npm - tencentcloud-sdk-nodejs-tke - Versions diffs - 4.1.131 → 4.1.134 - Mend

tencentcloud-sdk-nodejs-tke 4.1.131 → 4.1.134

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/tencentcloud/services/tke/v20180525/tke_models.d.ts +58 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tencentcloud-sdk-nodejs-tke",
-  "version": "4.1.131",
+  "version": "4.1.134",
   "description": "腾讯云 API NODEJS SDK",
   "main": "./tencentcloud/index.js",
   "module": "./es/index.js",

package/tencentcloud/services/tke/v20180525/tke_models.d.ts CHANGED Viewed

@@ -3206,7 +3206,7 @@ export interface UpdateClusterVersionRequest {
  */
 export interface ModifyOpenPolicyListRequest {
     /**
-     * 集群ID
+     * 集群ID，请从容器服务集群控制台获取（https://console.cloud.tencent.com/tke2/cluster）。
      */
     ClusterId: string;
     /**
@@ -10346,7 +10346,63 @@ export interface OpenPolicySwitch {
      */
     Name: string;
     /**
-     * 策略模板类型
+     * 策略模板类型，可选值：
+  优选策略：
+  blocknamespacedeletion：存在pod的命名空间不允许删除
+  blockcrddeletion：存在cr的crd不允许删除
+  blockmountablevolumetype：禁止挂载指定的volume类型
+  disallowalwayspullimage：禁止镜像拉取策略使用Always
+  tkeallowedrepos：容器镜像来源限制
+  blockunknowndaemonset：禁止未知的DaemonSet部署
+  blockpvdeletion：PV处于绑定状态则不允许删除
+  corednsprotect：CoreDNS组件删除保护
+  blockschedulablenodedelete：非封锁状态的Node不允许删除
+  resourcesdeletionprotection：资源删除保护
+  tkeenirequest：弹性网卡资源配置限制
+  blockworkloadcrossversionupgrade：工作负载镜像版本升级策略管控
+  blockserviceaccountgranthighprivilegepermission：ServiceAccount权限管控
+  blockclusteripserviceexist：不允许Service为ClusterIP类型
+  blockinternetaccess：禁止公网访问
+  assign：禁止访问Metadata Server
+  blockhostnetworkpod：禁止创建HostNetwork类型Pod
+  可选策略：
+  blockvolumemountpath：禁止容器挂载指定的目录
+  k8sallowedrepos：容器镜像必须以指定字符串列表中的字符串开头
+  k8sblockendpointeditdefaultrole：禁止默认ClusterRole修改Endpoints
+  k8sblockloadbalancer：不允许Service为LoadBalancer类型
+  k8sblocknodeport：不允许Service为NodePort类型
+  k8sblockwildcardingress：禁止ingress配置空白或通配符类型的hostname
+  k8scontainerlimits：限制容器必须设置CPU和内存Limit
+  k8scontainerratios：限制CPU和内存的Request与Limit的最大比率
+  k8scontainerrequests：限制CPU和内存的Request必须设置且小于配置的最大值
+  k8srequiredresources：必须配置内存的Limit，CPU和内存的Request
+  k8sdisallowanonymous：不允许将白名单以外的ClusterRole和Role关联到system:anonymous User和system:unauthenticated Group
+  k8sdisallowedtags：约束容器镜像tag
+  k8sexternalips：限制服务externalIP仅为允许的IP地址列表
+  k8simagedigests：容器镜像必须包含digest
+  noupdateserviceaccount：拒绝白名单外的资源更新ServiceAccount
+  k8sreplicalimits：要求具有spec.replicas字段的对象（Deployments、ReplicaSets等）在定义的范围内
+  k8srequiredannotations：要求资源包含指定的annotations，其值与提供的正则表达式匹配
+  k8srequiredlabels：要求资源包含指定的标签，其值与提供的正则表达式匹配
+  k8srequiredprobes：要求Pod具有Readiness或Liveness Probe
+  k8spspautomountserviceaccounttokenpod：约束容器不能设置automountServiceAccountToken为true
+  k8spspallowprivilegeescalationcontainer：约束PodSecurityPolicy中的allowPrivilegeEscalation字段为false
+  k8spspapparmor：约束AppArmor字段列表
+  k8spspcapabilities：限制PodSecurityPolicy中的allowedCapabilities和requiredDropCapabilities字段
+  k8spspflexvolumes：约束PodSecurityPolicy中的allowedFlexVolumes字段类型
+  k8spspforbiddensysctls：约束PodSecurityPolicy中的sysctls字段不能使用的name
+  k8spspfsgroup：控制PodSecurityPolicy中的fsGroup字段在限制范围内
+  k8spsphostfilesystem：约束PodSecurityPolicy中的hostPath字段的参数
+  k8spsphostnamespace：限制PodSecurityPolicy中的hostPID和hostIPC字段
+  k8spsphostnetworkingports：约束PodSecurityPolicy中的hostNetwork和hostPorts字段
+  k8spspprivilegedcontainer：禁止PodSecurityPolicy中的privileged字段为true
+  k8spspprocmount：约束PodSecurityPolicy中的allowedProcMountTypes字段
+  k8spspreadonlyrootfilesystem：约束PodSecurityPolicy中的readOnlyRootFilesystem字段
+  k8spspseccomp：约束PodSecurityPolicy上的seccomp.security.alpha.kubernetes.io/allowedProfileNames注解
+  k8spspselinuxv2：约束Pod定义SELinux配置的允许列表
+  k8spspallowedusers：约束PodSecurityPolicy中的runAsUser、runAsGroup、supplementalGroups和fsGroup字段
+  k8spspvolumetypes：约束PodSecurityPolicy中的volumes字段类型
      */
     Kind: string;
     /**