1. Packages
  2. Rancher2
  3. API Docs
  4. PodSecurityPolicyTemplate
Rancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi

rancher2.PodSecurityPolicyTemplate

Explore with Pulumi AI

rancher2 logo
Rancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi

    Provides a Rancher v2 PodSecurityPolicyTemplate resource. This can be used to create PodSecurityPolicyTemplates for Rancher v2 environments and retrieve their information.

    Example Usage

    # Create a new rancher2 PodSecurityPolicyTemplate
    resource "rancher2_pod_security_policy_template" "foo" {
      name = "foo"
      description = "Terraform PodSecurityPolicyTemplate acceptance test - update"
      allow_privilege_escalation = false
      allowed_csi_driver {
        name = "something"
      }
      allowed_csi_driver {
        name = "something-else"
      }
      allowed_flex_volume {
        driver = "something"
      }
      allowed_flex_volume {
        driver = "something-else"
      }
      allowed_host_path {
        path_prefix = "/"
        read_only = true
      }
      allowed_host_path {
        path_prefix = "//"
        read_only = false
      }
      allowed_proc_mount_types = ["Default"]
      default_allow_privilege_escalation = false
      fs_group {
        rule = "MustRunAs"
        range {
          min = 0
          max = 100
        }
        range {
          min = 0
          max = 100
        }
      }
      host_ipc = false
      host_network = false
      host_pid = false
      host_port {
        min = 0
        max = 65535
      }
      host_port {
        min = 1024
        max = 8080
      }
      privileged = false
      read_only_root_filesystem = false
      required_drop_capabilities = ["something"]
    
      run_as_user {
        rule = "MustRunAs"
        range {
          min = 1
          max = 100
        }
        range {
          min = 2
          max = 1024
        }
      }
      run_as_group {
        rule = "MustRunAs"
        range {
          min = 1
          max = 100
        }
        range {
          min = 2
          max = 1024
        }
      }
      runtime_class {
        default_runtime_class_name = "something"
        allowed_runtime_class_names  = ["something"]
      }
      se_linux {
        rule = "RunAsAny"
      }
      supplemental_group {
        rule = "RunAsAny"
      }
      volumes = ["azureFile"]
    }
    

    Create PodSecurityPolicyTemplate Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new PodSecurityPolicyTemplate(name: string, args?: PodSecurityPolicyTemplateArgs, opts?: CustomResourceOptions);
    @overload
    def PodSecurityPolicyTemplate(resource_name: str,
                                  args: Optional[PodSecurityPolicyTemplateArgs] = None,
                                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def PodSecurityPolicyTemplate(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  allow_privilege_escalation: Optional[bool] = None,
                                  allowed_capabilities: Optional[Sequence[str]] = None,
                                  allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
                                  allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
                                  allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
                                  allowed_proc_mount_types: Optional[Sequence[str]] = None,
                                  allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
                                  annotations: Optional[Mapping[str, Any]] = None,
                                  default_add_capabilities: Optional[Sequence[str]] = None,
                                  default_allow_privilege_escalation: Optional[bool] = None,
                                  description: Optional[str] = None,
                                  forbidden_sysctls: Optional[Sequence[str]] = None,
                                  fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
                                  host_ipc: Optional[bool] = None,
                                  host_network: Optional[bool] = None,
                                  host_pid: Optional[bool] = None,
                                  host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
                                  labels: Optional[Mapping[str, Any]] = None,
                                  name: Optional[str] = None,
                                  privileged: Optional[bool] = None,
                                  read_only_root_filesystem: Optional[bool] = None,
                                  required_drop_capabilities: Optional[Sequence[str]] = None,
                                  run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
                                  run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
                                  runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
                                  se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
                                  supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
                                  volumes: Optional[Sequence[str]] = None)
    func NewPodSecurityPolicyTemplate(ctx *Context, name string, args *PodSecurityPolicyTemplateArgs, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
    public PodSecurityPolicyTemplate(string name, PodSecurityPolicyTemplateArgs? args = null, CustomResourceOptions? opts = null)
    public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args)
    public PodSecurityPolicyTemplate(String name, PodSecurityPolicyTemplateArgs args, CustomResourceOptions options)
    
    type: rancher2:PodSecurityPolicyTemplate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PodSecurityPolicyTemplateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var podSecurityPolicyTemplateResource = new Rancher2.PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource", new()
    {
        AllowPrivilegeEscalation = false,
        AllowedCapabilities = new[]
        {
            "string",
        },
        AllowedCsiDrivers = new[]
        {
            new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedCsiDriverArgs
            {
                Name = "string",
            },
        },
        AllowedFlexVolumes = new[]
        {
            new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedFlexVolumeArgs
            {
                Driver = "string",
            },
        },
        AllowedHostPaths = new[]
        {
            new Rancher2.Inputs.PodSecurityPolicyTemplateAllowedHostPathArgs
            {
                PathPrefix = "string",
                ReadOnly = false,
            },
        },
        AllowedProcMountTypes = new[]
        {
            "string",
        },
        AllowedUnsafeSysctls = new[]
        {
            "string",
        },
        Annotations = 
        {
            { "string", "any" },
        },
        DefaultAddCapabilities = new[]
        {
            "string",
        },
        DefaultAllowPrivilegeEscalation = false,
        Description = "string",
        ForbiddenSysctls = new[]
        {
            "string",
        },
        FsGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupArgs
        {
            Ranges = new[]
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateFsGroupRangeArgs
                {
                    Max = 0,
                    Min = 0,
                },
            },
            Rule = "string",
        },
        HostIpc = false,
        HostNetwork = false,
        HostPid = false,
        HostPorts = new[]
        {
            new Rancher2.Inputs.PodSecurityPolicyTemplateHostPortArgs
            {
                Max = 0,
                Min = 0,
            },
        },
        Labels = 
        {
            { "string", "any" },
        },
        Name = "string",
        Privileged = false,
        ReadOnlyRootFilesystem = false,
        RequiredDropCapabilities = new[]
        {
            "string",
        },
        RunAsGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupArgs
        {
            Rule = "string",
            Ranges = new[]
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsGroupRangeArgs
                {
                    Max = 0,
                    Min = 0,
                },
            },
        },
        RunAsUser = new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserArgs
        {
            Rule = "string",
            Ranges = new[]
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateRunAsUserRangeArgs
                {
                    Max = 0,
                    Min = 0,
                },
            },
        },
        RuntimeClass = new Rancher2.Inputs.PodSecurityPolicyTemplateRuntimeClassArgs
        {
            AllowedRuntimeClassNames = new[]
            {
                "string",
            },
            DefaultRuntimeClassName = "string",
        },
        SeLinux = new Rancher2.Inputs.PodSecurityPolicyTemplateSeLinuxArgs
        {
            Rule = "string",
            SeLinuxOption = new Rancher2.Inputs.PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs
            {
                Level = "string",
                Role = "string",
                Type = "string",
                User = "string",
            },
        },
        SupplementalGroup = new Rancher2.Inputs.PodSecurityPolicyTemplateSupplementalGroupArgs
        {
            Ranges = new[]
            {
                new Rancher2.Inputs.PodSecurityPolicyTemplateSupplementalGroupRangeArgs
                {
                    Max = 0,
                    Min = 0,
                },
            },
            Rule = "string",
        },
        Volumes = new[]
        {
            "string",
        },
    });
    
    example, err := rancher2.NewPodSecurityPolicyTemplate(ctx, "podSecurityPolicyTemplateResource", &rancher2.PodSecurityPolicyTemplateArgs{
    	AllowPrivilegeEscalation: pulumi.Bool(false),
    	AllowedCapabilities: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowedCsiDrivers: rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArray{
    		&rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs{
    			Name: pulumi.String("string"),
    		},
    	},
    	AllowedFlexVolumes: rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArray{
    		&rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs{
    			Driver: pulumi.String("string"),
    		},
    	},
    	AllowedHostPaths: rancher2.PodSecurityPolicyTemplateAllowedHostPathArray{
    		&rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs{
    			PathPrefix: pulumi.String("string"),
    			ReadOnly:   pulumi.Bool(false),
    		},
    	},
    	AllowedProcMountTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowedUnsafeSysctls: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Annotations: pulumi.Map{
    		"string": pulumi.Any("any"),
    	},
    	DefaultAddCapabilities: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DefaultAllowPrivilegeEscalation: pulumi.Bool(false),
    	Description:                     pulumi.String("string"),
    	ForbiddenSysctls: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	FsGroup: &rancher2.PodSecurityPolicyTemplateFsGroupArgs{
    		Ranges: rancher2.PodSecurityPolicyTemplateFsGroupRangeArray{
    			&rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs{
    				Max: pulumi.Int(0),
    				Min: pulumi.Int(0),
    			},
    		},
    		Rule: pulumi.String("string"),
    	},
    	HostIpc:     pulumi.Bool(false),
    	HostNetwork: pulumi.Bool(false),
    	HostPid:     pulumi.Bool(false),
    	HostPorts: rancher2.PodSecurityPolicyTemplateHostPortArray{
    		&rancher2.PodSecurityPolicyTemplateHostPortArgs{
    			Max: pulumi.Int(0),
    			Min: pulumi.Int(0),
    		},
    	},
    	Labels: pulumi.Map{
    		"string": pulumi.Any("any"),
    	},
    	Name:                   pulumi.String("string"),
    	Privileged:             pulumi.Bool(false),
    	ReadOnlyRootFilesystem: pulumi.Bool(false),
    	RequiredDropCapabilities: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	RunAsGroup: &rancher2.PodSecurityPolicyTemplateRunAsGroupArgs{
    		Rule: pulumi.String("string"),
    		Ranges: rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArray{
    			&rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs{
    				Max: pulumi.Int(0),
    				Min: pulumi.Int(0),
    			},
    		},
    	},
    	RunAsUser: &rancher2.PodSecurityPolicyTemplateRunAsUserArgs{
    		Rule: pulumi.String("string"),
    		Ranges: rancher2.PodSecurityPolicyTemplateRunAsUserRangeArray{
    			&rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs{
    				Max: pulumi.Int(0),
    				Min: pulumi.Int(0),
    			},
    		},
    	},
    	RuntimeClass: &rancher2.PodSecurityPolicyTemplateRuntimeClassArgs{
    		AllowedRuntimeClassNames: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		DefaultRuntimeClassName: pulumi.String("string"),
    	},
    	SeLinux: &rancher2.PodSecurityPolicyTemplateSeLinuxArgs{
    		Rule: pulumi.String("string"),
    		SeLinuxOption: &rancher2.PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs{
    			Level: pulumi.String("string"),
    			Role:  pulumi.String("string"),
    			Type:  pulumi.String("string"),
    			User:  pulumi.String("string"),
    		},
    	},
    	SupplementalGroup: &rancher2.PodSecurityPolicyTemplateSupplementalGroupArgs{
    		Ranges: rancher2.PodSecurityPolicyTemplateSupplementalGroupRangeArray{
    			&rancher2.PodSecurityPolicyTemplateSupplementalGroupRangeArgs{
    				Max: pulumi.Int(0),
    				Min: pulumi.Int(0),
    			},
    		},
    		Rule: pulumi.String("string"),
    	},
    	Volumes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var podSecurityPolicyTemplateResource = new PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource", PodSecurityPolicyTemplateArgs.builder()
        .allowPrivilegeEscalation(false)
        .allowedCapabilities("string")
        .allowedCsiDrivers(PodSecurityPolicyTemplateAllowedCsiDriverArgs.builder()
            .name("string")
            .build())
        .allowedFlexVolumes(PodSecurityPolicyTemplateAllowedFlexVolumeArgs.builder()
            .driver("string")
            .build())
        .allowedHostPaths(PodSecurityPolicyTemplateAllowedHostPathArgs.builder()
            .pathPrefix("string")
            .readOnly(false)
            .build())
        .allowedProcMountTypes("string")
        .allowedUnsafeSysctls("string")
        .annotations(Map.of("string", "any"))
        .defaultAddCapabilities("string")
        .defaultAllowPrivilegeEscalation(false)
        .description("string")
        .forbiddenSysctls("string")
        .fsGroup(PodSecurityPolicyTemplateFsGroupArgs.builder()
            .ranges(PodSecurityPolicyTemplateFsGroupRangeArgs.builder()
                .max(0)
                .min(0)
                .build())
            .rule("string")
            .build())
        .hostIpc(false)
        .hostNetwork(false)
        .hostPid(false)
        .hostPorts(PodSecurityPolicyTemplateHostPortArgs.builder()
            .max(0)
            .min(0)
            .build())
        .labels(Map.of("string", "any"))
        .name("string")
        .privileged(false)
        .readOnlyRootFilesystem(false)
        .requiredDropCapabilities("string")
        .runAsGroup(PodSecurityPolicyTemplateRunAsGroupArgs.builder()
            .rule("string")
            .ranges(PodSecurityPolicyTemplateRunAsGroupRangeArgs.builder()
                .max(0)
                .min(0)
                .build())
            .build())
        .runAsUser(PodSecurityPolicyTemplateRunAsUserArgs.builder()
            .rule("string")
            .ranges(PodSecurityPolicyTemplateRunAsUserRangeArgs.builder()
                .max(0)
                .min(0)
                .build())
            .build())
        .runtimeClass(PodSecurityPolicyTemplateRuntimeClassArgs.builder()
            .allowedRuntimeClassNames("string")
            .defaultRuntimeClassName("string")
            .build())
        .seLinux(PodSecurityPolicyTemplateSeLinuxArgs.builder()
            .rule("string")
            .seLinuxOption(PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs.builder()
                .level("string")
                .role("string")
                .type("string")
                .user("string")
                .build())
            .build())
        .supplementalGroup(PodSecurityPolicyTemplateSupplementalGroupArgs.builder()
            .ranges(PodSecurityPolicyTemplateSupplementalGroupRangeArgs.builder()
                .max(0)
                .min(0)
                .build())
            .rule("string")
            .build())
        .volumes("string")
        .build());
    
    pod_security_policy_template_resource = rancher2.PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource",
        allow_privilege_escalation=False,
        allowed_capabilities=["string"],
        allowed_csi_drivers=[rancher2.PodSecurityPolicyTemplateAllowedCsiDriverArgs(
            name="string",
        )],
        allowed_flex_volumes=[rancher2.PodSecurityPolicyTemplateAllowedFlexVolumeArgs(
            driver="string",
        )],
        allowed_host_paths=[rancher2.PodSecurityPolicyTemplateAllowedHostPathArgs(
            path_prefix="string",
            read_only=False,
        )],
        allowed_proc_mount_types=["string"],
        allowed_unsafe_sysctls=["string"],
        annotations={
            "string": "any",
        },
        default_add_capabilities=["string"],
        default_allow_privilege_escalation=False,
        description="string",
        forbidden_sysctls=["string"],
        fs_group=rancher2.PodSecurityPolicyTemplateFsGroupArgs(
            ranges=[rancher2.PodSecurityPolicyTemplateFsGroupRangeArgs(
                max=0,
                min=0,
            )],
            rule="string",
        ),
        host_ipc=False,
        host_network=False,
        host_pid=False,
        host_ports=[rancher2.PodSecurityPolicyTemplateHostPortArgs(
            max=0,
            min=0,
        )],
        labels={
            "string": "any",
        },
        name="string",
        privileged=False,
        read_only_root_filesystem=False,
        required_drop_capabilities=["string"],
        run_as_group=rancher2.PodSecurityPolicyTemplateRunAsGroupArgs(
            rule="string",
            ranges=[rancher2.PodSecurityPolicyTemplateRunAsGroupRangeArgs(
                max=0,
                min=0,
            )],
        ),
        run_as_user=rancher2.PodSecurityPolicyTemplateRunAsUserArgs(
            rule="string",
            ranges=[rancher2.PodSecurityPolicyTemplateRunAsUserRangeArgs(
                max=0,
                min=0,
            )],
        ),
        runtime_class=rancher2.PodSecurityPolicyTemplateRuntimeClassArgs(
            allowed_runtime_class_names=["string"],
            default_runtime_class_name="string",
        ),
        se_linux=rancher2.PodSecurityPolicyTemplateSeLinuxArgs(
            rule="string",
            se_linux_option=rancher2.PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs(
                level="string",
                role="string",
                type="string",
                user="string",
            ),
        ),
        supplemental_group=rancher2.PodSecurityPolicyTemplateSupplementalGroupArgs(
            ranges=[rancher2.PodSecurityPolicyTemplateSupplementalGroupRangeArgs(
                max=0,
                min=0,
            )],
            rule="string",
        ),
        volumes=["string"])
    
    const podSecurityPolicyTemplateResource = new rancher2.PodSecurityPolicyTemplate("podSecurityPolicyTemplateResource", {
        allowPrivilegeEscalation: false,
        allowedCapabilities: ["string"],
        allowedCsiDrivers: [{
            name: "string",
        }],
        allowedFlexVolumes: [{
            driver: "string",
        }],
        allowedHostPaths: [{
            pathPrefix: "string",
            readOnly: false,
        }],
        allowedProcMountTypes: ["string"],
        allowedUnsafeSysctls: ["string"],
        annotations: {
            string: "any",
        },
        defaultAddCapabilities: ["string"],
        defaultAllowPrivilegeEscalation: false,
        description: "string",
        forbiddenSysctls: ["string"],
        fsGroup: {
            ranges: [{
                max: 0,
                min: 0,
            }],
            rule: "string",
        },
        hostIpc: false,
        hostNetwork: false,
        hostPid: false,
        hostPorts: [{
            max: 0,
            min: 0,
        }],
        labels: {
            string: "any",
        },
        name: "string",
        privileged: false,
        readOnlyRootFilesystem: false,
        requiredDropCapabilities: ["string"],
        runAsGroup: {
            rule: "string",
            ranges: [{
                max: 0,
                min: 0,
            }],
        },
        runAsUser: {
            rule: "string",
            ranges: [{
                max: 0,
                min: 0,
            }],
        },
        runtimeClass: {
            allowedRuntimeClassNames: ["string"],
            defaultRuntimeClassName: "string",
        },
        seLinux: {
            rule: "string",
            seLinuxOption: {
                level: "string",
                role: "string",
                type: "string",
                user: "string",
            },
        },
        supplementalGroup: {
            ranges: [{
                max: 0,
                min: 0,
            }],
            rule: "string",
        },
        volumes: ["string"],
    });
    
    type: rancher2:PodSecurityPolicyTemplate
    properties:
        allowPrivilegeEscalation: false
        allowedCapabilities:
            - string
        allowedCsiDrivers:
            - name: string
        allowedFlexVolumes:
            - driver: string
        allowedHostPaths:
            - pathPrefix: string
              readOnly: false
        allowedProcMountTypes:
            - string
        allowedUnsafeSysctls:
            - string
        annotations:
            string: any
        defaultAddCapabilities:
            - string
        defaultAllowPrivilegeEscalation: false
        description: string
        forbiddenSysctls:
            - string
        fsGroup:
            ranges:
                - max: 0
                  min: 0
            rule: string
        hostIpc: false
        hostNetwork: false
        hostPid: false
        hostPorts:
            - max: 0
              min: 0
        labels:
            string: any
        name: string
        privileged: false
        readOnlyRootFilesystem: false
        requiredDropCapabilities:
            - string
        runAsGroup:
            ranges:
                - max: 0
                  min: 0
            rule: string
        runAsUser:
            ranges:
                - max: 0
                  min: 0
            rule: string
        runtimeClass:
            allowedRuntimeClassNames:
                - string
            defaultRuntimeClassName: string
        seLinux:
            rule: string
            seLinuxOption:
                level: string
                role: string
                type: string
                user: string
        supplementalGroup:
            ranges:
                - max: 0
                  min: 0
            rule: string
        volumes:
            - string
    

    PodSecurityPolicyTemplate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The PodSecurityPolicyTemplate resource accepts the following input properties:

    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities List<string>
    (list)
    AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    AllowedProcMountTypes List<string>
    (list)
    AllowedUnsafeSysctls List<string>
    (list)
    Annotations Dictionary<string, object>
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities List<string>
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls List<string>
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    Labels Dictionary<string, object>
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities List<string>
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    Volumes List<string>
    (list)
    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities []string
    (list)
    AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriverArgs
    (list)
    AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolumeArgs
    (list)
    AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPathArgs
    (list)
    AllowedProcMountTypes []string
    (list)
    AllowedUnsafeSysctls []string
    (list)
    Annotations map[string]interface{}
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities []string
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls []string
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts []PodSecurityPolicyTemplateHostPortArgs
    (list)
    Labels map[string]interface{}
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities []string
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    Volumes []string
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    allowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    allowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<String,Object>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    labels Map<String,Object>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes List<String>
    (list)
    allowPrivilegeEscalation boolean
    = (Optional)
    allowedCapabilities string[]
    (list)
    allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]
    (list)
    allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]
    (list)
    allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]
    (list)
    allowedProcMountTypes string[]
    (list)
    allowedUnsafeSysctls string[]
    (list)
    annotations {[key: string]: any}
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities string[]
    (list)
    defaultAllowPrivilegeEscalation boolean
    (list)
    description string
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls string[]
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc boolean
    (bool)
    hostNetwork boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid boolean
    (bool)
    hostPorts PodSecurityPolicyTemplateHostPort[]
    (list)
    labels {[key: string]: any}
    Labels for PodSecurityPolicyTemplate object (map)
    name string
    The name of the PodSecurityPolicyTemplate (string)
    privileged boolean
    (bool)
    readOnlyRootFilesystem boolean
    (bool)
    requiredDropCapabilities string[]
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes string[]
    (list)
    allow_privilege_escalation bool
    = (Optional)
    allowed_capabilities Sequence[str]
    (list)
    allowed_csi_drivers Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]
    (list)
    allowed_flex_volumes Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]
    (list)
    allowed_host_paths Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]
    (list)
    allowed_proc_mount_types Sequence[str]
    (list)
    allowed_unsafe_sysctls Sequence[str]
    (list)
    annotations Mapping[str, Any]
    Annotations for PodSecurityPolicyTemplate object (map)
    default_add_capabilities Sequence[str]
    (list)
    default_allow_privilege_escalation bool
    (list)
    description str
    The PodSecurityPolicyTemplate description (string)
    forbidden_sysctls Sequence[str]
    (list)
    fs_group PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    host_ipc bool
    (bool)
    host_network bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    host_pid bool
    (bool)
    host_ports Sequence[PodSecurityPolicyTemplateHostPortArgs]
    (list)
    labels Mapping[str, Any]
    Labels for PodSecurityPolicyTemplate object (map)
    name str
    The name of the PodSecurityPolicyTemplate (string)
    privileged bool
    (bool)
    read_only_root_filesystem bool
    (bool)
    required_drop_capabilities Sequence[str]
    (list)
    run_as_group PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    run_as_user PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    runtime_class PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    se_linux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    supplemental_group PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    volumes Sequence[str]
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<Property Map>
    (list)
    allowedFlexVolumes List<Property Map>
    (list)
    allowedHostPaths List<Property Map>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<Any>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup Property Map
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<Property Map>
    (list)
    labels Map<Any>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup Property Map
    (list maxitems:1)
    runAsUser Property Map
    (list maxitems:1)
    runtimeClass Property Map
    (list maxitems:1)
    seLinux Property Map
    (list maxitems:1)
    supplementalGroup Property Map
    (list maxitems:1)
    volumes List<String>
    (list)

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PodSecurityPolicyTemplate resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing PodSecurityPolicyTemplate Resource

    Get an existing PodSecurityPolicyTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PodSecurityPolicyTemplateState, opts?: CustomResourceOptions): PodSecurityPolicyTemplate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allow_privilege_escalation: Optional[bool] = None,
            allowed_capabilities: Optional[Sequence[str]] = None,
            allowed_csi_drivers: Optional[Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]] = None,
            allowed_flex_volumes: Optional[Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]] = None,
            allowed_host_paths: Optional[Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]] = None,
            allowed_proc_mount_types: Optional[Sequence[str]] = None,
            allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
            annotations: Optional[Mapping[str, Any]] = None,
            default_add_capabilities: Optional[Sequence[str]] = None,
            default_allow_privilege_escalation: Optional[bool] = None,
            description: Optional[str] = None,
            forbidden_sysctls: Optional[Sequence[str]] = None,
            fs_group: Optional[PodSecurityPolicyTemplateFsGroupArgs] = None,
            host_ipc: Optional[bool] = None,
            host_network: Optional[bool] = None,
            host_pid: Optional[bool] = None,
            host_ports: Optional[Sequence[PodSecurityPolicyTemplateHostPortArgs]] = None,
            labels: Optional[Mapping[str, Any]] = None,
            name: Optional[str] = None,
            privileged: Optional[bool] = None,
            read_only_root_filesystem: Optional[bool] = None,
            required_drop_capabilities: Optional[Sequence[str]] = None,
            run_as_group: Optional[PodSecurityPolicyTemplateRunAsGroupArgs] = None,
            run_as_user: Optional[PodSecurityPolicyTemplateRunAsUserArgs] = None,
            runtime_class: Optional[PodSecurityPolicyTemplateRuntimeClassArgs] = None,
            se_linux: Optional[PodSecurityPolicyTemplateSeLinuxArgs] = None,
            supplemental_group: Optional[PodSecurityPolicyTemplateSupplementalGroupArgs] = None,
            volumes: Optional[Sequence[str]] = None) -> PodSecurityPolicyTemplate
    func GetPodSecurityPolicyTemplate(ctx *Context, name string, id IDInput, state *PodSecurityPolicyTemplateState, opts ...ResourceOption) (*PodSecurityPolicyTemplate, error)
    public static PodSecurityPolicyTemplate Get(string name, Input<string> id, PodSecurityPolicyTemplateState? state, CustomResourceOptions? opts = null)
    public static PodSecurityPolicyTemplate get(String name, Output<String> id, PodSecurityPolicyTemplateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities List<string>
    (list)
    AllowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    AllowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    AllowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    AllowedProcMountTypes List<string>
    (list)
    AllowedUnsafeSysctls List<string>
    (list)
    Annotations Dictionary<string, object>
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities List<string>
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls List<string>
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    Labels Dictionary<string, object>
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities List<string>
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    Volumes List<string>
    (list)
    AllowPrivilegeEscalation bool
    = (Optional)
    AllowedCapabilities []string
    (list)
    AllowedCsiDrivers []PodSecurityPolicyTemplateAllowedCsiDriverArgs
    (list)
    AllowedFlexVolumes []PodSecurityPolicyTemplateAllowedFlexVolumeArgs
    (list)
    AllowedHostPaths []PodSecurityPolicyTemplateAllowedHostPathArgs
    (list)
    AllowedProcMountTypes []string
    (list)
    AllowedUnsafeSysctls []string
    (list)
    Annotations map[string]interface{}
    Annotations for PodSecurityPolicyTemplate object (map)
    DefaultAddCapabilities []string
    (list)
    DefaultAllowPrivilegeEscalation bool
    (list)
    Description string
    The PodSecurityPolicyTemplate description (string)
    ForbiddenSysctls []string
    (list)
    FsGroup PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    HostIpc bool
    (bool)
    HostNetwork bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    HostPid bool
    (bool)
    HostPorts []PodSecurityPolicyTemplateHostPortArgs
    (list)
    Labels map[string]interface{}
    Labels for PodSecurityPolicyTemplate object (map)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Privileged bool
    (bool)
    ReadOnlyRootFilesystem bool
    (bool)
    RequiredDropCapabilities []string
    (list)
    RunAsGroup PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    RunAsUser PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    RuntimeClass PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    SeLinux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    SupplementalGroup PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    Volumes []string
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<PodSecurityPolicyTemplateAllowedCsiDriver>
    (list)
    allowedFlexVolumes List<PodSecurityPolicyTemplateAllowedFlexVolume>
    (list)
    allowedHostPaths List<PodSecurityPolicyTemplateAllowedHostPath>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<String,Object>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<PodSecurityPolicyTemplateHostPort>
    (list)
    labels Map<String,Object>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes List<String>
    (list)
    allowPrivilegeEscalation boolean
    = (Optional)
    allowedCapabilities string[]
    (list)
    allowedCsiDrivers PodSecurityPolicyTemplateAllowedCsiDriver[]
    (list)
    allowedFlexVolumes PodSecurityPolicyTemplateAllowedFlexVolume[]
    (list)
    allowedHostPaths PodSecurityPolicyTemplateAllowedHostPath[]
    (list)
    allowedProcMountTypes string[]
    (list)
    allowedUnsafeSysctls string[]
    (list)
    annotations {[key: string]: any}
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities string[]
    (list)
    defaultAllowPrivilegeEscalation boolean
    (list)
    description string
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls string[]
    (list)
    fsGroup PodSecurityPolicyTemplateFsGroup
    (list maxitems:1)
    hostIpc boolean
    (bool)
    hostNetwork boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid boolean
    (bool)
    hostPorts PodSecurityPolicyTemplateHostPort[]
    (list)
    labels {[key: string]: any}
    Labels for PodSecurityPolicyTemplate object (map)
    name string
    The name of the PodSecurityPolicyTemplate (string)
    privileged boolean
    (bool)
    readOnlyRootFilesystem boolean
    (bool)
    requiredDropCapabilities string[]
    (list)
    runAsGroup PodSecurityPolicyTemplateRunAsGroup
    (list maxitems:1)
    runAsUser PodSecurityPolicyTemplateRunAsUser
    (list maxitems:1)
    runtimeClass PodSecurityPolicyTemplateRuntimeClass
    (list maxitems:1)
    seLinux PodSecurityPolicyTemplateSeLinux
    (list maxitems:1)
    supplementalGroup PodSecurityPolicyTemplateSupplementalGroup
    (list maxitems:1)
    volumes string[]
    (list)
    allow_privilege_escalation bool
    = (Optional)
    allowed_capabilities Sequence[str]
    (list)
    allowed_csi_drivers Sequence[PodSecurityPolicyTemplateAllowedCsiDriverArgs]
    (list)
    allowed_flex_volumes Sequence[PodSecurityPolicyTemplateAllowedFlexVolumeArgs]
    (list)
    allowed_host_paths Sequence[PodSecurityPolicyTemplateAllowedHostPathArgs]
    (list)
    allowed_proc_mount_types Sequence[str]
    (list)
    allowed_unsafe_sysctls Sequence[str]
    (list)
    annotations Mapping[str, Any]
    Annotations for PodSecurityPolicyTemplate object (map)
    default_add_capabilities Sequence[str]
    (list)
    default_allow_privilege_escalation bool
    (list)
    description str
    The PodSecurityPolicyTemplate description (string)
    forbidden_sysctls Sequence[str]
    (list)
    fs_group PodSecurityPolicyTemplateFsGroupArgs
    (list maxitems:1)
    host_ipc bool
    (bool)
    host_network bool
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    host_pid bool
    (bool)
    host_ports Sequence[PodSecurityPolicyTemplateHostPortArgs]
    (list)
    labels Mapping[str, Any]
    Labels for PodSecurityPolicyTemplate object (map)
    name str
    The name of the PodSecurityPolicyTemplate (string)
    privileged bool
    (bool)
    read_only_root_filesystem bool
    (bool)
    required_drop_capabilities Sequence[str]
    (list)
    run_as_group PodSecurityPolicyTemplateRunAsGroupArgs
    (list maxitems:1)
    run_as_user PodSecurityPolicyTemplateRunAsUserArgs
    (list maxitems:1)
    runtime_class PodSecurityPolicyTemplateRuntimeClassArgs
    (list maxitems:1)
    se_linux PodSecurityPolicyTemplateSeLinuxArgs
    (list maxitems:1)
    supplemental_group PodSecurityPolicyTemplateSupplementalGroupArgs
    (list maxitems:1)
    volumes Sequence[str]
    (list)
    allowPrivilegeEscalation Boolean
    = (Optional)
    allowedCapabilities List<String>
    (list)
    allowedCsiDrivers List<Property Map>
    (list)
    allowedFlexVolumes List<Property Map>
    (list)
    allowedHostPaths List<Property Map>
    (list)
    allowedProcMountTypes List<String>
    (list)
    allowedUnsafeSysctls List<String>
    (list)
    annotations Map<Any>
    Annotations for PodSecurityPolicyTemplate object (map)
    defaultAddCapabilities List<String>
    (list)
    defaultAllowPrivilegeEscalation Boolean
    (list)
    description String
    The PodSecurityPolicyTemplate description (string)
    forbiddenSysctls List<String>
    (list)
    fsGroup Property Map
    (list maxitems:1)
    hostIpc Boolean
    (bool)
    hostNetwork Boolean
    hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
    hostPid Boolean
    (bool)
    hostPorts List<Property Map>
    (list)
    labels Map<Any>
    Labels for PodSecurityPolicyTemplate object (map)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    privileged Boolean
    (bool)
    readOnlyRootFilesystem Boolean
    (bool)
    requiredDropCapabilities List<String>
    (list)
    runAsGroup Property Map
    (list maxitems:1)
    runAsUser Property Map
    (list maxitems:1)
    runtimeClass Property Map
    (list maxitems:1)
    seLinux Property Map
    (list maxitems:1)
    supplementalGroup Property Map
    (list maxitems:1)
    volumes List<String>
    (list)

    Supporting Types

    PodSecurityPolicyTemplateAllowedCsiDriver, PodSecurityPolicyTemplateAllowedCsiDriverArgs

    Name string
    The name of the PodSecurityPolicyTemplate (string)
    Name string
    The name of the PodSecurityPolicyTemplate (string)
    name String
    The name of the PodSecurityPolicyTemplate (string)
    name string
    The name of the PodSecurityPolicyTemplate (string)
    name str
    The name of the PodSecurityPolicyTemplate (string)
    name String
    The name of the PodSecurityPolicyTemplate (string)

    PodSecurityPolicyTemplateAllowedFlexVolume, PodSecurityPolicyTemplateAllowedFlexVolumeArgs

    Driver string
    driver is the name of the Flexvolume driver.
    Driver string
    driver is the name of the Flexvolume driver.
    driver String
    driver is the name of the Flexvolume driver.
    driver string
    driver is the name of the Flexvolume driver.
    driver str
    driver is the name of the Flexvolume driver.
    driver String
    driver is the name of the Flexvolume driver.

    PodSecurityPolicyTemplateAllowedHostPath, PodSecurityPolicyTemplateAllowedHostPathArgs

    PathPrefix string
    pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
    ReadOnly bool
    when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
    PathPrefix string
    pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
    ReadOnly bool
    when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
    pathPrefix String
    pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
    readOnly Boolean
    when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
    pathPrefix string
    pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
    readOnly boolean
    when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
    path_prefix str
    pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
    read_only bool
    when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
    pathPrefix String
    pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.
    readOnly Boolean
    when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

    PodSecurityPolicyTemplateFsGroup, PodSecurityPolicyTemplateFsGroupArgs

    Ranges List<PodSecurityPolicyTemplateFsGroupRange>
    ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
    Rule string
    rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
    Ranges []PodSecurityPolicyTemplateFsGroupRange
    ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
    Rule string
    rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
    ranges List<PodSecurityPolicyTemplateFsGroupRange>
    ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
    ranges PodSecurityPolicyTemplateFsGroupRange[]
    ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
    rule string
    rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
    ranges Sequence[PodSecurityPolicyTemplateFsGroupRange]
    ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
    rule str
    rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
    ranges List<Property Map>
    ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

    PodSecurityPolicyTemplateFsGroupRange, PodSecurityPolicyTemplateFsGroupRangeArgs

    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    max Integer
    max is the end of the range, inclusive.
    min Integer
    min is the start of the range, inclusive.
    max number
    max is the end of the range, inclusive.
    min number
    min is the start of the range, inclusive.
    max int
    max is the end of the range, inclusive.
    min int
    min is the start of the range, inclusive.
    max Number
    max is the end of the range, inclusive.
    min Number
    min is the start of the range, inclusive.

    PodSecurityPolicyTemplateHostPort, PodSecurityPolicyTemplateHostPortArgs

    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    max Integer
    max is the end of the range, inclusive.
    min Integer
    min is the start of the range, inclusive.
    max number
    max is the end of the range, inclusive.
    min number
    min is the start of the range, inclusive.
    max int
    max is the end of the range, inclusive.
    min int
    min is the start of the range, inclusive.
    max Number
    max is the end of the range, inclusive.
    min Number
    min is the start of the range, inclusive.

    PodSecurityPolicyTemplateRunAsGroup, PodSecurityPolicyTemplateRunAsGroupArgs

    Rule string
    rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    Ranges List<PodSecurityPolicyTemplateRunAsGroupRange>
    ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
    Rule string
    rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    Ranges []PodSecurityPolicyTemplateRunAsGroupRange
    ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    ranges List<PodSecurityPolicyTemplateRunAsGroupRange>
    ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
    rule string
    rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    ranges PodSecurityPolicyTemplateRunAsGroupRange[]
    ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
    rule str
    rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    ranges Sequence[PodSecurityPolicyTemplateRunAsGroupRange]
    ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
    ranges List<Property Map>
    ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

    PodSecurityPolicyTemplateRunAsGroupRange, PodSecurityPolicyTemplateRunAsGroupRangeArgs

    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    max Integer
    max is the end of the range, inclusive.
    min Integer
    min is the start of the range, inclusive.
    max number
    max is the end of the range, inclusive.
    min number
    min is the start of the range, inclusive.
    max int
    max is the end of the range, inclusive.
    min int
    min is the start of the range, inclusive.
    max Number
    max is the end of the range, inclusive.
    min Number
    min is the start of the range, inclusive.

    PodSecurityPolicyTemplateRunAsUser, PodSecurityPolicyTemplateRunAsUserArgs

    Rule string
    rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    Ranges List<PodSecurityPolicyTemplateRunAsUserRange>
    ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
    Rule string
    rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    Ranges []PodSecurityPolicyTemplateRunAsUserRange
    ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    ranges List<PodSecurityPolicyTemplateRunAsUserRange>
    ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
    rule string
    rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    ranges PodSecurityPolicyTemplateRunAsUserRange[]
    ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
    rule str
    rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    ranges Sequence[PodSecurityPolicyTemplateRunAsUserRange]
    ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate the allowable RunAsUser values that may be set.
    ranges List<Property Map>
    ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

    PodSecurityPolicyTemplateRunAsUserRange, PodSecurityPolicyTemplateRunAsUserRangeArgs

    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    max Integer
    max is the end of the range, inclusive.
    min Integer
    min is the start of the range, inclusive.
    max number
    max is the end of the range, inclusive.
    min number
    min is the start of the range, inclusive.
    max int
    max is the end of the range, inclusive.
    min int
    min is the start of the range, inclusive.
    max Number
    max is the end of the range, inclusive.
    min Number
    min is the start of the range, inclusive.

    PodSecurityPolicyTemplateRuntimeClass, PodSecurityPolicyTemplateRuntimeClassArgs

    AllowedRuntimeClassNames List<string>
    allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
    DefaultRuntimeClassName string
    defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
    AllowedRuntimeClassNames []string
    allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
    DefaultRuntimeClassName string
    defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
    allowedRuntimeClassNames List<String>
    allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
    defaultRuntimeClassName String
    defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
    allowedRuntimeClassNames string[]
    allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
    defaultRuntimeClassName string
    defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
    allowed_runtime_class_names Sequence[str]
    allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
    default_runtime_class_name str
    defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
    allowedRuntimeClassNames List<String>
    allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
    defaultRuntimeClassName String
    defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

    PodSecurityPolicyTemplateSeLinux, PodSecurityPolicyTemplateSeLinuxArgs

    Rule string
    rule is the strategy that will dictate the allowable labels that may be set.
    SeLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOption
    seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    Rule string
    rule is the strategy that will dictate the allowable labels that may be set.
    SeLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOption
    seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    rule String
    rule is the strategy that will dictate the allowable labels that may be set.
    seLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOption
    seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    rule string
    rule is the strategy that will dictate the allowable labels that may be set.
    seLinuxOption PodSecurityPolicyTemplateSeLinuxSeLinuxOption
    seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    rule str
    rule is the strategy that will dictate the allowable labels that may be set.
    se_linux_option PodSecurityPolicyTemplateSeLinuxSeLinuxOption
    seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
    rule String
    rule is the strategy that will dictate the allowable labels that may be set.
    seLinuxOption Property Map
    seLinuxOptions required to run as; required for MustRunAs. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

    PodSecurityPolicyTemplateSeLinuxSeLinuxOption, PodSecurityPolicyTemplateSeLinuxSeLinuxOptionArgs

    Level string
    Level is SELinux level label that applies to the container.
    Role string
    Role is a SELinux role label that applies to the container.
    Type string
    Type is a SELinux type label that applies to the container.
    User string
    User is a SELinux user label that applies to the container.
    Level string
    Level is SELinux level label that applies to the container.
    Role string
    Role is a SELinux role label that applies to the container.
    Type string
    Type is a SELinux type label that applies to the container.
    User string
    User is a SELinux user label that applies to the container.
    level String
    Level is SELinux level label that applies to the container.
    role String
    Role is a SELinux role label that applies to the container.
    type String
    Type is a SELinux type label that applies to the container.
    user String
    User is a SELinux user label that applies to the container.
    level string
    Level is SELinux level label that applies to the container.
    role string
    Role is a SELinux role label that applies to the container.
    type string
    Type is a SELinux type label that applies to the container.
    user string
    User is a SELinux user label that applies to the container.
    level str
    Level is SELinux level label that applies to the container.
    role str
    Role is a SELinux role label that applies to the container.
    type str
    Type is a SELinux type label that applies to the container.
    user str
    User is a SELinux user label that applies to the container.
    level String
    Level is SELinux level label that applies to the container.
    role String
    Role is a SELinux role label that applies to the container.
    type String
    Type is a SELinux type label that applies to the container.
    user String
    User is a SELinux user label that applies to the container.

    PodSecurityPolicyTemplateSupplementalGroup, PodSecurityPolicyTemplateSupplementalGroupArgs

    Ranges List<PodSecurityPolicyTemplateSupplementalGroupRange>
    ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    Rule string
    rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    Ranges []PodSecurityPolicyTemplateSupplementalGroupRange
    ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    Rule string
    rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    ranges List<PodSecurityPolicyTemplateSupplementalGroupRange>
    ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    ranges PodSecurityPolicyTemplateSupplementalGroupRange[]
    ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    rule string
    rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    ranges Sequence[PodSecurityPolicyTemplateSupplementalGroupRange]
    ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    rule str
    rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
    ranges List<Property Map>
    ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
    rule String
    rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

    PodSecurityPolicyTemplateSupplementalGroupRange, PodSecurityPolicyTemplateSupplementalGroupRangeArgs

    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    Max int
    max is the end of the range, inclusive.
    Min int
    min is the start of the range, inclusive.
    max Integer
    max is the end of the range, inclusive.
    min Integer
    min is the start of the range, inclusive.
    max number
    max is the end of the range, inclusive.
    min number
    min is the start of the range, inclusive.
    max int
    max is the end of the range, inclusive.
    min int
    min is the start of the range, inclusive.
    max Number
    max is the end of the range, inclusive.
    min Number
    min is the start of the range, inclusive.

    Import

    PodSecurityPolicyTemplate can be imported using the Rancher PodSecurityPolicyTemplate Name

    $ pulumi import rancher2:index/podSecurityPolicyTemplate:PodSecurityPolicyTemplate foo &lt;pod_security_policy_name&gt;
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Rancher2 pulumi/pulumi-rancher2
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the rancher2 Terraform Provider.
    rancher2 logo
    Rancher 2 v6.1.1 published on Friday, May 10, 2024 by Pulumi