Class GkePolicy

A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a PlatformPolicy.

Inheritance

object

GkePolicy

Implements

IDirectResponseSchema

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace: Google.Apis.BinaryAuthorization.v1.Data

Assembly: Google.Apis.BinaryAuthorization.v1.dll

Syntax

public class GkePolicy : IDirectResponseSchema

Properties

CheckSets

Optional. The CheckSet objects to apply, scoped by namespace or namespace and service account. Exactly one CheckSet will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple CheckSet objects have scopes that match the namespace and service account of the Pod being evaluated, only the CheckSet with the MOST SPECIFIC scope will match. CheckSet objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a CheckSet with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one CheckSet matches a given Pod, the CheckSet that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If check_sets is empty, the default behavior is to allow all images. If check_sets is non-empty, the last check_sets entry must always be a CheckSet with no scope set, i.e. a catchall to handle any situation not caught by the preceding CheckSet objects.

Declaration

[JsonProperty("checkSets")]
public virtual IList<CheckSet> CheckSets { get; set; }

Property Value

Type	Description
IList<CheckSet>

ETag

The ETag of the item.

Declaration

public virtual string ETag { get; set; }

Property Value

Type	Description
string

ImageAllowlist

Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.

Declaration

[JsonProperty("imageAllowlist")]
public virtual ImageAllowlist ImageAllowlist { get; set; }

Property Value

Type	Description
ImageAllowlist

Implements

IDirectResponseSchema