kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add host paths to psp (#3971) 

* add host paths to psp

* add italics
reviewable/pr3989/r1
Charlie R.C 2017-06-03 05:11:38 +08:00 committed by Andrew Chen
parent 6cbd6bda67
commit 952e5b4497
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/concepts/policy/pod-security-policy.md
View File

@ -35,6 +35,7 @@ administrator to control the following:
| The use of host ports | `hostPorts` | | The use of host ports | `hostPorts` |
| The use of host's PID namespace | `hostPID` | | The use of host's PID namespace | `hostPID` |
| The use of host's IPC namespace | `hostIPC` | | The use of host's IPC namespace | `hostIPC` |
| The use of host paths | [`allowedHostPaths`](#allowed-host-paths) |
| The SELinux context of the container | [`seLinux`](#selinux) | | The SELinux context of the container | [`seLinux`](#selinux) |
| The user ID | [`runAsUser`](#runasuser) | | The user ID | [`runAsUser`](#runasuser) |
| Configuring allowable supplemental groups | [`supplementalGroups`](#supplementalgroups) | | Configuring allowable supplemental groups | [`supplementalGroups`](#supplementalgroups) |
@ -126,7 +127,10 @@ configMap, downwardAPI, emptyDir, persistentVolumeClaim, secret, and projected.
### Host Network ### Host Network
- *HostPorts*, default `empty`. List of `HostPortRange`, defined by `min`(inclusive) and `max`(inclusive), which define the allowed host ports. - *HostPorts*, default `empty`. List of `HostPortRange`, defined by `min`(inclusive) and `max`(inclusive), which define the allowed host ports.
### Allowed Host Paths
- *AllowedHostPaths* is a white list of allowed host path prefixes. Empty indicates that all host paths may be used.
## Admission ## Admission
_Admission control_ with `PodSecurityPolicy` allows for control over the _Admission control_ with `PodSecurityPolicy` allows for control over the