You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've implemented PodSecurityPolicy as a standalone object in our project that uses Skuber, in the end, for different reasons, we decided not to use this solution so we removed the code from the project.
Working towards deadlines I cant provide a full PR for it, but I hope that by including the code I've used in this issue it would make it easy for someone looking to use this with Skuber in the future or provide a proper PR.
/**
* PodSecurityPolicy
*/
case class PodSecurityPolicy(
val kind: String = "PodSecurityPolicy",
override val apiVersion: String = "extensions/v1beta1",
val metadata: ObjectMeta,
spec: Option[PodSecurityPolicy.Spec] = None)
extends ObjectResource with Limitable
object PodSecurityPolicy {
val specification = NonCoreResourceSpecification(
version = Some("v1beta1"),
apiGroup = "extensions",
versions = List.empty,
scope = ResourceSpecification.Scope.Cluster,
names = ResourceSpecification.Names(plural = "podsecuritypolicies", singular = "podsecuritypolicy", kind = "PodSecurityPolicy", shortNames = List("psp")),
subresources = None
)
case class AllowedFlexVolumes(driver: String)
case class AllowedHostPath(pathPrefix: String, readOnly: Boolean)
case class AllowedCSIDriver(name: String)
case class PortRange(min: Int, max: Int)
case class Range(min: Int, max: Int)
case class FsGroupStrategyOptions(rule: String, ranges: Option[Range])
case class HostPortRange(privileged: String, readOnlyRootFilesystem: String, range: PortRange)
case class RunAsUserStrategyOptions(rule: String, ranges: Option[Range])
case class RunAsGroupStrategyOptions(rule: String, ranges: Option[Range])
case class SeLinuxOptions(level: Option[String], role: Option[String], tsomype: Option[String], user: Option[String])
case class SeLinuxStrategyOptions(rule: String, seLinuxOptions: Option[SeLinuxOptions])
case class SupplementalGroupsStrategyOptions(rule: String, ranges: Option[Range])
val MustRunAsNonRoot = "MustRunAsNonRoot"
val RunAsAny = "RunAsAny"
val MustRunAs = "MustRunAs"
case class Spec(
allowPrivilegeEscalation: Boolean = false,
allowedCSIDrivers: Option[List[AllowedCSIDriver]] = None,
allowedCapabilities: Option[List[String]] = None,
allowedFlexVolumes: Option[List[AllowedFlexVolumes]] = None,
allowedHostPaths: Option[List[AllowedHostPath]] = None,
allowedProcMountTypes: Option[List[String]] = None,
allowedUnsafeSysctls: Option[List[String]] = None,
defaultAddCapabilities: Option[List[String]] = None,
defaultAllowPrivilegeEscalation: Boolean = false,
forbiddenSysctls: Option[List[String]] = None,
fsGroup: FsGroupStrategyOptions,
hostIPC: Boolean = false,
hostNetwork: Boolean = false,
hostPID: Boolean = false,
privileged: Boolean = false,
readOnlyRootFilesystem: Boolean = false,
hostPorts: Option[HostPortRange] = None,
requiredDropCapabilities: Option[List[String]] = None,
runAsGroup: Option[RunAsGroupStrategyOptions] = None,
runAsUser: RunAsUserStrategyOptions,
seLinux: SeLinuxStrategyOptions,
supplementalGroups: SupplementalGroupsStrategyOptions,
volumes: Option[List[String]] = None
)
implicit val allowedFlexVolumesFmt: Format[AllowedFlexVolumes] = Json.format[AllowedFlexVolumes]
implicit val allowedHostPathFmt: Format[AllowedHostPath] = Json.format[AllowedHostPath]
implicit val allowedCSIDriverFmt: Format[AllowedCSIDriver] = Json.format[AllowedCSIDriver]
implicit val portRangeFmt: Format[PortRange] = Json.format[PortRange]
implicit val rangeFmt: Format[Range] = Json.format[Range]
implicit val hostPortRangeFmt: Format[HostPortRange] = Json.format[HostPortRange]
implicit val fsGroupStrategyOptionsFmt: Format[FsGroupStrategyOptions] = Json.format[FsGroupStrategyOptions]
implicit val runAsUserStrategyOptionsFmt: Format[RunAsUserStrategyOptions] = Json.format[RunAsUserStrategyOptions]
implicit val runAsGroupStrategyOptionsFmt: Format[RunAsGroupStrategyOptions] = Json.format[RunAsGroupStrategyOptions]
implicit val seLinuxOptionsFmt: Format[SeLinuxOptions] = Json.format[SeLinuxOptions]
implicit val seLinuxStrategyOptionsFmt: Format[SeLinuxStrategyOptions] = Json.format[SeLinuxStrategyOptions]
implicit val supplementalGroupsStrategyOptionsFmt: Format[SupplementalGroupsStrategyOptions] = Json.format[SupplementalGroupsStrategyOptions]
implicit val specFmt: Format[Spec] = Json.format[Spec]
implicit val pspFmt: Format[PodSecurityPolicy] = Json.format[PodSecurityPolicy]
implicit val pspDef = new ResourceDefinition[PodSecurityPolicy]() { def spec = specification }
}
The text was updated successfully, but these errors were encountered:
Hi,
I've implemented
PodSecurityPolicy
as a standalone object in our project that uses Skuber, in the end, for different reasons, we decided not to use this solution so we removed the code from the project.Working towards deadlines I cant provide a full PR for it, but I hope that by including the code I've used in this issue it would make it easy for someone looking to use this with Skuber in the future or provide a proper PR.
The text was updated successfully, but these errors were encountered: