kubernetes_pod_security_policy_v1beta1

A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.

Example Usage

resource "kubernetes_pod_security_policy_v1beta1" "example" {
  metadata {
    name = "terraform-example"
  }
  spec {
    privileged                 = false
    allow_privilege_escalation = false

    volumes = [
      "configMap",
      "emptyDir",
      "projected",
      "secret",
      "downwardAPI",
      "persistentVolumeClaim",
    ]

    run_as_user {
      rule = "MustRunAsNonRoot"
    }

    se_linux {
      rule = "RunAsAny"
    }

    supplemental_groups {
      rule = "MustRunAs"
      range {
        min = 1
        max = 65535
      }
    }

    fs_group {
      rule = "MustRunAs"
      range {
        min = 1
        max = 65535
      }
    }

    read_only_root_filesystem = true
  }
}

Argument Reference

The following arguments are supported:

Nested Blocks

metadata

Arguments

Attributes

spec

Arguments

allowed_flex_volumes

Arguments

allowed_host_paths

Arguments

fs_group

Arguments

run_as_user

Arguments

run_as_group

Arguments

se_linux

Arguments

supplemental_groups

Arguments

range

Arguments

Import

Pod Security Policy can be imported using its name, e.g.

$ terraform import kubernetes_pod_security_policy_v1beta1.example terraform-example