:
  38. selfLink:
  39. reason:
  40. status:
  41. labels:
  42. [string]:
  43. name:
  44. namespace:
  45. ownerReferences:
  46. - apiVersion:
  47. blockOwnerDeletion:
  48. controller:
  49. kind:
  50. name:
  51. uid:
  52. resourceVersion:
  53. selfLink:
  54. uid:
  55. spec:
  56. activeDeadlineSeconds:
  57. affinity:
  58. nodeAffinity:
  59. preferredDuringSchedulingIgnoredDuringExecution:
  60. - preference:
  61. - matchExpressions:
  62. - - key:
  63. operator:
  64. values:
  65. - [string]:
  66. weight:
  67. requiredDuringSchedulingIgnoredDuringExecution:
  68. nodeSelectorTerms:
  69. - matchExpressions:
  70. - - key:
  71. operator:
  72. values:
  73. - [string]:
  74. podAffinity:
  75. preferredDuringSchedulingIgnoredDuringExecution:
  76. - podAffinityTerm:
  77. - labelSelector:
  78. - matchExpressions:
  79. - - key:
  80. operator:
  81. values:
  82. - [string]:
  83. matchLabels:
  84. [string]:
  85. namespaces:
  86. - [string]:
  87. topologyKey:
  88. weight:
  89. requiredDuringSchedulingIgnoredDuringExecution:
  90. - labelSelector:
  91. - matchExpressions:
  92. - - key:
  93. operator:
  94. values:
  95. - [string]:
  96. matchLabels:
  97. [string]:
  98. namespaces:
  99. - [string]:
  100. topologyKey:
  101. podAntiAffinity:
  102. preferredDuringSchedulingIgnoredDuringExecution:
  103. - podAffinityTerm:
  104. - labelSelector:
  105. - matchExpressions:
  106. - - key:
  107. operator:
  108. values:
  109. - [string]:
  110. matchLabels:
  111. [string]:
  112. namespaces:
  113. - [string]:
  114. topologyKey:
  115. weight:
  116. requiredDuringSchedulingIgnoredDuringExecution:
  117. - labelSelector:
  118. - matchExpressions:
  119. - - key:
  120. operator:
  121. values:
  122. - [string]:
  123. matchLabels:
  124. [string]:
  125. namespaces:
  126. - [string]:
  127. topologyKey:
  128. automountServiceAccountToken:
  129. containers:
  130. - args:
  131. - - [string]:
  132. command:
  133. - [string]:
  134. env:
  135. - name:
  136. value:
  137. valueFrom:
  138. configMapKeyRef:
  139. key:
  140. name:
  141. optional:
  142. fieldRef:
  143. apiVersion:
  144. fieldPath:
  145. resourceFieldRef:
  146. containerName:
  147. divisor:
  148. resource:
  149. secretKeyRef:
  150. key:
  151. name:
  152. optional:
  153. envFrom:
  154. - configMapRef:
  155. - name:
  156. optional:
  157. prefix:
  158. secretRef:
  159. name:
  160. optional:
  161. image:
  162. imagePullPolicy:
  163. lifecycle:
  164. postStart:
  165. exec:
  166. command:
  167. - [string]:
  168. httpGet:
  169. host:
  170. httpHeaders:
  171. - name:
  172. value:
  173. path:
  174. port:
  175. scheme:
  176. tcpSocket:
  177. host:
  178. port:
  179. preStop:
  180. exec:
  181. command:
  182. - [string]:
  183. httpGet:
  184. host:
  185. httpHeaders:
  186. - name:
  187. value:
  188. path:
  189. port:
  190. scheme:
  191. tcpSocket:
  192. host:
  193. port:
  194. livenessProbe:
  195. exec:
  196. command:
  197. - [string]:
  198. failureThreshold:
  199. httpGet:
  200. host:
  201. httpHeaders:
  202. - name:
  203. value:
  204. path:
  205. port:
  206. scheme:
  207. initialDelaySeconds:
  208. periodSeconds:
  209. successThreshold:
  210. tcpSocket:
  211. host:
  212. port:
  213. timeoutSeconds:
  214. name:
  215. ports:
  216. - containerPort:
  217. hostIP:
  218. hostPort:
  219. name:
  220. protocol:
  221. readinessProbe:
  222. exec:
  223. command:
  224. - [string]:
  225. failureThreshold:
  226. httpGet:
  227. host:
  228. httpHeaders:
  229. - name:
  230. value:
  231. path:
  232. port:
  233. scheme:
  234. initialDelaySeconds:
  235. periodSeconds:
  236. successThreshold:
  237. tcpSocket:
  238. host:
  239. port:
  240. timeoutSeconds:
  241. resources:
  242. limits:
  243. [string]:
  244. requests:
  245. [string]:
  246. securityContext:
  247. capabilities:
  248. add:
  249. - [string]:
  250. drop:
  251. - [string]:
  252. privileged:
  253. readOnlyRootFilesystem:
  254. runAsNonRoot:
  255. runAsUser:
  256. seLinuxOptions:
  257. level:
  258. role:
  259. type:
  260. user:
  261. stdin:
  262. stdinOnce:
  263. terminationMessagePath:
  264. terminationMessagePolicy:
  265. tty:
  266. volumeMounts:
  267. - mountPath:
  268. name:
  269. readOnly:
  270. subPath:
  271. workingDir:
  272. dnsPolicy:
  273. hostAliases:
  274. - hostnames:
  275. - - [string]:
  276. ip:
  277. hostIPC:
  278. hostNetwork:
  279. hostPID:
  280. hostname:
  281. imagePullSecrets:
  282. - name:
  283. initContainers:
  284. - args:
  285. - - [string]:
  286. command:
  287. - [string]:
  288. env:
  289. - name:
  290. value:
  291. valueFrom:
  292. configMapKeyRef:
  293. key:
  294. name:
  295. optional:
  296. fieldRef:
  297. apiVersion:
  298. fieldPath:
  299. resourceFieldRef:
  300. containerName:
  301. divisor:
  302. resource:
  303. secretKeyRef:
  304. key:
  305. name:
  306. optional:
  307. envFrom:
  308. - configMapRef:
  309. - name:
  310. optional:
  311. prefix:
  312. secretRef:
  313. name:
  314. optional:
  315. image:
  316. imagePullPolicy:
  317. lifecycle:
  318. postStart:
  319. exec:
  320. command:
  321. - [string]:
  322. httpGet:
  323. host:
  324. httpHeaders:
  325. - name:
  326. value:
  327. path:
  328. port:
  329. scheme:
  330. tcpSocket:
  331. host:
  332. port:
  333. preStop:
  334. exec:
  335. command:
  336. - [string]:
  337. httpGet:
  338. host:
  339. httpHeaders:
  340. - name:
  341. value:
  342. path:
  343. port:
  344. scheme:
  345. tcpSocket:
  346. host:
  347. port:
  348. livenessProbe:
  349. exec:
  350. command:
  351. - [string]:
  352. failureThreshold:
  353. httpGet:
  354. host:
  355. httpHeaders:
  356. - name:
  357. value:
  358. path:
  359. port:
  360. scheme:
  361. initialDelaySeconds:
  362. periodSeconds:
  363. successThreshold:
  364. tcpSocket:
  365. host:
  366. port:
  367. timeoutSeconds:
  368. name:
  369. ports:
  370. - containerPort:
  371. hostIP:
  372. hostPort:
  373. name:
  374. protocol:
  375. readinessProbe:
  376. exec:
  377. command:
  378. - [string]:
  379. failureThreshold:
  380. httpGet:
  381. host:
  382. httpHeaders:
  383. - name:
  384. value:
  385. path:
  386. port:
  387. scheme:
  388. initialDelaySeconds:
  389. periodSeconds:
  390. successThreshold:
  391. tcpSocket:
  392. host:
  393. port:
  394. timeoutSeconds:
  395. resources:
  396. limits:
  397. [string]:
  398. requests:
  399. [string]:
  400. securityContext:
  401. capabilities:
  402. add:
  403. - [string]:
  404. drop:
  405. - [string]:
  406. privileged:
  407. readOnlyRootFilesystem:
  408. runAsNonRoot:
  409. runAsUser:
  410. seLinuxOptions:
  411. level:
  412. role:
  413. type:
  414. user:
  415. stdin:
  416. stdinOnce:
  417. terminationMessagePath:
  418. terminationMessagePolicy:
  419. tty:
  420. volumeMounts:
  421. - mountPath:
  422. name:
  423. readOnly:
  424. subPath:
  425. workingDir:
  426. nodeName:
  427. nodeSelector:
  428. [string]:
  429. restartPolicy:
  430. schedulerName:
  431. securityContext:
  432. fsGroup:
  433. runAsNonRoot:
  434. runAsUser:
  435. seLinuxOptions:
  436. level:
  437. role:
  438. type:
  439. user:
  440. supplementalGroups:
  441. - [integer]:
  442. serviceAccount:
  443. serviceAccountName:
  444. subdomain:
  445. terminationGracePeriodSeconds:
  446. tolerations:
  447. - effect:
  448. key:
  449. operator:
  450. tolerationSeconds:
  451. value:
  452. volumes:
  453. - awsElasticBlockStore:
  454. - fsType:
  455. partition:
  456. readOnly:
  457. volumeID:
  458. azureDisk:
  459. cachingMode:
  460. diskName:
  461. diskURI:
  462. fsType:
  463. kind:
  464. readOnly:
  465. azureFile:
  466. readOnly:
  467. secretName:
  468. shareName:
  469. cephfs:
  470. monitors:
  471. - [string]:
  472. path:
  473. readOnly:
  474. secretFile:
  475. secretRef:
  476. name:
  477. user:
  478. cinder:
  479. fsType:
  480. readOnly:
  481. volumeID:
  482. configMap:
  483. defaultMode:
  484. items:
  485. - key:
  486. mode:
  487. path:
  488. name:
  489. optional:
  490. downwardAPI:
  491. defaultMode:
  492. items:
  493. - fieldRef:
  494. - apiVersion:
  495. fieldPath:
  496. mode:
  497. path:
  498. resourceFieldRef:
  499. containerName:
  500. divisor:
  501. resource:
  502. emptyDir:
  503. medium:
  504. sizeLimit:
  505. fc:
  506. fsType:
  507. lun:
  508. readOnly:
  509. targetWWNs:
  510. - [string]:
  511. flexVolume:
  512. driver:
  513. fsType:
  514. options:
  515. [string]:
  516. readOnly:
  517. secretRef:
  518. name:
  519. flocker:
  520. datasetName:
  521. datasetUUID:
  522. gcePersistentDisk:
  523. fsType:
  524. partition:
  525. pdName:
  526. readOnly:
  527. gitRepo:
  528. directory:
  529. repository:
  530. revision:
  531. glusterfs:
  532. endpoints:
  533. path:
  534. readOnly:
  535. hostPath:
  536. path:
  537. iscsi:
  538. chapAuthDiscovery:
  539. chapAuthSession:
  540. fsType:
  541. iqn:
  542. iscsiInterface:
  543. lun:
  544. portals:
  545. - [string]:
  546. readOnly:
  547. secretRef:
  548. name:
  549. targetPortal:
  550. name:
  551. nfs:
  552. path:
  553. readOnly:
  554. server:
  555. persistentVolumeClaim:
  556. claimName:
  557. readOnly:
  558. photonPersistentDisk:
  559. fsType:
  560. pdID:
  561. portworxVolume:
  562. fsType:
  563. readOnly:
  564. volumeID:
  565. projected:
  566. defaultMode:
  567. sources:
  568. - configMap:
  569. - items:
  570. - - key:
  571. mode:
  572. path:
  573. name:
  574. optional:
  575. downwardAPI:
  576. items:
  577. - fieldRef:
  578. - apiVersion:
  579. fieldPath:
  580. mode:
  581. path:
  582. resourceFieldRef:
  583. containerName:
  584. divisor:
  585. resource:
  586. secret:
  587. items:
  588. - key:
  589. mode:
  590. path:
  591. name:
  592. optional:
  593. quobyte:
  594. group:
  595. readOnly:
  596. registry:
  597. user:
  598. volume:
  599. rbd:
  600. fsType:
  601. image:
  602. keyring:
  603. monitors:
  604. - [string]:
  605. pool:
  606. readOnly:
  607. secretRef:
  608. name:
  609. user:
  610. scaleIO:
  611. fsType:
  612. gateway:
  613. protectionDomain:
  614. readOnly:
  615. secretRef:
  616. name:
  617. sslEnabled:
  618. storageMode:
  619. storagePool:
  620. system:
  621. volumeName:
  622. secret:
  623. defaultMode:
  624. items:
  625. - key:
  626. mode:
  627. path:
  628. optional:
  629. secretName:
  630. storageos:
  631. fsType:
  632. readOnly:
  633. secretRef:
  634. name:
  635. volumeName:
  636. volumeNamespace:
  637. vsphereVolume:
  638. fsType:
  639. storagePolicyID:
  640. storagePolicyName:
  641. volumePath:
  642. user:
  643. status:
  644. allowedBy:
  645. apiVersion:
  646. fieldPath:
  647. kind:
  648. name:
  649. namespace:
  650. resourceVersion:
  651. uid:
  652. reason:
  653. template:
  654. metadata:
  655. annotations:
  656. [string]:
  657. clusterName:
  658. creationTimestamp:
  659. deletionGracePeriodSeconds:
  660. deletionTimestamp:
  661. finalizers:
  662. - [string]:
  663. generateName:
  664. generation:
  665. initializers:
  666. pending:
  667. - name:
  668. result:
  669. apiVersion:
  670. code:
  671. details:
  672. causes:
  673. - field:
  674. message:
  675. reason:
  676. group:
  677. kind:
  678. name:
  679. retryAfterSeconds:
  680. uid:
  681. kind:
  682. message:
  683. metadata:
  684. resourceVersion:
  685. selfLink:
  686. reason:
  687. status:
  688. labels:
  689. [string]:
  690. name:
  691. namespace:
  692. ownerReferences:
  693. - apiVersion:
  694. blockOwnerDeletion:
  695. controller:
  696. kind:
  697. name:
  698. uid:
  699. resourceVersion:
  700. selfLink:
  701. uid:
  702. spec:
  703. activeDeadlineSeconds:
  704. affinity:
  705. nodeAffinity:
  706. preferredDuringSchedulingIgnoredDuringExecution:
  707. - preference:
  708. - matchExpressions:
  709. - - key:
  710. operator:
  711. values:
  712. - [string]:
  713. weight:
  714. requiredDuringSchedulingIgnoredDuringExecution:
  715. nodeSelectorTerms:
  716. - matchExpressions:
  717. - - key:
  718. operator:
  719. values:
  720. - [string]:
  721. podAffinity:
  722. preferredDuringSchedulingIgnoredDuringExecution:
  723. - podAffinityTerm:
  724. - labelSelector:
  725. - matchExpressions:
  726. - - key:
  727. operator:
  728. values:
  729. - [string]:
  730. matchLabels:
  731. [string]:
  732. namespaces:
  733. - [string]:
  734. topologyKey:
  735. weight:
  736. requiredDuringSchedulingIgnoredDuringExecution:
  737. - labelSelector:
  738. - matchExpressions:
  739. - - key:
  740. operator:
  741. values:
  742. - [string]:
  743. matchLabels:
  744. [string]:
  745. namespaces:
  746. - [string]:
  747. topologyKey:
  748. podAntiAffinity:
  749. preferredDuringSchedulingIgnoredDuringExecution:
  750. - podAffinityTerm:
  751. - labelSelector:
  752. - matchExpressions:
  753. - - key:
  754. operator:
  755. values:
  756. - [string]:
  757. matchLabels:
  758. [string]:
  759. namespaces:
  760. - [string]:
  761. topologyKey:
  762. weight:
  763. requiredDuringSchedulingIgnoredDuringExecution:
  764. - labelSelector:
  765. - matchExpressions:
  766. - - key:
  767. operator:
  768. values:
  769. - [string]:
  770. matchLabels:
  771. [string]:
  772. namespaces:
  773. - [string]:
  774. topologyKey:
  775. automountServiceAccountToken:
  776. containers:
  777. - args:
  778. - - [string]:
  779. command:
  780. - [string]:
  781. env:
  782. - name:
  783. value:
  784. valueFrom:
  785. configMapKeyRef:
  786. key:
  787. name:
  788. optional:
  789. fieldRef:
  790. apiVersion:
  791. fieldPath:
  792. resourceFieldRef:
  793. containerName:
  794. divisor:
  795. resource:
  796. secretKeyRef:
  797. key:
  798. name:
  799. optional:
  800. envFrom:
  801. - configMapRef:
  802. - name:
  803. optional:
  804. prefix:
  805. secretRef:
  806. name:
  807. optional:
  808. image:
  809. imagePullPolicy:
  810. lifecycle:
  811. postStart:
  812. exec:
  813. command:
  814. - [string]:
  815. httpGet:
  816. host:
  817. httpHeaders:
  818. - name:
  819. value:
  820. path:
  821. port:
  822. scheme:
  823. tcpSocket:
  824. host:
  825. port:
  826. preStop:
  827. exec:
  828. command:
  829. - [string]:
  830. httpGet:
  831. host:
  832. httpHeaders:
  833. - name:
  834. value:
  835. path:
  836. port:
  837. scheme:
  838. tcpSocket:
  839. host:
  840. port:
  841. livenessProbe:
  842. exec:
  843. command:
  844. - [string]:
  845. failureThreshold:
  846. httpGet:
  847. host:
  848. httpHeaders:
  849. - name:
  850. value:
  851. path:
  852. port:
  853. scheme:
  854. initialDelaySeconds:
  855. periodSeconds:
  856. successThreshold:
  857. tcpSocket:
  858. host:
  859. port:
  860. timeoutSeconds:
  861. name:
  862. ports:
  863. - containerPort:
  864. hostIP:
  865. hostPort:
  866. name:
  867. protocol:
  868. readinessProbe:
  869. exec:
  870. command:
  871. - [string]:
  872. failureThreshold:
  873. httpGet:
  874. host:
  875. httpHeaders:
  876. - name:
  877. value:
  878. path:
  879. port:
  880. scheme:
  881. initialDelaySeconds:
  882. periodSeconds:
  883. successThreshold:
  884. tcpSocket:
  885. host:
  886. port:
  887. timeoutSeconds:
  888. resources:
  889. limits:
  890. [string]:
  891. requests:
  892. [string]:
  893. securityContext:
  894. capabilities:
  895. add:
  896. - [string]:
  897. drop:
  898. - [string]:
  899. privileged:
  900. readOnlyRootFilesystem:
  901. runAsNonRoot:
  902. runAsUser:
  903. seLinuxOptions:
  904. level:
  905. role:
  906. type:
  907. user:
  908. stdin:
  909. stdinOnce:
  910. terminationMessagePath:
  911. terminationMessagePolicy:
  912. tty:
  913. volumeMounts:
  914. - mountPath:
  915. name:
  916. readOnly:
  917. subPath:
  918. workingDir:
  919. dnsPolicy:
  920. hostAliases:
  921. - hostnames:
  922. - - [string]:
  923. ip:
  924. hostIPC:
  925. hostNetwork:
  926. hostPID:
  927. hostname:
  928. imagePullSecrets:
  929. - name:
  930. initContainers:
  931. - args:
  932. - - [string]:
  933. command:
  934. - [string]:
  935. env:
  936. - name:
  937. value:
  938. valueFrom:
  939. configMapKeyRef:
  940. key:
  941. name:
  942. optional:
  943. fieldRef:
  944. apiVersion:
  945. fieldPath:
  946. resourceFieldRef:
  947. containerName:
  948. divisor:
  949. resource:
  950. secretKeyRef:
  951. key:
  952. name:
  953. optional:
  954. envFrom:
  955. - configMapRef:
  956. - name:
  957. optional:
  958. prefix:
  959. secretRef:
  960. name:
  961. optional:
  962. image:
  963. imagePullPolicy:
  964. lifecycle:
  965. postStart:
  966. exec:
  967. command:
  968. - [string]:
  969. httpGet:
  970. host:
  971. httpHeaders:
  972. - name:
  973. value:
  974. path:
  975. port:
  976. scheme:
  977. tcpSocket:
  978. host:
  979. port:
  980. preStop:
  981. exec:
  982. command:
  983. - [string]:
  984. httpGet:
  985. host:
  986. httpHeaders:
  987. - name:
  988. value:
  989. path:
  990. port:
  991. scheme:
  992. tcpSocket:
  993. host:
  994. port:
  995. livenessProbe:
  996. exec:
  997. command:
  998. - [string]:
  999. failureThreshold:
  1000. httpGet:
  1001. host:
  1002. httpHeaders:
  1003. - name:
  1004. value:
  1005. path:
  1006. port:
  1007. scheme:
  1008. initialDelaySeconds:
  1009. periodSeconds:
  1010. successThreshold:
  1011. tcpSocket:
  1012. host:
  1013. port:
  1014. timeoutSeconds:
  1015. name:
  1016. ports:
  1017. - containerPort:
  1018. hostIP:
  1019. hostPort:
  1020. name:
  1021. protocol:
  1022. readinessProbe:
  1023. exec:
  1024. command:
  1025. - [string]:
  1026. failureThreshold:
  1027. httpGet:
  1028. host:
  1029. httpHeaders:
  1030. - name:
  1031. value:
  1032. path:
  1033. port:
  1034. scheme:
  1035. initialDelaySeconds:
  1036. periodSeconds:
  1037. successThreshold:
  1038. tcpSocket:
  1039. host:
  1040. port:
  1041. timeoutSeconds:
  1042. resources:
  1043. limits:
  1044. [string]:
  1045. requests:
  1046. [string]:
  1047. securityContext:
  1048. capabilities:
  1049. add:
  1050. - [string]:
  1051. drop:
  1052. - [string]:
  1053. privileged:
  1054. readOnlyRootFilesystem:
  1055. runAsNonRoot:
  1056. runAsUser:
  1057. seLinuxOptions:
  1058. level:
  1059. role:
  1060. type:
  1061. user:
  1062. stdin:
  1063. stdinOnce:
  1064. terminationMessagePath:
  1065. terminationMessagePolicy:
  1066. tty:
  1067. volumeMounts:
  1068. - mountPath:
  1069. name:
  1070. readOnly:
  1071. subPath:
  1072. workingDir:
  1073. nodeName:
  1074. nodeSelector:
  1075. [string]:
  1076. restartPolicy:
  1077. schedulerName:
  1078. securityContext:
  1079. fsGroup:
  1080. runAsNonRoot:
  1081. runAsUser:
  1082. seLinuxOptions:
  1083. level:
  1084. role:
  1085. type:
  1086. user:
  1087. supplementalGroups:
  1088. - [integer]:
  1089. serviceAccount:
  1090. serviceAccountName:
  1091. subdomain:
  1092. terminationGracePeriodSeconds:
  1093. tolerations:
  1094. - effect:
  1095. key:
  1096. operator:
  1097. tolerationSeconds:
  1098. value:
  1099. volumes:
  1100. - awsElasticBlockStore:
  1101. - fsType:
  1102. partition:
  1103. readOnly:
  1104. volumeID:
  1105. azureDisk:
  1106. cachingMode:
  1107. diskName:
  1108. diskURI:
  1109. fsType:
  1110. kind:
  1111. readOnly:
  1112. azureFile:
  1113. readOnly:
  1114. secretName:
  1115. shareName:
  1116. cephfs:
  1117. monitors:
  1118. - [string]:
  1119. path:
  1120. readOnly:
  1121. secretFile:
  1122. secretRef:
  1123. name:
  1124. user:
  1125. cinder:
  1126. fsType:
  1127. readOnly:
  1128. volumeID:
  1129. configMap:
  1130. defaultMode:
  1131. items:
  1132. - key:
  1133. mode:
  1134. path:
  1135. name:
  1136. optional:
  1137. downwardAPI:
  1138. defaultMode:
  1139. items:
  1140. - fieldRef:
  1141. - apiVersion:
  1142. fieldPath:
  1143. mode:
  1144. path:
  1145. resourceFieldRef:
  1146. containerName:
  1147. divisor:
  1148. resource:
  1149. emptyDir:
  1150. medium:
  1151. sizeLimit:
  1152. fc:
  1153. fsType:
  1154. lun:
  1155. readOnly:
  1156. targetWWNs:
  1157. - [string]:
  1158. flexVolume:
  1159. driver:
  1160. fsType:
  1161. options:
  1162. [string]:
  1163. readOnly:
  1164. secretRef:
  1165. name:
  1166. flocker:
  1167. datasetName:
  1168. datasetUUID:
  1169. gcePersistentDisk:
  1170. fsType:
  1171. partition:
  1172. pdName:
  1173. readOnly:
  1174. gitRepo:
  1175. directory:
  1176. repository:
  1177. revision:
  1178. glusterfs:
  1179. endpoints:
  1180. path:
  1181. readOnly:
  1182. hostPath:
  1183. path:
  1184. iscsi:
  1185. chapAuthDiscovery:
  1186. chapAuthSession:
  1187. fsType:
  1188. iqn:
  1189. iscsiInterface:
  1190. lun:
  1191. portals:
  1192. - [string]:
  1193. readOnly:
  1194. secretRef:
  1195. name:
  1196. targetPortal:
  1197. name:
  1198. nfs:
  1199. path:
  1200. readOnly:
  1201. server:
  1202. persistentVolumeClaim:
  1203. claimName:
  1204. readOnly:
  1205. photonPersistentDisk:
  1206. fsType:
  1207. pdID:
  1208. portworxVolume:
  1209. fsType:
  1210. readOnly:
  1211. volumeID:
  1212. projected:
  1213. defaultMode:
  1214. sources:
  1215. - configMap:
  1216. - items:
  1217. - - key:
  1218. mode:
  1219. path:
  1220. name:
  1221. optional:
  1222. downwardAPI:
  1223. items:
  1224. - fieldRef:
  1225. - apiVersion:
  1226. fieldPath:
  1227. mode:
  1228. path:
  1229. resourceFieldRef:
  1230. containerName:
  1231. divisor:
  1232. resource:
  1233. secret:
  1234. items:
  1235. - key:
  1236. mode:
  1237. path:
  1238. name:
  1239. optional:
  1240. quobyte:
  1241. group:
  1242. readOnly:
  1243. registry:
  1244. user:
  1245. volume:
  1246. rbd:
  1247. fsType:
  1248. image:
  1249. keyring:
  1250. monitors:
  1251. - [string]:
  1252. pool:
  1253. readOnly:
  1254. secretRef:
  1255. name:
  1256. user:
  1257. scaleIO:
  1258. fsType:
  1259. gateway:
  1260. protectionDomain:
  1261. readOnly:
  1262. secretRef:
  1263. name:
  1264. sslEnabled:
  1265. storageMode:
  1266. storagePool:
  1267. system:
  1268. volumeName:
  1269. secret:
  1270. defaultMode:
  1271. items:
  1272. - key:
  1273. mode:
  1274. path:
  1275. optional:
  1276. secretName:
  1277. storageos:
  1278. fsType:
  1279. readOnly:
  1280. secretRef:
  1281. name:
  1282. volumeName:
  1283. volumeNamespace:
  1284. vsphereVolume:
  1285. fsType:
  1286. storagePolicyID:
  1287. storagePolicyName:
  1288. volumePath:

Operations

Create a PodSecurityPolicySubjectReview

Create a PodSecurityPolicySubjectReview

HTTP request

  1. POST /apis/security.openshift.io/v1/podsecuritypolicysubjectreviews HTTP/1.1
  2. Authorization: Bearer $TOKEN
  3. Accept: application/json
  4. Connection: close
  5. Content-Type: application/json'
  6. {
  7. "kind": "PodSecurityPolicySubjectReview",
  8. "apiVersion": "security.openshift.io/v1",
  9. ...
  10. }

Curl request

  1. $ curl -k \
  2. -X POST \
  3. -d @- \
  4. -H "Authorization: Bearer $TOKEN" \
  5. -H 'Accept: application/json' \
  6. -H 'Content-Type: application/json' \
  7. https://$ENDPOINT/apis/security.openshift.io/v1/podsecuritypolicysubjectreviews <<'EOF'
  8. {
  9. "kind": "PodSecurityPolicySubjectReview",
  10. "apiVersion": "security.openshift.io/v1",
  11. ...
  12. }
  13. EOF

HTTP body

ParameterSchema

body

v1.PodSecurityPolicySubjectReview

Query parameters

ParameterDescription

pretty

If ‘true’, then the output is pretty printed.

Responses

HTTP CodeSchema

200 OK

v1.PodSecurityPolicySubjectReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Create a PodSecurityPolicySubjectReview in a namespace

Create a PodSecurityPolicySubjectReview

HTTP request

  1. POST /apis/security.openshift.io/v1/namespaces/$NAMESPACE/podsecuritypolicysubjectreviews HTTP/1.1
  2. Authorization: Bearer $TOKEN
  3. Accept: application/json
  4. Connection: close
  5. Content-Type: application/json'
  6. {
  7. "kind": "PodSecurityPolicySubjectReview",
  8. "apiVersion": "security.openshift.io/v1",
  9. ...
  10. }

Curl request

  1. $ curl -k \
  2. -X POST \
  3. -d @- \
  4. -H "Authorization: Bearer $TOKEN" \
  5. -H 'Accept: application/json' \
  6. -H 'Content-Type: application/json' \
  7. https://$ENDPOINT/apis/security.openshift.io/v1/namespaces/$NAMESPACE/podsecuritypolicysubjectreviews <<'EOF'
  8. {
  9. "kind": "PodSecurityPolicySubjectReview",
  10. "apiVersion": "security.openshift.io/v1",
  11. ...
  12. }
  13. EOF

HTTP body

ParameterSchema

body

v1.PodSecurityPolicySubjectReview

Path parameters

ParameterDescription

namespace

object name and auth scope, such as for teams and projects

Query parameters

ParameterDescription

pretty

If ‘true’, then the output is pretty printed.

Responses

HTTP CodeSchema

200 OK

v1.PodSecurityPolicySubjectReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf