pulumi-kubernetes 4.17.0a1723576835__py3-none-any.whl → 4.26.0a1769215986__py3-none-any.whl

pulumi_kubernetes/policy/v1beta1/outputs.py

@@ -2,7 +2,7 @@
 # *** WARNING: this file was generated by pulumigen. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -56,16 +56,16 @@ class AllowedCSIDriver(dict):
     AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
     """
     def __init__(__self__, *,
-                 name: str):
+                 name: _builtins.str):
         """
         AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
-        :param str name: Name is the registered name of the CSI driver
+        :param _builtins.str name: Name is the registered name of the CSI driver
         """
         pulumi.set(__self__, "name", name)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> str:
+    def name(self) -> _builtins.str:
         """
         Name is the registered name of the CSI driver
         """
@@ -78,17 +78,17 @@ class AllowedCSIDriverPatch(dict):
     AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
     """
     def __init__(__self__, *,
-                 name: Optional[str] = None):
+                 name: Optional[_builtins.str] = None):
         """
         AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
-        :param str name: Name is the registered name of the CSI driver
+        :param _builtins.str name: Name is the registered name of the CSI driver
         """
         if name is not None:
             pulumi.set(__self__, "name", name)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[str]:
+    def name(self) -> Optional[_builtins.str]:
         """
         Name is the registered name of the CSI driver
         """
@@ -101,16 +101,16 @@ class AllowedFlexVolume(dict):
     AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
     """
     def __init__(__self__, *,
-                 driver: str):
+                 driver: _builtins.str):
         """
         AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
-        :param str driver: driver is the name of the Flexvolume driver.
+        :param _builtins.str driver: driver is the name of the Flexvolume driver.
         """
         pulumi.set(__self__, "driver", driver)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def driver(self) -> str:
+    def driver(self) -> _builtins.str:
         """
         driver is the name of the Flexvolume driver.
         """
@@ -123,17 +123,17 @@ class AllowedFlexVolumePatch(dict):
     AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
     """
     def __init__(__self__, *,
-                 driver: Optional[str] = None):
+                 driver: Optional[_builtins.str] = None):
         """
         AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
-        :param str driver: driver is the name of the Flexvolume driver.
+        :param _builtins.str driver: driver is the name of the Flexvolume driver.
         """
         if driver is not None:
             pulumi.set(__self__, "driver", driver)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def driver(self) -> Optional[str]:
+    def driver(self) -> Optional[_builtins.str]:
         """
         driver is the name of the Flexvolume driver.
         """
@@ -165,23 +165,23 @@ class AllowedHostPath(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 path_prefix: Optional[str] = None,
-                 read_only: Optional[bool] = None):
+                 path_prefix: Optional[_builtins.str] = None,
+                 read_only: Optional[_builtins.bool] = None):
         """
         AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.
-        :param str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
+        :param _builtins.str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
                
                Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`
-        :param bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+        :param _builtins.bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
         if path_prefix is not None:
             pulumi.set(__self__, "path_prefix", path_prefix)
         if read_only is not None:
             pulumi.set(__self__, "read_only", read_only)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pathPrefix")
-    def path_prefix(self) -> Optional[str]:
+    def path_prefix(self) -> Optional[_builtins.str]:
         """
         pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
 
@@ -189,9 +189,9 @@ class AllowedHostPath(dict):
         """
         return pulumi.get(self, "path_prefix")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="readOnly")
-    def read_only(self) -> Optional[bool]:
+    def read_only(self) -> Optional[_builtins.bool]:
         """
         when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
@@ -223,23 +223,23 @@ class AllowedHostPathPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 path_prefix: Optional[str] = None,
-                 read_only: Optional[bool] = None):
+                 path_prefix: Optional[_builtins.str] = None,
+                 read_only: Optional[_builtins.bool] = None):
         """
         AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.
-        :param str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
+        :param _builtins.str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
                
                Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`
-        :param bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+        :param _builtins.bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
         if path_prefix is not None:
             pulumi.set(__self__, "path_prefix", path_prefix)
         if read_only is not None:
             pulumi.set(__self__, "read_only", read_only)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pathPrefix")
-    def path_prefix(self) -> Optional[str]:
+    def path_prefix(self) -> Optional[_builtins.str]:
         """
         pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
 
@@ -247,9 +247,9 @@ class AllowedHostPathPatch(dict):
         """
         return pulumi.get(self, "path_prefix")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="readOnly")
-    def read_only(self) -> Optional[bool]:
+    def read_only(self) -> Optional[_builtins.bool]:
         """
         when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
@@ -263,18 +263,18 @@ class FSGroupStrategyOptions(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRange']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[_builtins.str] = None):
         """
         FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of fs groups.  If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
+        :param _builtins.str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
         if rule is not None:
             pulumi.set(__self__, "rule", rule)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRange']]:
         """
@@ -282,9 +282,9 @@ class FSGroupStrategyOptions(dict):
         """
         return pulumi.get(self, "ranges")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
@@ -298,18 +298,18 @@ class FSGroupStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[_builtins.str] = None):
         """
         FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of fs groups.  If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
+        :param _builtins.str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
         if rule is not None:
             pulumi.set(__self__, "rule", rule)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRangePatch']]:
         """
@@ -317,9 +317,9 @@ class FSGroupStrategyOptionsPatch(dict):
         """
         return pulumi.get(self, "ranges")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
@@ -332,27 +332,27 @@ class HostPortRange(dict):
     HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
     """
     def __init__(__self__, *,
-                 max: int,
-                 min: int):
+                 max: _builtins.int,
+                 min: _builtins.int):
         """
         HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param _builtins.int max: max is the end of the range, inclusive.
+        :param _builtins.int min: min is the start of the range, inclusive.
         """
         pulumi.set(__self__, "max", max)
         pulumi.set(__self__, "min", min)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def max(self) -> int:
+    def max(self) -> _builtins.int:
         """
         max is the end of the range, inclusive.
         """
         return pulumi.get(self, "max")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def min(self) -> int:
+    def min(self) -> _builtins.int:
         """
         min is the start of the range, inclusive.
         """
@@ -365,29 +365,29 @@ class HostPortRangePatch(dict):
     HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
     """
     def __init__(__self__, *,
-                 max: Optional[int] = None,
-                 min: Optional[int] = None):
+                 max: Optional[_builtins.int] = None,
+                 min: Optional[_builtins.int] = None):
         """
         HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param _builtins.int max: max is the end of the range, inclusive.
+        :param _builtins.int min: min is the start of the range, inclusive.
         """
         if max is not None:
             pulumi.set(__self__, "max", max)
         if min is not None:
             pulumi.set(__self__, "min", min)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def max(self) -> Optional[int]:
+    def max(self) -> Optional[_builtins.int]:
         """
         max is the end of the range, inclusive.
         """
         return pulumi.get(self, "max")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def min(self) -> Optional[int]:
+    def min(self) -> Optional[_builtins.int]:
         """
         min is the start of the range, inclusive.
         """
@@ -400,27 +400,27 @@ class IDRange(dict):
     IDRange provides a min/max of an allowed range of IDs.
     """
     def __init__(__self__, *,
-                 max: int,
-                 min: int):
+                 max: _builtins.int,
+                 min: _builtins.int):
         """
         IDRange provides a min/max of an allowed range of IDs.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param _builtins.int max: max is the end of the range, inclusive.
+        :param _builtins.int min: min is the start of the range, inclusive.
         """
         pulumi.set(__self__, "max", max)
         pulumi.set(__self__, "min", min)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def max(self) -> int:
+    def max(self) -> _builtins.int:
         """
         max is the end of the range, inclusive.
         """
         return pulumi.get(self, "max")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def min(self) -> int:
+    def min(self) -> _builtins.int:
         """
         min is the start of the range, inclusive.
         """
@@ -433,29 +433,29 @@ class IDRangePatch(dict):
     IDRange provides a min/max of an allowed range of IDs.
     """
     def __init__(__self__, *,
-                 max: Optional[int] = None,
-                 min: Optional[int] = None):
+                 max: Optional[_builtins.int] = None,
+                 min: Optional[_builtins.int] = None):
         """
         IDRange provides a min/max of an allowed range of IDs.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param _builtins.int max: max is the end of the range, inclusive.
+        :param _builtins.int min: min is the start of the range, inclusive.
         """
         if max is not None:
             pulumi.set(__self__, "max", max)
         if min is not None:
             pulumi.set(__self__, "min", min)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def max(self) -> Optional[int]:
+    def max(self) -> Optional[_builtins.int]:
         """
         max is the end of the range, inclusive.
         """
         return pulumi.get(self, "max")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def min(self) -> Optional[int]:
+    def min(self) -> Optional[_builtins.int]:
         """
         min is the start of the range, inclusive.
         """
@@ -485,15 +485,15 @@ class PodDisruptionBudget(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 api_version: Optional[str] = None,
-                 kind: Optional[str] = None,
+                 api_version: Optional[_builtins.str] = None,
+                 kind: Optional[_builtins.str] = None,
                  metadata: Optional['_meta.v1.outputs.ObjectMeta'] = None,
                  spec: Optional['outputs.PodDisruptionBudgetSpec'] = None,
                  status: Optional['outputs.PodDisruptionBudgetStatus'] = None):
         """
         PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
-        :param str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-        :param str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+        :param _builtins.str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+        :param _builtins.str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         :param 'PodDisruptionBudgetSpecArgs' spec: Specification of the desired behavior of the PodDisruptionBudget.
         :param 'PodDisruptionBudgetStatusArgs' status: Most recently observed status of the PodDisruptionBudget.
         """
@@ -508,28 +508,28 @@ class PodDisruptionBudget(dict):
         if status is not None:
             pulumi.set(__self__, "status", status)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="apiVersion")
-    def api_version(self) -> Optional[str]:
+    def api_version(self) -> Optional[_builtins.str]:
         """
         APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
         """
         return pulumi.get(self, "api_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def kind(self) -> Optional[str]:
+    def kind(self) -> Optional[_builtins.str]:
         """
         Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         """
         return pulumi.get(self, "kind")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def metadata(self) -> Optional['_meta.v1.outputs.ObjectMeta']:
         return pulumi.get(self, "metadata")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def spec(self) -> Optional['outputs.PodDisruptionBudgetSpec']:
         """
@@ -537,7 +537,7 @@ class PodDisruptionBudget(dict):
         """
         return pulumi.get(self, "spec")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def status(self) -> Optional['outputs.PodDisruptionBudgetStatus']:
         """
@@ -576,8 +576,8 @@ class PodDisruptionBudgetSpec(dict):
                  selector: Optional['_meta.v1.outputs.LabelSelector'] = None):
         """
         PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
-        :param Union[int, str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
-        :param Union[int, str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
+        :param Union[_builtins.int, _builtins.str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+        :param Union[_builtins.int, _builtins.str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
         :param '_meta.v1.LabelSelectorArgs' selector: Label query over pods whose evictions are managed by the disruption budget.
         """
         if max_unavailable is not None:
@@ -587,7 +587,7 @@ class PodDisruptionBudgetSpec(dict):
         if selector is not None:
             pulumi.set(__self__, "selector", selector)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxUnavailable")
     def max_unavailable(self) -> Optional[Any]:
         """
@@ -595,7 +595,7 @@ class PodDisruptionBudgetSpec(dict):
         """
         return pulumi.get(self, "max_unavailable")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minAvailable")
     def min_available(self) -> Optional[Any]:
         """
@@ -603,7 +603,7 @@ class PodDisruptionBudgetSpec(dict):
         """
         return pulumi.get(self, "min_available")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def selector(self) -> Optional['_meta.v1.outputs.LabelSelector']:
         """
@@ -642,8 +642,8 @@ class PodDisruptionBudgetSpecPatch(dict):
                  selector: Optional['_meta.v1.outputs.LabelSelectorPatch'] = None):
         """
         PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
-        :param Union[int, str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
-        :param Union[int, str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
+        :param Union[_builtins.int, _builtins.str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+        :param Union[_builtins.int, _builtins.str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
         :param '_meta.v1.LabelSelectorPatchArgs' selector: Label query over pods whose evictions are managed by the disruption budget.
         """
         if max_unavailable is not None:
@@ -653,7 +653,7 @@ class PodDisruptionBudgetSpecPatch(dict):
         if selector is not None:
             pulumi.set(__self__, "selector", selector)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxUnavailable")
     def max_unavailable(self) -> Optional[Any]:
         """
@@ -661,7 +661,7 @@ class PodDisruptionBudgetSpecPatch(dict):
         """
         return pulumi.get(self, "max_unavailable")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="minAvailable")
     def min_available(self) -> Optional[Any]:
         """
@@ -669,7 +669,7 @@ class PodDisruptionBudgetSpecPatch(dict):
         """
         return pulumi.get(self, "min_available")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def selector(self) -> Optional['_meta.v1.outputs.LabelSelectorPatch']:
         """
@@ -711,20 +711,20 @@ class PodDisruptionBudgetStatus(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 current_healthy: int,
-                 desired_healthy: int,
-                 disruptions_allowed: int,
-                 expected_pods: int,
-                 disrupted_pods: Optional[Mapping[str, str]] = None,
-                 observed_generation: Optional[int] = None):
+                 current_healthy: _builtins.int,
+                 desired_healthy: _builtins.int,
+                 disruptions_allowed: _builtins.int,
+                 expected_pods: _builtins.int,
+                 disrupted_pods: Optional[Mapping[str, _builtins.str]] = None,
+                 observed_generation: Optional[_builtins.int] = None):
         """
         PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
-        :param int current_healthy: current number of healthy pods
-        :param int desired_healthy: minimum desired number of healthy pods
-        :param int disruptions_allowed: Number of pod disruptions that are currently allowed.
-        :param int expected_pods: total number of pods counted by this disruption budget
-        :param Mapping[str, str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
-        :param int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+        :param _builtins.int current_healthy: current number of healthy pods
+        :param _builtins.int desired_healthy: minimum desired number of healthy pods
+        :param _builtins.int disruptions_allowed: Number of pod disruptions that are currently allowed.
+        :param _builtins.int expected_pods: total number of pods counted by this disruption budget
+        :param Mapping[str, _builtins.str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+        :param _builtins.int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
         pulumi.set(__self__, "current_healthy", current_healthy)
         pulumi.set(__self__, "desired_healthy", desired_healthy)
@@ -735,49 +735,49 @@ class PodDisruptionBudgetStatus(dict):
         if observed_generation is not None:
             pulumi.set(__self__, "observed_generation", observed_generation)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="currentHealthy")
-    def current_healthy(self) -> int:
+    def current_healthy(self) -> _builtins.int:
         """
         current number of healthy pods
         """
         return pulumi.get(self, "current_healthy")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="desiredHealthy")
-    def desired_healthy(self) -> int:
+    def desired_healthy(self) -> _builtins.int:
         """
         minimum desired number of healthy pods
         """
         return pulumi.get(self, "desired_healthy")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disruptionsAllowed")
-    def disruptions_allowed(self) -> int:
+    def disruptions_allowed(self) -> _builtins.int:
         """
         Number of pod disruptions that are currently allowed.
         """
         return pulumi.get(self, "disruptions_allowed")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="expectedPods")
-    def expected_pods(self) -> int:
+    def expected_pods(self) -> _builtins.int:
         """
         total number of pods counted by this disruption budget
         """
         return pulumi.get(self, "expected_pods")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disruptedPods")
-    def disrupted_pods(self) -> Optional[Mapping[str, str]]:
+    def disrupted_pods(self) -> Optional[Mapping[str, _builtins.str]]:
         """
         DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
         """
         return pulumi.get(self, "disrupted_pods")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="observedGeneration")
-    def observed_generation(self) -> Optional[int]:
+    def observed_generation(self) -> Optional[_builtins.int]:
         """
         Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
@@ -817,20 +817,20 @@ class PodDisruptionBudgetStatusPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 current_healthy: Optional[int] = None,
-                 desired_healthy: Optional[int] = None,
-                 disrupted_pods: Optional[Mapping[str, str]] = None,
-                 disruptions_allowed: Optional[int] = None,
-                 expected_pods: Optional[int] = None,
-                 observed_generation: Optional[int] = None):
+                 current_healthy: Optional[_builtins.int] = None,
+                 desired_healthy: Optional[_builtins.int] = None,
+                 disrupted_pods: Optional[Mapping[str, _builtins.str]] = None,
+                 disruptions_allowed: Optional[_builtins.int] = None,
+                 expected_pods: Optional[_builtins.int] = None,
+                 observed_generation: Optional[_builtins.int] = None):
         """
         PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
-        :param int current_healthy: current number of healthy pods
-        :param int desired_healthy: minimum desired number of healthy pods
-        :param Mapping[str, str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
-        :param int disruptions_allowed: Number of pod disruptions that are currently allowed.
-        :param int expected_pods: total number of pods counted by this disruption budget
-        :param int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+        :param _builtins.int current_healthy: current number of healthy pods
+        :param _builtins.int desired_healthy: minimum desired number of healthy pods
+        :param Mapping[str, _builtins.str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+        :param _builtins.int disruptions_allowed: Number of pod disruptions that are currently allowed.
+        :param _builtins.int expected_pods: total number of pods counted by this disruption budget
+        :param _builtins.int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
         if current_healthy is not None:
             pulumi.set(__self__, "current_healthy", current_healthy)
@@ -845,49 +845,49 @@ class PodDisruptionBudgetStatusPatch(dict):
         if observed_generation is not None:
             pulumi.set(__self__, "observed_generation", observed_generation)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="currentHealthy")
-    def current_healthy(self) -> Optional[int]:
+    def current_healthy(self) -> Optional[_builtins.int]:
         """
         current number of healthy pods
         """
         return pulumi.get(self, "current_healthy")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="desiredHealthy")
-    def desired_healthy(self) -> Optional[int]:
+    def desired_healthy(self) -> Optional[_builtins.int]:
         """
         minimum desired number of healthy pods
         """
         return pulumi.get(self, "desired_healthy")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disruptedPods")
-    def disrupted_pods(self) -> Optional[Mapping[str, str]]:
+    def disrupted_pods(self) -> Optional[Mapping[str, _builtins.str]]:
         """
         DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
         """
         return pulumi.get(self, "disrupted_pods")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disruptionsAllowed")
-    def disruptions_allowed(self) -> Optional[int]:
+    def disruptions_allowed(self) -> Optional[_builtins.int]:
         """
         Number of pod disruptions that are currently allowed.
         """
         return pulumi.get(self, "disruptions_allowed")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="expectedPods")
-    def expected_pods(self) -> Optional[int]:
+    def expected_pods(self) -> Optional[_builtins.int]:
         """
         total number of pods counted by this disruption budget
         """
         return pulumi.get(self, "expected_pods")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="observedGeneration")
-    def observed_generation(self) -> Optional[int]:
+    def observed_generation(self) -> Optional[_builtins.int]:
         """
         Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
@@ -917,14 +917,14 @@ class PodSecurityPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 api_version: Optional[str] = None,
-                 kind: Optional[str] = None,
+                 api_version: Optional[_builtins.str] = None,
+                 kind: Optional[_builtins.str] = None,
                  metadata: Optional['_meta.v1.outputs.ObjectMeta'] = None,
                  spec: Optional['outputs.PodSecurityPolicySpec'] = None):
         """
         PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.
-        :param str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-        :param str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+        :param _builtins.str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+        :param _builtins.str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         :param '_meta.v1.ObjectMetaArgs' metadata: Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
         :param 'PodSecurityPolicySpecArgs' spec: spec defines the policy enforced.
         """
@@ -937,23 +937,23 @@ class PodSecurityPolicy(dict):
         if spec is not None:
             pulumi.set(__self__, "spec", spec)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="apiVersion")
-    def api_version(self) -> Optional[str]:
+    def api_version(self) -> Optional[_builtins.str]:
         """
         APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
         """
         return pulumi.get(self, "api_version")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def kind(self) -> Optional[str]:
+    def kind(self) -> Optional[_builtins.str]:
         """
         Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         """
         return pulumi.get(self, "kind")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def metadata(self) -> Optional['_meta.v1.outputs.ObjectMeta']:
         """
@@ -961,7 +961,7 @@ class PodSecurityPolicy(dict):
         """
         return pulumi.get(self, "metadata")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def spec(self) -> Optional['outputs.PodSecurityPolicySpec']:
         """
@@ -1039,56 +1039,56 @@ class PodSecurityPolicySpec(dict):
                  run_as_user: 'outputs.RunAsUserStrategyOptions',
                  se_linux: 'outputs.SELinuxStrategyOptions',
                  supplemental_groups: 'outputs.SupplementalGroupsStrategyOptions',
-                 allow_privilege_escalation: Optional[bool] = None,
+                 allow_privilege_escalation: Optional[_builtins.bool] = None,
                  allowed_csi_drivers: Optional[Sequence['outputs.AllowedCSIDriver']] = None,
-                 allowed_capabilities: Optional[Sequence[str]] = None,
+                 allowed_capabilities: Optional[Sequence[_builtins.str]] = None,
                  allowed_flex_volumes: Optional[Sequence['outputs.AllowedFlexVolume']] = None,
                  allowed_host_paths: Optional[Sequence['outputs.AllowedHostPath']] = None,
-                 allowed_proc_mount_types: Optional[Sequence[str]] = None,
-                 allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
-                 default_add_capabilities: Optional[Sequence[str]] = None,
-                 default_allow_privilege_escalation: Optional[bool] = None,
-                 forbidden_sysctls: Optional[Sequence[str]] = None,
-                 host_ipc: Optional[bool] = None,
-                 host_network: Optional[bool] = None,
-                 host_pid: Optional[bool] = None,
+                 allowed_proc_mount_types: Optional[Sequence[_builtins.str]] = None,
+                 allowed_unsafe_sysctls: Optional[Sequence[_builtins.str]] = None,
+                 default_add_capabilities: Optional[Sequence[_builtins.str]] = None,
+                 default_allow_privilege_escalation: Optional[_builtins.bool] = None,
+                 forbidden_sysctls: Optional[Sequence[_builtins.str]] = None,
+                 host_ipc: Optional[_builtins.bool] = None,
+                 host_network: Optional[_builtins.bool] = None,
+                 host_pid: Optional[_builtins.bool] = None,
                  host_ports: Optional[Sequence['outputs.HostPortRange']] = None,
-                 privileged: Optional[bool] = None,
-                 read_only_root_filesystem: Optional[bool] = None,
-                 required_drop_capabilities: Optional[Sequence[str]] = None,
+                 privileged: Optional[_builtins.bool] = None,
+                 read_only_root_filesystem: Optional[_builtins.bool] = None,
+                 required_drop_capabilities: Optional[Sequence[_builtins.str]] = None,
                  run_as_group: Optional['outputs.RunAsGroupStrategyOptions'] = None,
                  runtime_class: Optional['outputs.RuntimeClassStrategyOptions'] = None,
-                 volumes: Optional[Sequence[str]] = None):
+                 volumes: Optional[Sequence[_builtins.str]] = None):
         """
         PodSecurityPolicySpec defines the policy enforced.
         :param 'FSGroupStrategyOptionsArgs' fs_group: fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
         :param 'RunAsUserStrategyOptionsArgs' run_as_user: runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
         :param 'SELinuxStrategyOptionsArgs' se_linux: seLinux is the strategy that will dictate the allowable labels that may be set.
         :param 'SupplementalGroupsStrategyOptionsArgs' supplemental_groups: supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
-        :param bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+        :param _builtins.bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         :param Sequence['AllowedCSIDriverArgs'] allowed_csi_drivers: AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
-        :param Sequence[str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
+        :param Sequence[_builtins.str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         :param Sequence['AllowedFlexVolumeArgs'] allowed_flex_volumes: allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
         :param Sequence['AllowedHostPathArgs'] allowed_host_paths: allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.
-        :param Sequence[str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
-        :param Sequence[str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
+        :param Sequence[_builtins.str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
+        :param Sequence[_builtins.str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
                
                Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
-        :param Sequence[str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
-        :param bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
-        :param Sequence[str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
+        :param Sequence[_builtins.str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+        :param _builtins.bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
+        :param Sequence[_builtins.str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
                
                Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
-        :param bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
-        :param bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
-        :param bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
+        :param _builtins.bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
+        :param _builtins.bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
+        :param _builtins.bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
         :param Sequence['HostPortRangeArgs'] host_ports: hostPorts determines which host port ranges are allowed to be exposed.
-        :param bool privileged: privileged determines if a pod can request to be run as privileged.
-        :param bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
-        :param Sequence[str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
+        :param _builtins.bool privileged: privileged determines if a pod can request to be run as privileged.
+        :param _builtins.bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+        :param Sequence[_builtins.str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         :param 'RunAsGroupStrategyOptionsArgs' run_as_group: RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
         :param 'RuntimeClassStrategyOptionsArgs' runtime_class: runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.
-        :param Sequence[str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
+        :param Sequence[_builtins.str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
         pulumi.set(__self__, "fs_group", fs_group)
         pulumi.set(__self__, "run_as_user", run_as_user)
@@ -1135,7 +1135,7 @@ class PodSecurityPolicySpec(dict):
         if volumes is not None:
             pulumi.set(__self__, "volumes", volumes)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="fsGroup")
     def fs_group(self) -> 'outputs.FSGroupStrategyOptions':
         """
@@ -1143,7 +1143,7 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "fs_group")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="runAsUser")
     def run_as_user(self) -> 'outputs.RunAsUserStrategyOptions':
         """
@@ -1151,7 +1151,7 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "run_as_user")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="seLinux")
     def se_linux(self) -> 'outputs.SELinuxStrategyOptions':
         """
@@ -1159,7 +1159,7 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "se_linux")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supplementalGroups")
     def supplemental_groups(self) -> 'outputs.SupplementalGroupsStrategyOptions':
         """
@@ -1167,15 +1167,15 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "supplemental_groups")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPrivilegeEscalation")
-    def allow_privilege_escalation(self) -> Optional[bool]:
+    def allow_privilege_escalation(self) -> Optional[_builtins.bool]:
         """
         allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         """
         return pulumi.get(self, "allow_privilege_escalation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedCSIDrivers")
     def allowed_csi_drivers(self) -> Optional[Sequence['outputs.AllowedCSIDriver']]:
         """
@@ -1183,15 +1183,15 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "allowed_csi_drivers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedCapabilities")
-    def allowed_capabilities(self) -> Optional[Sequence[str]]:
+    def allowed_capabilities(self) -> Optional[Sequence[_builtins.str]]:
         """
         allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         """
         return pulumi.get(self, "allowed_capabilities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedFlexVolumes")
     def allowed_flex_volumes(self) -> Optional[Sequence['outputs.AllowedFlexVolume']]:
         """
@@ -1199,7 +1199,7 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "allowed_flex_volumes")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedHostPaths")
     def allowed_host_paths(self) -> Optional[Sequence['outputs.AllowedHostPath']]:
         """
@@ -1207,17 +1207,17 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "allowed_host_paths")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedProcMountTypes")
-    def allowed_proc_mount_types(self) -> Optional[Sequence[str]]:
+    def allowed_proc_mount_types(self) -> Optional[Sequence[_builtins.str]]:
         """
         AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
         """
         return pulumi.get(self, "allowed_proc_mount_types")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUnsafeSysctls")
-    def allowed_unsafe_sysctls(self) -> Optional[Sequence[str]]:
+    def allowed_unsafe_sysctls(self) -> Optional[Sequence[_builtins.str]]:
         """
         allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
 
@@ -1225,25 +1225,25 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "allowed_unsafe_sysctls")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultAddCapabilities")
-    def default_add_capabilities(self) -> Optional[Sequence[str]]:
+    def default_add_capabilities(self) -> Optional[Sequence[_builtins.str]]:
         """
         defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
         """
         return pulumi.get(self, "default_add_capabilities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultAllowPrivilegeEscalation")
-    def default_allow_privilege_escalation(self) -> Optional[bool]:
+    def default_allow_privilege_escalation(self) -> Optional[_builtins.bool]:
         """
         defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
         """
         return pulumi.get(self, "default_allow_privilege_escalation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forbiddenSysctls")
-    def forbidden_sysctls(self) -> Optional[Sequence[str]]:
+    def forbidden_sysctls(self) -> Optional[Sequence[_builtins.str]]:
         """
         forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 
@@ -1251,31 +1251,31 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "forbidden_sysctls")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostIPC")
-    def host_ipc(self) -> Optional[bool]:
+    def host_ipc(self) -> Optional[_builtins.bool]:
         """
         hostIPC determines if the policy allows the use of HostIPC in the pod spec.
         """
         return pulumi.get(self, "host_ipc")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostNetwork")
-    def host_network(self) -> Optional[bool]:
+    def host_network(self) -> Optional[_builtins.bool]:
         """
         hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
         """
         return pulumi.get(self, "host_network")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostPID")
-    def host_pid(self) -> Optional[bool]:
+    def host_pid(self) -> Optional[_builtins.bool]:
         """
         hostPID determines if the policy allows the use of HostPID in the pod spec.
         """
         return pulumi.get(self, "host_pid")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostPorts")
     def host_ports(self) -> Optional[Sequence['outputs.HostPortRange']]:
         """
@@ -1283,31 +1283,31 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "host_ports")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def privileged(self) -> Optional[bool]:
+    def privileged(self) -> Optional[_builtins.bool]:
         """
         privileged determines if a pod can request to be run as privileged.
