ves-io-schema-k8s_pod_security_policy-API-Create
On This Page:
Examples of creating k8s_pod_security_policy
Usecase:
Create pod-security-policy-1
Request using vesctl:
vesctl configuration create k8s_pod_security_policy -i k8s_pod_security_policy.yaml
where file k8s_pod_security_policy.yaml has following contents (k8s_pod_security_policy.CreateRequest):
RequestJSON:
{
"metadata": {
"name": "pod-security-policy-1",
"namespace": "system"
},
"spec": {
"psp_spec": {
"no_default_capabilities": {},
"no_allowed_capabilities": {},
"no_drop_capabilities": {},
"volumes": [
"config"
],
"read_only_root_filesystem": true,
"host_network": true,
"no_run_as_user": {},
"no_run_as_group": {},
"no_supplemental_groups": {},
"no_fs_groups": {},
"no_se_linux_options": {},
"no_runtime_class": {}
}
}
}
vesctl yaml response:
ResponseJSON:
{
"metadata": {
"name": "pod-security-policy-1",
"namespace": "system",
"labels": {},
"annotations": {},
"description": "",
"disable": false
},
"system_metadata": {
"uid": "3342e64a-6a99-4c55-b8be-77da43472148",
"creation_timestamp": "2024-03-21T14:05:54.563855Z",
"deletion_timestamp": null,
"modification_timestamp": null,
"initializers": null,
"finalizers": [],
"tenant": "acmecorp",
"creator_class": "examplesvc",
"creator_id": "examplesvc",
"object_index": 0,
"owner_view": null,
"labels": {}
},
"spec": {
"psp_spec": {
"privileged": false,
"allow_privilege_escalation": false,
"default_allow_privilege_escalation": false,
"no_default_capabilities": {},
"no_allowed_capabilities": {},
"no_drop_capabilities": {},
"volumes": [
"config"
],
"allowed_flex_volumes": [],
"allowed_host_paths": [],
"allowed_proc_mounts": [],
"read_only_root_filesystem": true,
"allowed_csi_drivers": [],
"host_network": true,
"host_port_ranges": "",
"host_ipc": false,
"host_pid": false,
"allowed_unsafe_sysctls": [],
"forbidden_sysctls": [],
"no_run_as_user": {},
"no_run_as_group": {},
"no_supplemental_groups": {},
"no_fs_groups": {},
"no_se_linux_options": {},
"no_runtime_class": {}
}
}
}
Request using curl:
curl -X 'POST' -d '{"metadata":{"name":"pod-security-policy-1","namespace":"system"},"spec":{"psp_spec":{"no_default_capabilities":{},"no_allowed_capabilities":{},"no_drop_capabilities":{},"volumes":["config"],"read_only_root_filesystem":true,"host_network":true,"no_run_as_user":{},"no_run_as_group":{},"no_supplemental_groups":{},"no_fs_groups":{},"no_se_linux_options":{},"no_runtime_class":{}}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_var_folders_2__8qnt6fwd5dvglr1xqq6l8b7w0000gp_T_go-build3109416560_b001_apidocs.test/host=C02FN35BMD6R/svc=S:examplesvc/site=mytestce01' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/k8s_pod_security_policys'
curl response:
HTTP/1.1 200 OK
Content-Type: application/json
Date: Thu, 21 Mar 2024 14:05:54 GMT
Vary: Accept-Encoding
{
"metadata": {
"name": "pod-security-policy-1",
"namespace": "system",
"labels": {
},
"annotations": {
},
"description": "",
"disable": false
},
"system_metadata": {
"uid": "3342e64a-6a99-4c55-b8be-77da43472148",
"creation_timestamp": "2024-03-21T14:05:54.563855Z",
"deletion_timestamp": null,
"modification_timestamp": null,
"initializers": null,
"finalizers": [
],
"tenant": "acmecorp",
"creator_class": "examplesvc",
"creator_id": "examplesvc",
"object_index": 0,
"owner_view": null,
"labels": {
}
},
"spec": {
"psp_spec": {
"privileged": false,
"allow_privilege_escalation": false,
"default_allow_privilege_escalation": false,
"no_default_capabilities": {
},
"no_allowed_capabilities": {
},
"no_drop_capabilities": {
},
"volumes": [
"config"
],
"allowed_flex_volumes": [
],
"allowed_host_paths": [
],
"allowed_proc_mounts": [
],
"read_only_root_filesystem": true,
"allowed_csi_drivers": [
],
"host_network": true,
"host_port_ranges": "",
"host_ipc": false,
"host_pid": false,
"allowed_unsafe_sysctls": [
],
"forbidden_sysctls": [
],
"no_run_as_user": {
},
"no_run_as_group": {
},
"no_supplemental_groups": {
},
"no_fs_groups": {
},
"no_se_linux_options": {
},
"no_runtime_class": {
}
}
}
}