Help Center>
Ubiquitous Cloud Native Service>
User Guide>
Policy Center>
Policy Definition Library>
k8spspflexvolumes
Updated on 2024-02-01 GMT+08:00
k8spspflexvolumes
Basic Information
Function
This policy restricts the allowedFlexVolumes field type in PodSecurityPolicy.
Policy Example
The following policy instance shows the types of resources for which the policy definition takes effect. The allowedFlexVolumes field in parameters defines the allowed driver types.
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sPSPFlexVolumes
metadata:
name: psp-flexvolume-drivers
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
parameters:
allowedFlexVolumes: #[]
- driver: "example/lvm"
- driver: "example/cifs"
Resource Definition That Complies with the Policy
In the example, the type in flexVolume is within the preceding range and complies with the policy instance.
apiVersion: v1
kind: Pod
metadata:
name: nginx-flexvolume-driver-allowed
labels:
app: nginx-flexvolume-driver
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- mountPath: /test
name: test-volume
readOnly: true
volumes:
- name: test-volume
flexVolume:
driver: "example/lvm"
Resource Definition That Does Not Comply with the Policy
In the example, the type in flexVolume is not within the preceding range and does not comply with the policy instance.
apiVersion: v1
kind: Pod
metadata:
name: nginx-flexvolume-driver-disallowed
labels:
app: nginx-flexvolume-driver
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- mountPath: /test
name: test-volume
readOnly: true
volumes:
- name: test-volume
flexVolume:
driver: "example/testdriver" #"example/lvm"
Parent topic: Policy Definition Library
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