         """
         return pulumi.get(self, "privileged")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="readOnlyRootFilesystem")
-    def read_only_root_filesystem(self) -> Optional[bool]:
+    def read_only_root_filesystem(self) -> Optional[_builtins.bool]:
         """
         readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
         """
         return pulumi.get(self, "read_only_root_filesystem")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requiredDropCapabilities")
-    def required_drop_capabilities(self) -> Optional[Sequence[str]]:
+    def required_drop_capabilities(self) -> Optional[Sequence[_builtins.str]]:
         """
         requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         """
         return pulumi.get(self, "required_drop_capabilities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="runAsGroup")
     def run_as_group(self) -> Optional['outputs.RunAsGroupStrategyOptions']:
         """
@@ -1315,7 +1315,7 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "run_as_group")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="runtimeClass")
     def runtime_class(self) -> Optional['outputs.RuntimeClassStrategyOptions']:
         """
@@ -1323,9 +1323,9 @@ class PodSecurityPolicySpec(dict):
         """
         return pulumi.get(self, "runtime_class")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def volumes(self) -> Optional[Sequence[str]]:
+    def volumes(self) -> Optional[Sequence[_builtins.str]]:
         """
         volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
@@ -1397,60 +1397,60 @@ class PodSecurityPolicySpecPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 allow_privilege_escalation: Optional[bool] = None,
+                 allow_privilege_escalation: Optional[_builtins.bool] = None,
                  allowed_csi_drivers: Optional[Sequence['outputs.AllowedCSIDriverPatch']] = None,
-                 allowed_capabilities: Optional[Sequence[str]] = None,
+                 allowed_capabilities: Optional[Sequence[_builtins.str]] = None,
                  allowed_flex_volumes: Optional[Sequence['outputs.AllowedFlexVolumePatch']] = None,
                  allowed_host_paths: Optional[Sequence['outputs.AllowedHostPathPatch']] = None,
-                 allowed_proc_mount_types: Optional[Sequence[str]] = None,
-                 allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
-                 default_add_capabilities: Optional[Sequence[str]] = None,
-                 default_allow_privilege_escalation: Optional[bool] = None,
-                 forbidden_sysctls: Optional[Sequence[str]] = None,
+                 allowed_proc_mount_types: Optional[Sequence[_builtins.str]] = None,
+                 allowed_unsafe_sysctls: Optional[Sequence[_builtins.str]] = None,
+                 default_add_capabilities: Optional[Sequence[_builtins.str]] = None,
+                 default_allow_privilege_escalation: Optional[_builtins.bool] = None,
+                 forbidden_sysctls: Optional[Sequence[_builtins.str]] = None,
                  fs_group: Optional['outputs.FSGroupStrategyOptionsPatch'] = None,
-                 host_ipc: Optional[bool] = None,
-                 host_network: Optional[bool] = None,
-                 host_pid: Optional[bool] = None,
+                 host_ipc: Optional[_builtins.bool] = None,
+                 host_network: Optional[_builtins.bool] = None,
+                 host_pid: Optional[_builtins.bool] = None,
                  host_ports: Optional[Sequence['outputs.HostPortRangePatch']] = None,
-                 privileged: Optional[bool] = None,
-                 read_only_root_filesystem: Optional[bool] = None,
-                 required_drop_capabilities: Optional[Sequence[str]] = None,
+                 privileged: Optional[_builtins.bool] = None,
+                 read_only_root_filesystem: Optional[_builtins.bool] = None,
+                 required_drop_capabilities: Optional[Sequence[_builtins.str]] = None,
                  run_as_group: Optional['outputs.RunAsGroupStrategyOptionsPatch'] = None,
                  run_as_user: Optional['outputs.RunAsUserStrategyOptionsPatch'] = None,
                  runtime_class: Optional['outputs.RuntimeClassStrategyOptionsPatch'] = None,
                  se_linux: Optional['outputs.SELinuxStrategyOptionsPatch'] = None,
                  supplemental_groups: Optional['outputs.SupplementalGroupsStrategyOptionsPatch'] = None,
-                 volumes: Optional[Sequence[str]] = None):
+                 volumes: Optional[Sequence[_builtins.str]] = None):
         """
         PodSecurityPolicySpec defines the policy enforced.
-        :param bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+        :param _builtins.bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         :param Sequence['AllowedCSIDriverPatchArgs'] allowed_csi_drivers: AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
-        :param Sequence[str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
+        :param Sequence[_builtins.str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         :param Sequence['AllowedFlexVolumePatchArgs'] allowed_flex_volumes: allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
         :param Sequence['AllowedHostPathPatchArgs'] allowed_host_paths: allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.
-        :param Sequence[str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
-        :param Sequence[str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
+        :param Sequence[_builtins.str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
+        :param Sequence[_builtins.str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
                
                Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
-        :param Sequence[str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
-        :param bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
-        :param Sequence[str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
+        :param Sequence[_builtins.str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+        :param _builtins.bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
+        :param Sequence[_builtins.str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
                
                Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
         :param 'FSGroupStrategyOptionsPatchArgs' fs_group: fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
-        :param bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
-        :param bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
-        :param bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
+        :param _builtins.bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
+        :param _builtins.bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
+        :param _builtins.bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
         :param Sequence['HostPortRangePatchArgs'] host_ports: hostPorts determines which host port ranges are allowed to be exposed.
-        :param bool privileged: privileged determines if a pod can request to be run as privileged.
-        :param bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
-        :param Sequence[str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
+        :param _builtins.bool privileged: privileged determines if a pod can request to be run as privileged.
+        :param _builtins.bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+        :param Sequence[_builtins.str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         :param 'RunAsGroupStrategyOptionsPatchArgs' run_as_group: RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
         :param 'RunAsUserStrategyOptionsPatchArgs' run_as_user: runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
         :param 'RuntimeClassStrategyOptionsPatchArgs' runtime_class: runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.
         :param 'SELinuxStrategyOptionsPatchArgs' se_linux: seLinux is the strategy that will dictate the allowable labels that may be set.
         :param 'SupplementalGroupsStrategyOptionsPatchArgs' supplemental_groups: supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
-        :param Sequence[str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
+        :param Sequence[_builtins.str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
         if allow_privilege_escalation is not None:
             pulumi.set(__self__, "allow_privilege_escalation", allow_privilege_escalation)
@@ -1501,15 +1501,15 @@ class PodSecurityPolicySpecPatch(dict):
         if volumes is not None:
             pulumi.set(__self__, "volumes", volumes)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPrivilegeEscalation")
-    def allow_privilege_escalation(self) -> Optional[bool]:
+    def allow_privilege_escalation(self) -> Optional[_builtins.bool]:
         """
         allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         """
         return pulumi.get(self, "allow_privilege_escalation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedCSIDrivers")
     def allowed_csi_drivers(self) -> Optional[Sequence['outputs.AllowedCSIDriverPatch']]:
         """
@@ -1517,15 +1517,15 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "allowed_csi_drivers")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedCapabilities")
-    def allowed_capabilities(self) -> Optional[Sequence[str]]:
+    def allowed_capabilities(self) -> Optional[Sequence[_builtins.str]]:
         """
         allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         """
         return pulumi.get(self, "allowed_capabilities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedFlexVolumes")
     def allowed_flex_volumes(self) -> Optional[Sequence['outputs.AllowedFlexVolumePatch']]:
         """
@@ -1533,7 +1533,7 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "allowed_flex_volumes")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedHostPaths")
     def allowed_host_paths(self) -> Optional[Sequence['outputs.AllowedHostPathPatch']]:
         """
@@ -1541,17 +1541,17 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "allowed_host_paths")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedProcMountTypes")
-    def allowed_proc_mount_types(self) -> Optional[Sequence[str]]:
+    def allowed_proc_mount_types(self) -> Optional[Sequence[_builtins.str]]:
         """
         AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
         """
         return pulumi.get(self, "allowed_proc_mount_types")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedUnsafeSysctls")
-    def allowed_unsafe_sysctls(self) -> Optional[Sequence[str]]:
+    def allowed_unsafe_sysctls(self) -> Optional[Sequence[_builtins.str]]:
         """
         allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
 
@@ -1559,25 +1559,25 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "allowed_unsafe_sysctls")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultAddCapabilities")
-    def default_add_capabilities(self) -> Optional[Sequence[str]]:
+    def default_add_capabilities(self) -> Optional[Sequence[_builtins.str]]:
         """
         defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
         """
         return pulumi.get(self, "default_add_capabilities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultAllowPrivilegeEscalation")
-    def default_allow_privilege_escalation(self) -> Optional[bool]:
+    def default_allow_privilege_escalation(self) -> Optional[_builtins.bool]:
         """
         defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
         """
         return pulumi.get(self, "default_allow_privilege_escalation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forbiddenSysctls")
-    def forbidden_sysctls(self) -> Optional[Sequence[str]]:
+    def forbidden_sysctls(self) -> Optional[Sequence[_builtins.str]]:
         """
         forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 
@@ -1585,7 +1585,7 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "forbidden_sysctls")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="fsGroup")
     def fs_group(self) -> Optional['outputs.FSGroupStrategyOptionsPatch']:
         """
@@ -1593,31 +1593,31 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "fs_group")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostIPC")
-    def host_ipc(self) -> Optional[bool]:
+    def host_ipc(self) -> Optional[_builtins.bool]:
         """
         hostIPC determines if the policy allows the use of HostIPC in the pod spec.
         """
         return pulumi.get(self, "host_ipc")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostNetwork")
-    def host_network(self) -> Optional[bool]:
+    def host_network(self) -> Optional[_builtins.bool]:
         """
         hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
         """
         return pulumi.get(self, "host_network")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostPID")
-    def host_pid(self) -> Optional[bool]:
+    def host_pid(self) -> Optional[_builtins.bool]:
         """
         hostPID determines if the policy allows the use of HostPID in the pod spec.
         """
         return pulumi.get(self, "host_pid")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="hostPorts")
     def host_ports(self) -> Optional[Sequence['outputs.HostPortRangePatch']]:
         """
@@ -1625,31 +1625,31 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "host_ports")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def privileged(self) -> Optional[bool]:
+    def privileged(self) -> Optional[_builtins.bool]:
         """
         privileged determines if a pod can request to be run as privileged.
         """
         return pulumi.get(self, "privileged")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="readOnlyRootFilesystem")
-    def read_only_root_filesystem(self) -> Optional[bool]:
+    def read_only_root_filesystem(self) -> Optional[_builtins.bool]:
         """
         readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
         """
         return pulumi.get(self, "read_only_root_filesystem")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="requiredDropCapabilities")
-    def required_drop_capabilities(self) -> Optional[Sequence[str]]:
+    def required_drop_capabilities(self) -> Optional[Sequence[_builtins.str]]:
         """
         requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         """
         return pulumi.get(self, "required_drop_capabilities")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="runAsGroup")
     def run_as_group(self) -> Optional['outputs.RunAsGroupStrategyOptionsPatch']:
         """
@@ -1657,7 +1657,7 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "run_as_group")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="runAsUser")
     def run_as_user(self) -> Optional['outputs.RunAsUserStrategyOptionsPatch']:
         """
@@ -1665,7 +1665,7 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "run_as_user")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="runtimeClass")
     def runtime_class(self) -> Optional['outputs.RuntimeClassStrategyOptionsPatch']:
         """
@@ -1673,7 +1673,7 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "runtime_class")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="seLinux")
     def se_linux(self) -> Optional['outputs.SELinuxStrategyOptionsPatch']:
         """
@@ -1681,7 +1681,7 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "se_linux")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="supplementalGroups")
     def supplemental_groups(self) -> Optional['outputs.SupplementalGroupsStrategyOptionsPatch']:
         """
@@ -1689,9 +1689,9 @@ class PodSecurityPolicySpecPatch(dict):
         """
         return pulumi.get(self, "supplemental_groups")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def volumes(self) -> Optional[Sequence[str]]:
+    def volumes(self) -> Optional[Sequence[_builtins.str]]:
         """
         volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
@@ -1704,26 +1704,26 @@ class RunAsGroupStrategyOptions(dict):
     RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
     """
     def __init__(__self__, *,
-                 rule: str,
+                 rule: _builtins.str,
                  ranges: Optional[Sequence['outputs.IDRange']] = None):
         """
         RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+        :param _builtins.str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
         """
         pulumi.set(__self__, "rule", rule)
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> str:
+    def rule(self) -> _builtins.str:
         """
         rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         """
         return pulumi.get(self, "rule")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRange']]:
         """
@@ -1739,18 +1739,18 @@ class RunAsGroupStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[_builtins.str] = None):
         """
         RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+        :param _builtins.str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
         if rule is not None:
             pulumi.set(__self__, "rule", rule)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRangePatch']]:
         """
@@ -1758,9 +1758,9 @@ class RunAsGroupStrategyOptionsPatch(dict):
         """
         return pulumi.get(self, "ranges")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         """
@@ -1773,26 +1773,26 @@ class RunAsUserStrategyOptions(dict):
     RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
     """
     def __init__(__self__, *,
-                 rule: str,
+                 rule: _builtins.str,
                  ranges: Optional[Sequence['outputs.IDRange']] = None):
         """
         RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
+        :param _builtins.str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
         """
         pulumi.set(__self__, "rule", rule)
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> str:
+    def rule(self) -> _builtins.str:
         """
         rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         """
         return pulumi.get(self, "rule")
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRange']]:
         """
@@ -1808,18 +1808,18 @@ class RunAsUserStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[_builtins.str] = None):
         """
         RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
+        :param _builtins.str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
         if rule is not None:
             pulumi.set(__self__, "rule", rule)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRangePatch']]:
         """
@@ -1827,9 +1827,9 @@ class RunAsUserStrategyOptionsPatch(dict):
         """
         return pulumi.get(self, "ranges")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         """
@@ -1861,28 +1861,28 @@ class RuntimeClassStrategyOptions(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 allowed_runtime_class_names: Sequence[str],
-                 default_runtime_class_name: Optional[str] = None):
+                 allowed_runtime_class_names: Sequence[_builtins.str],
+                 default_runtime_class_name: Optional[_builtins.str] = None):
         """
         RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.
-        :param Sequence[str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
-        :param str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
+        :param Sequence[_builtins.str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
+        :param _builtins.str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
         pulumi.set(__self__, "allowed_runtime_class_names", allowed_runtime_class_names)
         if default_runtime_class_name is not None:
             pulumi.set(__self__, "default_runtime_class_name", default_runtime_class_name)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedRuntimeClassNames")
-    def allowed_runtime_class_names(self) -> Sequence[str]:
+    def allowed_runtime_class_names(self) -> Sequence[_builtins.str]:
         """
         allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
         """
         return pulumi.get(self, "allowed_runtime_class_names")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultRuntimeClassName")
-    def default_runtime_class_name(self) -> Optional[str]:
+    def default_runtime_class_name(self) -> Optional[_builtins.str]:
         """
         defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
@@ -1914,29 +1914,29 @@ class RuntimeClassStrategyOptionsPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 allowed_runtime_class_names: Optional[Sequence[str]] = None,
-                 default_runtime_class_name: Optional[str] = None):
+                 allowed_runtime_class_names: Optional[Sequence[_builtins.str]] = None,
+                 default_runtime_class_name: Optional[_builtins.str] = None):
         """
         RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.
-        :param Sequence[str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
-        :param str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
+        :param Sequence[_builtins.str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
+        :param _builtins.str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
         if allowed_runtime_class_names is not None:
             pulumi.set(__self__, "allowed_runtime_class_names", allowed_runtime_class_names)
         if default_runtime_class_name is not None:
             pulumi.set(__self__, "default_runtime_class_name", default_runtime_class_name)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowedRuntimeClassNames")
-    def allowed_runtime_class_names(self) -> Optional[Sequence[str]]:
+    def allowed_runtime_class_names(self) -> Optional[Sequence[_builtins.str]]:
         """
         allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
         """
         return pulumi.get(self, "allowed_runtime_class_names")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultRuntimeClassName")
-    def default_runtime_class_name(self) -> Optional[str]:
+    def default_runtime_class_name(self) -> Optional[_builtins.str]:
         """
         defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
@@ -1966,26 +1966,26 @@ class SELinuxStrategyOptions(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 rule: str,
+                 rule: _builtins.str,
                  se_linux_options: Optional['_core.v1.outputs.SELinuxOptions'] = None):
         """
         SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable labels that may be set.
+        :param _builtins.str rule: rule is the strategy that will dictate the allowable labels that may be set.
         :param '_core.v1.SELinuxOptionsArgs' se_linux_options: seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
         """
         pulumi.set(__self__, "rule", rule)
         if se_linux_options is not None:
             pulumi.set(__self__, "se_linux_options", se_linux_options)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> str:
+    def rule(self) -> _builtins.str:
         """
         rule is the strategy that will dictate the allowable labels that may be set.
         """
         return pulumi.get(self, "rule")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="seLinuxOptions")
     def se_linux_options(self) -> Optional['_core.v1.outputs.SELinuxOptions']:
         """
@@ -2017,11 +2017,11 @@ class SELinuxStrategyOptionsPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 rule: Optional[str] = None,
+                 rule: Optional[_builtins.str] = None,
                  se_linux_options: Optional['_core.v1.outputs.SELinuxOptionsPatch'] = None):
         """
         SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable labels that may be set.
+        :param _builtins.str rule: rule is the strategy that will dictate the allowable labels that may be set.
         :param '_core.v1.SELinuxOptionsPatchArgs' se_linux_options: seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
         """
         if rule is not None:
@@ -2029,15 +2029,15 @@ class SELinuxStrategyOptionsPatch(dict):
         if se_linux_options is not None:
             pulumi.set(__self__, "se_linux_options", se_linux_options)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate the allowable labels that may be set.
         """
         return pulumi.get(self, "rule")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="seLinuxOptions")
     def se_linux_options(self) -> Optional['_core.v1.outputs.SELinuxOptionsPatch']:
         """
@@ -2053,18 +2053,18 @@ class SupplementalGroupsStrategyOptions(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRange']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[_builtins.str] = None):
         """
         SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of supplemental groups.  If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
+        :param _builtins.str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
         if rule is not None:
             pulumi.set(__self__, "rule", rule)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRange']]:
         """
@@ -2072,9 +2072,9 @@ class SupplementalGroupsStrategyOptions(dict):
         """
         return pulumi.get(self, "ranges")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """
@@ -2088,18 +2088,18 @@ class SupplementalGroupsStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[_builtins.str] = None):
         """
         SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of supplemental groups.  If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
+        :param _builtins.str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
         if rule is not None:
             pulumi.set(__self__, "rule", rule)
 
-    @property
+    @_builtins.property
     @pulumi.getter
     def ranges(self) -> Optional[Sequence['outputs.IDRangePatch']]:
         """
@@ -2107,9 +2107,9 @@ class SupplementalGroupsStrategyOptionsPatch(dict):
         """
         return pulumi.get(self, "ranges")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[_builtins.str]:
         """
         rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """