Replace Configuration Specification.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/k8s_pod_security_policys/example';const options = { method: 'PUT', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"metadata":{"annotations":{},"description":"example","disable":true,"labels":{},"name":"example","namespace":"example"},"spec":{"psp_spec":{"allow_privilege_escalation":true,"allowed_capabilities":{"capabilities":["example"]},"allowed_csi_drivers":["example"],"allowed_flex_volumes":["example"],"allowed_host_paths":[{"path_prefix":"example","read_only":true}],"allowed_proc_mounts":["example"],"allowed_unsafe_sysctls":["example"],"default_allow_privilege_escalation":true,"default_capabilities":{"capabilities":["example"]},"drop_capabilities":{"capabilities":["example"]},"forbidden_sysctls":["example"],"fs_group_strategy_options":{"id_ranges":[{"max_id":1,"min_id":1}],"rule":"example"},"host_ipc":true,"host_network":true,"host_pid":true,"host_port_ranges":"example","no_allowed_capabilities":{},"no_default_capabilities":{},"no_drop_capabilities":{},"no_fs_groups":{},"no_run_as_group":{},"no_run_as_user":{},"no_runtime_class":{},"no_se_linux_options":{},"no_supplemental_groups":{},"privileged":true,"read_only_root_filesystem":true,"run_as_group":{"id_ranges":[{"max_id":1,"min_id":1}],"rule":"example"},"run_as_user":{"id_ranges":[{"max_id":1,"min_id":1}],"rule":"example"},"supplemental_groups":{"id_ranges":[{"max_id":1,"min_id":1}],"rule":"example"},"volumes":["example"]},"yaml":"example"}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PUT \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/k8s_pod_security_policys/example \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "psp_spec": { "allow_privilege_escalation": true, "allowed_capabilities": { "capabilities": [ "example" ] }, "allowed_csi_drivers": [ "example" ], "allowed_flex_volumes": [ "example" ], "allowed_host_paths": [ { "path_prefix": "example", "read_only": true } ], "allowed_proc_mounts": [ "example" ], "allowed_unsafe_sysctls": [ "example" ], "default_allow_privilege_escalation": true, "default_capabilities": { "capabilities": [ "example" ] }, "drop_capabilities": { "capabilities": [ "example" ] }, "forbidden_sysctls": [ "example" ], "fs_group_strategy_options": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "host_ipc": true, "host_network": true, "host_pid": true, "host_port_ranges": "example", "no_allowed_capabilities": {}, "no_default_capabilities": {}, "no_drop_capabilities": {}, "no_fs_groups": {}, "no_run_as_group": {}, "no_run_as_user": {}, "no_runtime_class": {}, "no_se_linux_options": {}, "no_supplemental_groups": {}, "privileged": true, "read_only_root_filesystem": true, "run_as_group": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "run_as_user": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "supplemental_groups": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "volumes": [ "example" ] }, "yaml": "example" } }'Replacing an k8s_pod_security_policy object will update the object by replacing the existing spec with the provided one. For read-then-write operations a resourceVersion mismatch will occur if the object was modified between the read and write.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
Name The configuration object to be replaced will be looked up by name.
Request Bodyrequired
Section titled “Request Bodyrequired”This is the input message of the ‘Replace’ RPC.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
Pod can request to privilege escalation.
object
List of capabilities that docker container has. Required: YES.
Restrict the available CSI drivers for POD, default all drivers are available.
Restrict list of Flex volumes, default all volumes are allowed.
Restrict list of host paths, default all host paths are allowed.
Host path and read/write or read-only.
object
Host path prefix is the path prefix that the host volume must match. It does not support *. Required: YES.
This volume will be allowed to mount read only.
Allowed list of proc mounts, empty list allows default proc mounts.
Allowed list of unsafe sysctls, empty list allows none. Supports prefix reg-ex.
Pod has permission for privilege escalation by default.
object
List of capabilities that docker container has. Required: YES.
object
List of capabilities that docker container has. Required: YES.
Forbidden list of sysctls, empty list forbids none. Supports prefix reg-ex.
object
List of range of ID(s)
object
Ending(maximum) ID for for ID range Required: YES.
Starting(minimum) ID for for ID range Required: YES.
Rule indicated how the FS group ID range is used.
Host IPC determines if the policy allows the use of host IPC in the pod spec.
Host Network determines if the policy allows the use of host network in the pod spec.
Host PID determines if the policy allows the use of host PID in the pod spec.
Host port ranges determines which ports ranges are allowed to be exposed.
object
object
object
object
object
object
object
object
object
Privileged determines if a pod can request to be run as privileged.
Containers can only run with read only root filesystem.
object
List of range of ID(s)
object
Ending(maximum) ID for for ID range Required: YES.
Starting(minimum) ID for for ID range Required: YES.
Rule indicated how the FS group ID range is used.
object
List of range of ID(s)
object
Ending(maximum) ID for for ID range Required: YES.
Starting(minimum) ID for for ID range Required: YES.
Rule indicated how the FS group ID range is used.
object
List of range of ID(s)
object
Ending(maximum) ID for for ID range Required: YES.
Starting(minimum) ID for for ID range Required: YES.
Rule indicated how the FS group ID range is used.
Allow List of volume plugins. Empty no volumes are allowed.
Exclusive with [psp_spec] K8s YAML for Pod Security Policy.
Examplegenerated
{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "psp_spec": { "allow_privilege_escalation": true, "allowed_capabilities": { "capabilities": [ "example" ] }, "allowed_csi_drivers": [ "example" ], "allowed_flex_volumes": [ "example" ], "allowed_host_paths": [ { "path_prefix": "example", "read_only": true } ], "allowed_proc_mounts": [ "example" ], "allowed_unsafe_sysctls": [ "example" ], "default_allow_privilege_escalation": true, "default_capabilities": { "capabilities": [ "example" ] }, "drop_capabilities": { "capabilities": [ "example" ] }, "forbidden_sysctls": [ "example" ], "fs_group_strategy_options": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "host_ipc": true, "host_network": true, "host_pid": true, "host_port_ranges": "example", "no_allowed_capabilities": {}, "no_default_capabilities": {}, "no_drop_capabilities": {}, "no_fs_groups": {}, "no_run_as_group": {}, "no_run_as_user": {}, "no_runtime_class": {}, "no_se_linux_options": {}, "no_supplemental_groups": {}, "privileged": true, "read_only_root_filesystem": true, "run_as_group": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "run_as_user": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "supplemental_groups": { "id_ranges": [ { "max_id": 1, "min_id": 1 } ], "rule": "example" }, "volumes": [ "example" ] }, "yaml": "example" }}Responses
Section titled “Responses”A successful response.
object
Examplegenerated
{}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example