replace whitelist to allowlist
Kubernetes-commit: 8d68452ea05d132cb5fe76e429b69abb3ac01fae
This commit is contained in:
wangkai1994
Kubernetes Publisher
parent
3157592ca3
commit
19707aa64b
|
|
@ -13123,7 +13123,7 @@
|
|||
"type": "boolean"
|
||||
},
|
||||
"allowedCSIDrivers": {
|
||||
"description": "AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.",
|
||||
"description": "AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.",
|
||||
"items": {
|
||||
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.AllowedCSIDriver"
|
||||
},
|
||||
|
|
@ -13137,28 +13137,28 @@
|
|||
"type": "array"
|
||||
},
|
||||
"allowedFlexVolumes": {
|
||||
"description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
|
||||
"description": "allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
|
||||
"items": {
|
||||
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.AllowedFlexVolume"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"allowedHostPaths": {
|
||||
"description": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.",
|
||||
"description": "allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used.",
|
||||
"items": {
|
||||
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.AllowedHostPath"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"allowedProcMountTypes": {
|
||||
"description": "AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",
|
||||
"description": "AllowedProcMountTypes is an allowlist of ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"allowedUnsafeSysctls": {
|
||||
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
|
||||
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
@ -13241,7 +13241,7 @@
|
|||
"description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
|
||||
},
|
||||
"volumes": {
|
||||
"description": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
|
||||
"description": "volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
@ -13500,7 +13500,7 @@
|
|||
"description": "RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.",
|
||||
"properties": {
|
||||
"allowedRuntimeClassNames": {
|
||||
"description": "allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.",
|
||||
"description": "allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
@ -14498,7 +14498,7 @@
|
|||
"type": "boolean"
|
||||
},
|
||||
"allowedCSIDrivers": {
|
||||
"description": "AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.",
|
||||
"description": "AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.",
|
||||
"items": {
|
||||
"$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedCSIDriver"
|
||||
},
|
||||
|
|
@ -14512,28 +14512,28 @@
|
|||
"type": "array"
|
||||
},
|
||||
"allowedFlexVolumes": {
|
||||
"description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
|
||||
"description": "allowedFlexVolumes is an allowlist of Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
|
||||
"items": {
|
||||
"$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedFlexVolume"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"allowedHostPaths": {
|
||||
"description": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.",
|
||||
"description": "allowedHostPaths is an allowlist of host paths. Empty indicates that all host paths may be used.",
|
||||
"items": {
|
||||
"$ref": "#/definitions/io.k8s.api.policy.v1beta1.AllowedHostPath"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"allowedProcMountTypes": {
|
||||
"description": "AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",
|
||||
"description": "AllowedProcMountTypes is an allowlist of ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"allowedUnsafeSysctls": {
|
||||
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
|
||||
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to allowlist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
@ -14616,7 +14616,7 @@
|
|||
"description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
|
||||
},
|
||||
"volumes": {
|
||||
"description": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
|
||||
"description": "volumes is an allowlist of volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
@ -14675,7 +14675,7 @@
|
|||
"description": "RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.",
|
||||
"properties": {
|
||||
"allowedRuntimeClassNames": {
|
||||
"description": "allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.",
|
||||
"description": "allowedRuntimeClassNames is an allowlist of RuntimeClass names that may be specified on a pod. A value of \"*\" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue