Skip to content

Commit d0be92a

Browse files
k8s-publish-robotk8s-publish-robot
committed
Merge pull request #53911 from tallclair/psp-docs
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Clarify DefaultAddCapabilities behavior Clarify that capabilities listed in `DefaultAddCapabilities` in the `PodSecurityPolicySpec` need not be repeated in `AllowedCapabilities`. **Release note**: ```release-note NONE ``` Kubernetes-commit: 95038553d7c41ce11ee631e096b773c6756d59a2
2 parents fa5a545 + 03440d5 commit d0be92a

File tree

4 files changed

+32
-30
lines changed

4 files changed

+32
-30
lines changed

Godeps/Godeps.json

+25-25
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

extensions/v1beta1/generated.proto

+3-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

extensions/v1beta1/types.go

+3-2
Original file line numberDiff line numberDiff line change
@@ -882,8 +882,9 @@ type PodSecurityPolicySpec struct {
882882
// +optional
883883
Privileged bool `json:"privileged,omitempty" protobuf:"varint,1,opt,name=privileged"`
884884
// DefaultAddCapabilities is the default set of capabilities that will be added to the container
885-
// unless the pod spec specifically drops the capability. You may not list a capabiility in both
886-
// DefaultAddCapabilities and RequiredDropCapabilities.
885+
// unless the pod spec specifically drops the capability. You may not list a capability in both
886+
// DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly
887+
// allowed, and need not be included in the AllowedCapabilities list.
887888
// +optional
888889
DefaultAddCapabilities []v1.Capability `json:"defaultAddCapabilities,omitempty" protobuf:"bytes,2,rep,name=defaultAddCapabilities,casttype=k8s.io/api/core/v1.Capability"`
889890
// RequiredDropCapabilities are the capabilities that will be dropped from the container. These

extensions/v1beta1/types_swagger_doc_generated.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -449,7 +449,7 @@ func (PodSecurityPolicyList) SwaggerDoc() map[string]string {
449449
var map_PodSecurityPolicySpec = map[string]string{
450450
"": "Pod Security Policy Spec defines the policy enforced.",
451451
"privileged": "privileged determines if a pod can request to be run as privileged.",
452-
"defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.",
452+
"defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list.",
453453
"requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.",
454454
"allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
455455
"volumes": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.",

0 commit comments

Comments
 (0)