pulumi-kubernetes 4.23.0a1743519894__py3-none-any.whl → 4.23.0a1743721244__py3-none-any.whl

pulumi_kubernetes/policy/v1beta1/outputs.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by pulumigen. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -56,16 +57,16 @@ class AllowedCSIDriver(dict):
     AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
     """
     def __init__(__self__, *,
-                 name: str):
+                 name: builtins.str):
         """
         AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
-        :param str name: Name is the registered name of the CSI driver
+        :param builtins.str name: Name is the registered name of the CSI driver
         """
         pulumi.set(__self__, "name", name)
 
     @property
     @pulumi.getter
-    def name(self) -> str:
+    def name(self) -> builtins.str:
         """
         Name is the registered name of the CSI driver
         """
@@ -78,17 +79,17 @@ class AllowedCSIDriverPatch(dict):
     AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
     """
     def __init__(__self__, *,
-                 name: Optional[str] = None):
+                 name: Optional[builtins.str] = None):
         """
         AllowedCSIDriver represents a single inline CSI Driver that is allowed to be used.
-        :param str name: Name is the registered name of the CSI driver
+        :param builtins.str name: Name is the registered name of the CSI driver
         """
         if name is not None:
             pulumi.set(__self__, "name", name)
 
     @property
     @pulumi.getter
-    def name(self) -> Optional[str]:
+    def name(self) -> Optional[builtins.str]:
         """
         Name is the registered name of the CSI driver
         """
@@ -101,16 +102,16 @@ class AllowedFlexVolume(dict):
     AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
     """
     def __init__(__self__, *,
-                 driver: str):
+                 driver: builtins.str):
         """
         AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
-        :param str driver: driver is the name of the Flexvolume driver.
+        :param builtins.str driver: driver is the name of the Flexvolume driver.
         """
         pulumi.set(__self__, "driver", driver)
 
     @property
     @pulumi.getter
-    def driver(self) -> str:
+    def driver(self) -> builtins.str:
         """
         driver is the name of the Flexvolume driver.
         """
@@ -123,17 +124,17 @@ class AllowedFlexVolumePatch(dict):
     AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
     """
     def __init__(__self__, *,
-                 driver: Optional[str] = None):
+                 driver: Optional[builtins.str] = None):
         """
         AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
-        :param str driver: driver is the name of the Flexvolume driver.
+        :param builtins.str driver: driver is the name of the Flexvolume driver.
         """
         if driver is not None:
             pulumi.set(__self__, "driver", driver)
 
     @property
     @pulumi.getter
-    def driver(self) -> Optional[str]:
+    def driver(self) -> Optional[builtins.str]:
         """
         driver is the name of the Flexvolume driver.
         """
@@ -165,14 +166,14 @@ class AllowedHostPath(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 path_prefix: Optional[str] = None,
-                 read_only: Optional[bool] = None):
+                 path_prefix: Optional[builtins.str] = None,
+                 read_only: Optional[builtins.bool] = None):
         """
         AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.
-        :param str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
+        :param builtins.str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
                
                Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`
-        :param bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+        :param builtins.bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
         if path_prefix is not None:
             pulumi.set(__self__, "path_prefix", path_prefix)
@@ -181,7 +182,7 @@ class AllowedHostPath(dict):
 
     @property
     @pulumi.getter(name="pathPrefix")
-    def path_prefix(self) -> Optional[str]:
+    def path_prefix(self) -> Optional[builtins.str]:
         """
         pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
 
@@ -191,7 +192,7 @@ class AllowedHostPath(dict):
 
     @property
     @pulumi.getter(name="readOnly")
-    def read_only(self) -> Optional[bool]:
+    def read_only(self) -> Optional[builtins.bool]:
         """
         when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
@@ -223,14 +224,14 @@ class AllowedHostPathPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 path_prefix: Optional[str] = None,
-                 read_only: Optional[bool] = None):
+                 path_prefix: Optional[builtins.str] = None,
+                 read_only: Optional[builtins.bool] = None):
         """
         AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.
-        :param str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
+        :param builtins.str path_prefix: pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
                
                Examples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`
-        :param bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
+        :param builtins.bool read_only: when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
         if path_prefix is not None:
             pulumi.set(__self__, "path_prefix", path_prefix)
@@ -239,7 +240,7 @@ class AllowedHostPathPatch(dict):
 
     @property
     @pulumi.getter(name="pathPrefix")
-    def path_prefix(self) -> Optional[str]:
+    def path_prefix(self) -> Optional[builtins.str]:
         """
         pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.
 
@@ -249,7 +250,7 @@ class AllowedHostPathPatch(dict):
 
     @property
     @pulumi.getter(name="readOnly")
-    def read_only(self) -> Optional[bool]:
+    def read_only(self) -> Optional[builtins.bool]:
         """
         when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.
         """
@@ -263,11 +264,11 @@ class FSGroupStrategyOptions(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRange']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[builtins.str] = None):
         """
         FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of fs groups.  If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
+        :param builtins.str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
@@ -284,7 +285,7 @@ class FSGroupStrategyOptions(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
@@ -298,11 +299,11 @@ class FSGroupStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[builtins.str] = None):
         """
         FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of fs groups.  If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
+        :param builtins.str rule: rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
@@ -319,7 +320,7 @@ class FSGroupStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
         """
@@ -332,19 +333,19 @@ class HostPortRange(dict):
     HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
     """
     def __init__(__self__, *,
-                 max: int,
-                 min: int):
+                 max: builtins.int,
+                 min: builtins.int):
         """
         HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param builtins.int max: max is the end of the range, inclusive.
+        :param builtins.int min: min is the start of the range, inclusive.
         """
         pulumi.set(__self__, "max", max)
         pulumi.set(__self__, "min", min)
 
     @property
     @pulumi.getter
-    def max(self) -> int:
+    def max(self) -> builtins.int:
         """
         max is the end of the range, inclusive.
         """
@@ -352,7 +353,7 @@ class HostPortRange(dict):
 
     @property
     @pulumi.getter
-    def min(self) -> int:
+    def min(self) -> builtins.int:
         """
         min is the start of the range, inclusive.
         """
@@ -365,12 +366,12 @@ class HostPortRangePatch(dict):
     HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
     """
     def __init__(__self__, *,
-                 max: Optional[int] = None,
-                 min: Optional[int] = None):
+                 max: Optional[builtins.int] = None,
+                 min: Optional[builtins.int] = None):
         """
         HostPortRange defines a range of host ports that will be enabled by a policy for pods to use.  It requires both the start and end to be defined.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param builtins.int max: max is the end of the range, inclusive.
+        :param builtins.int min: min is the start of the range, inclusive.
         """
         if max is not None:
             pulumi.set(__self__, "max", max)
@@ -379,7 +380,7 @@ class HostPortRangePatch(dict):
 
     @property
     @pulumi.getter
-    def max(self) -> Optional[int]:
+    def max(self) -> Optional[builtins.int]:
         """
         max is the end of the range, inclusive.
         """
@@ -387,7 +388,7 @@ class HostPortRangePatch(dict):
 
     @property
     @pulumi.getter
-    def min(self) -> Optional[int]:
+    def min(self) -> Optional[builtins.int]:
         """
         min is the start of the range, inclusive.
         """
@@ -400,19 +401,19 @@ class IDRange(dict):
     IDRange provides a min/max of an allowed range of IDs.
     """
     def __init__(__self__, *,
-                 max: int,
-                 min: int):
+                 max: builtins.int,
+                 min: builtins.int):
         """
         IDRange provides a min/max of an allowed range of IDs.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param builtins.int max: max is the end of the range, inclusive.
+        :param builtins.int min: min is the start of the range, inclusive.
         """
         pulumi.set(__self__, "max", max)
         pulumi.set(__self__, "min", min)
 
     @property
     @pulumi.getter
-    def max(self) -> int:
+    def max(self) -> builtins.int:
         """
         max is the end of the range, inclusive.
         """
@@ -420,7 +421,7 @@ class IDRange(dict):
 
     @property
     @pulumi.getter
-    def min(self) -> int:
+    def min(self) -> builtins.int:
         """
         min is the start of the range, inclusive.
         """
@@ -433,12 +434,12 @@ class IDRangePatch(dict):
     IDRange provides a min/max of an allowed range of IDs.
     """
     def __init__(__self__, *,
-                 max: Optional[int] = None,
-                 min: Optional[int] = None):
+                 max: Optional[builtins.int] = None,
+                 min: Optional[builtins.int] = None):
         """
         IDRange provides a min/max of an allowed range of IDs.
-        :param int max: max is the end of the range, inclusive.
-        :param int min: min is the start of the range, inclusive.
+        :param builtins.int max: max is the end of the range, inclusive.
+        :param builtins.int min: min is the start of the range, inclusive.
         """
         if max is not None:
             pulumi.set(__self__, "max", max)
@@ -447,7 +448,7 @@ class IDRangePatch(dict):
 
     @property
     @pulumi.getter
-    def max(self) -> Optional[int]:
+    def max(self) -> Optional[builtins.int]:
         """
         max is the end of the range, inclusive.
         """
@@ -455,7 +456,7 @@ class IDRangePatch(dict):
 
     @property
     @pulumi.getter
-    def min(self) -> Optional[int]:
+    def min(self) -> Optional[builtins.int]:
         """
         min is the start of the range, inclusive.
         """
@@ -485,15 +486,15 @@ class PodDisruptionBudget(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 api_version: Optional[str] = None,
-                 kind: Optional[str] = None,
+                 api_version: Optional[builtins.str] = None,
+                 kind: Optional[builtins.str] = None,
                  metadata: Optional['_meta.v1.outputs.ObjectMeta'] = None,
                  spec: Optional['outputs.PodDisruptionBudgetSpec'] = None,
                  status: Optional['outputs.PodDisruptionBudgetStatus'] = None):
         """
         PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods
-        :param str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-        :param str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+        :param builtins.str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+        :param builtins.str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         :param 'PodDisruptionBudgetSpecArgs' spec: Specification of the desired behavior of the PodDisruptionBudget.
         :param 'PodDisruptionBudgetStatusArgs' status: Most recently observed status of the PodDisruptionBudget.
         """
@@ -510,7 +511,7 @@ class PodDisruptionBudget(dict):
 
     @property
     @pulumi.getter(name="apiVersion")
-    def api_version(self) -> Optional[str]:
+    def api_version(self) -> Optional[builtins.str]:
         """
         APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
         """
@@ -518,7 +519,7 @@ class PodDisruptionBudget(dict):
 
     @property
     @pulumi.getter
-    def kind(self) -> Optional[str]:
+    def kind(self) -> Optional[builtins.str]:
         """
         Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         """
@@ -576,8 +577,8 @@ class PodDisruptionBudgetSpec(dict):
                  selector: Optional['_meta.v1.outputs.LabelSelector'] = None):
         """
         PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
-        :param Union[int, str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
-        :param Union[int, str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
+        :param Union[builtins.int, builtins.str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+        :param Union[builtins.int, builtins.str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
         :param '_meta.v1.LabelSelectorArgs' selector: Label query over pods whose evictions are managed by the disruption budget.
         """
         if max_unavailable is not None:
@@ -642,8 +643,8 @@ class PodDisruptionBudgetSpecPatch(dict):
                  selector: Optional['_meta.v1.outputs.LabelSelectorPatch'] = None):
         """
         PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
-        :param Union[int, str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
-        :param Union[int, str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
+        :param Union[builtins.int, builtins.str] max_unavailable: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+        :param Union[builtins.int, builtins.str] min_available: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod.  So for example you can prevent all voluntary evictions by specifying "100%".
         :param '_meta.v1.LabelSelectorPatchArgs' selector: Label query over pods whose evictions are managed by the disruption budget.
         """
         if max_unavailable is not None:
@@ -711,20 +712,20 @@ class PodDisruptionBudgetStatus(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 current_healthy: int,
-                 desired_healthy: int,
-                 disruptions_allowed: int,
-                 expected_pods: int,
-                 disrupted_pods: Optional[Mapping[str, str]] = None,
-                 observed_generation: Optional[int] = None):
+                 current_healthy: builtins.int,
+                 desired_healthy: builtins.int,
+                 disruptions_allowed: builtins.int,
+                 expected_pods: builtins.int,
+                 disrupted_pods: Optional[Mapping[str, builtins.str]] = None,
+                 observed_generation: Optional[builtins.int] = None):
         """
         PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
-        :param int current_healthy: current number of healthy pods
-        :param int desired_healthy: minimum desired number of healthy pods
-        :param int disruptions_allowed: Number of pod disruptions that are currently allowed.
-        :param int expected_pods: total number of pods counted by this disruption budget
-        :param Mapping[str, str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
-        :param int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+        :param builtins.int current_healthy: current number of healthy pods
+        :param builtins.int desired_healthy: minimum desired number of healthy pods
+        :param builtins.int disruptions_allowed: Number of pod disruptions that are currently allowed.
+        :param builtins.int expected_pods: total number of pods counted by this disruption budget
+        :param Mapping[str, builtins.str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+        :param builtins.int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
         pulumi.set(__self__, "current_healthy", current_healthy)
         pulumi.set(__self__, "desired_healthy", desired_healthy)
@@ -737,7 +738,7 @@ class PodDisruptionBudgetStatus(dict):
 
     @property
     @pulumi.getter(name="currentHealthy")
-    def current_healthy(self) -> int:
+    def current_healthy(self) -> builtins.int:
         """
         current number of healthy pods
         """
@@ -745,7 +746,7 @@ class PodDisruptionBudgetStatus(dict):
 
     @property
     @pulumi.getter(name="desiredHealthy")
-    def desired_healthy(self) -> int:
+    def desired_healthy(self) -> builtins.int:
         """
         minimum desired number of healthy pods
         """
@@ -753,7 +754,7 @@ class PodDisruptionBudgetStatus(dict):
 
     @property
     @pulumi.getter(name="disruptionsAllowed")
-    def disruptions_allowed(self) -> int:
+    def disruptions_allowed(self) -> builtins.int:
         """
         Number of pod disruptions that are currently allowed.
         """
@@ -761,7 +762,7 @@ class PodDisruptionBudgetStatus(dict):
 
     @property
     @pulumi.getter(name="expectedPods")
-    def expected_pods(self) -> int:
+    def expected_pods(self) -> builtins.int:
         """
         total number of pods counted by this disruption budget
         """
@@ -769,7 +770,7 @@ class PodDisruptionBudgetStatus(dict):
 
     @property
     @pulumi.getter(name="disruptedPods")
-    def disrupted_pods(self) -> Optional[Mapping[str, str]]:
+    def disrupted_pods(self) -> Optional[Mapping[str, builtins.str]]:
         """
         DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
         """
@@ -777,7 +778,7 @@ class PodDisruptionBudgetStatus(dict):
 
     @property
     @pulumi.getter(name="observedGeneration")
-    def observed_generation(self) -> Optional[int]:
+    def observed_generation(self) -> Optional[builtins.int]:
         """
         Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
@@ -817,20 +818,20 @@ class PodDisruptionBudgetStatusPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 current_healthy: Optional[int] = None,
-                 desired_healthy: Optional[int] = None,
-                 disrupted_pods: Optional[Mapping[str, str]] = None,
-                 disruptions_allowed: Optional[int] = None,
-                 expected_pods: Optional[int] = None,
-                 observed_generation: Optional[int] = None):
+                 current_healthy: Optional[builtins.int] = None,
+                 desired_healthy: Optional[builtins.int] = None,
+                 disrupted_pods: Optional[Mapping[str, builtins.str]] = None,
+                 disruptions_allowed: Optional[builtins.int] = None,
+                 expected_pods: Optional[builtins.int] = None,
+                 observed_generation: Optional[builtins.int] = None):
         """
         PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.
-        :param int current_healthy: current number of healthy pods
-        :param int desired_healthy: minimum desired number of healthy pods
-        :param Mapping[str, str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
-        :param int disruptions_allowed: Number of pod disruptions that are currently allowed.
-        :param int expected_pods: total number of pods counted by this disruption budget
-        :param int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
+        :param builtins.int current_healthy: current number of healthy pods
+        :param builtins.int desired_healthy: minimum desired number of healthy pods
+        :param Mapping[str, builtins.str] disrupted_pods: DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
+        :param builtins.int disruptions_allowed: Number of pod disruptions that are currently allowed.
+        :param builtins.int expected_pods: total number of pods counted by this disruption budget
+        :param builtins.int observed_generation: Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
         if current_healthy is not None:
             pulumi.set(__self__, "current_healthy", current_healthy)
@@ -847,7 +848,7 @@ class PodDisruptionBudgetStatusPatch(dict):
 
     @property
     @pulumi.getter(name="currentHealthy")
-    def current_healthy(self) -> Optional[int]:
+    def current_healthy(self) -> Optional[builtins.int]:
         """
         current number of healthy pods
         """
@@ -855,7 +856,7 @@ class PodDisruptionBudgetStatusPatch(dict):
 
     @property
     @pulumi.getter(name="desiredHealthy")
-    def desired_healthy(self) -> Optional[int]:
+    def desired_healthy(self) -> Optional[builtins.int]:
         """
         minimum desired number of healthy pods
         """
@@ -863,7 +864,7 @@ class PodDisruptionBudgetStatusPatch(dict):
 
     @property
     @pulumi.getter(name="disruptedPods")
-    def disrupted_pods(self) -> Optional[Mapping[str, str]]:
+    def disrupted_pods(self) -> Optional[Mapping[str, builtins.str]]:
         """
         DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn't occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.
         """
@@ -871,7 +872,7 @@ class PodDisruptionBudgetStatusPatch(dict):
 
     @property
     @pulumi.getter(name="disruptionsAllowed")
-    def disruptions_allowed(self) -> Optional[int]:
+    def disruptions_allowed(self) -> Optional[builtins.int]:
         """
         Number of pod disruptions that are currently allowed.
         """
@@ -879,7 +880,7 @@ class PodDisruptionBudgetStatusPatch(dict):
 
     @property
     @pulumi.getter(name="expectedPods")
-    def expected_pods(self) -> Optional[int]:
+    def expected_pods(self) -> Optional[builtins.int]:
         """
         total number of pods counted by this disruption budget
         """
@@ -887,7 +888,7 @@ class PodDisruptionBudgetStatusPatch(dict):
 
     @property
     @pulumi.getter(name="observedGeneration")
-    def observed_generation(self) -> Optional[int]:
+    def observed_generation(self) -> Optional[builtins.int]:
         """
         Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.
         """
@@ -917,14 +918,14 @@ class PodSecurityPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 api_version: Optional[str] = None,
-                 kind: Optional[str] = None,
+                 api_version: Optional[builtins.str] = None,
+                 kind: Optional[builtins.str] = None,
                  metadata: Optional['_meta.v1.outputs.ObjectMeta'] = None,
                  spec: Optional['outputs.PodSecurityPolicySpec'] = None):
         """
         PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.
-        :param str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-        :param str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+        :param builtins.str api_version: APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+        :param builtins.str kind: Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         :param '_meta.v1.ObjectMetaArgs' metadata: Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
         :param 'PodSecurityPolicySpecArgs' spec: spec defines the policy enforced.
         """
@@ -939,7 +940,7 @@ class PodSecurityPolicy(dict):
 
     @property
     @pulumi.getter(name="apiVersion")
-    def api_version(self) -> Optional[str]:
+    def api_version(self) -> Optional[builtins.str]:
         """
         APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
         """
@@ -947,7 +948,7 @@ class PodSecurityPolicy(dict):
 
     @property
     @pulumi.getter
-    def kind(self) -> Optional[str]:
+    def kind(self) -> Optional[builtins.str]:
         """
         Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
         """
@@ -1039,56 +1040,56 @@ class PodSecurityPolicySpec(dict):
                  run_as_user: 'outputs.RunAsUserStrategyOptions',
                  se_linux: 'outputs.SELinuxStrategyOptions',
                  supplemental_groups: 'outputs.SupplementalGroupsStrategyOptions',
-                 allow_privilege_escalation: Optional[bool] = None,
+                 allow_privilege_escalation: Optional[builtins.bool] = None,
                  allowed_csi_drivers: Optional[Sequence['outputs.AllowedCSIDriver']] = None,
-                 allowed_capabilities: Optional[Sequence[str]] = None,
+                 allowed_capabilities: Optional[Sequence[builtins.str]] = None,
                  allowed_flex_volumes: Optional[Sequence['outputs.AllowedFlexVolume']] = None,
                  allowed_host_paths: Optional[Sequence['outputs.AllowedHostPath']] = None,
-                 allowed_proc_mount_types: Optional[Sequence[str]] = None,
-                 allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
-                 default_add_capabilities: Optional[Sequence[str]] = None,
-                 default_allow_privilege_escalation: Optional[bool] = None,
-                 forbidden_sysctls: Optional[Sequence[str]] = None,
-                 host_ipc: Optional[bool] = None,
-                 host_network: Optional[bool] = None,
-                 host_pid: Optional[bool] = None,
+                 allowed_proc_mount_types: Optional[Sequence[builtins.str]] = None,
+                 allowed_unsafe_sysctls: Optional[Sequence[builtins.str]] = None,
+                 default_add_capabilities: Optional[Sequence[builtins.str]] = None,
+                 default_allow_privilege_escalation: Optional[builtins.bool] = None,
+                 forbidden_sysctls: Optional[Sequence[builtins.str]] = None,
+                 host_ipc: Optional[builtins.bool] = None,
+                 host_network: Optional[builtins.bool] = None,
+                 host_pid: Optional[builtins.bool] = None,
                  host_ports: Optional[Sequence['outputs.HostPortRange']] = None,
-                 privileged: Optional[bool] = None,
-                 read_only_root_filesystem: Optional[bool] = None,
-                 required_drop_capabilities: Optional[Sequence[str]] = None,
+                 privileged: Optional[builtins.bool] = None,
+                 read_only_root_filesystem: Optional[builtins.bool] = None,
+                 required_drop_capabilities: Optional[Sequence[builtins.str]] = None,
                  run_as_group: Optional['outputs.RunAsGroupStrategyOptions'] = None,
                  runtime_class: Optional['outputs.RuntimeClassStrategyOptions'] = None,
-                 volumes: Optional[Sequence[str]] = None):
+                 volumes: Optional[Sequence[builtins.str]] = None):
         """
         PodSecurityPolicySpec defines the policy enforced.
         :param 'FSGroupStrategyOptionsArgs' fs_group: fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
         :param 'RunAsUserStrategyOptionsArgs' run_as_user: runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
         :param 'SELinuxStrategyOptionsArgs' se_linux: seLinux is the strategy that will dictate the allowable labels that may be set.
         :param 'SupplementalGroupsStrategyOptionsArgs' supplemental_groups: supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
-        :param bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+        :param builtins.bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         :param Sequence['AllowedCSIDriverArgs'] allowed_csi_drivers: AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
-        :param Sequence[str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
+        :param Sequence[builtins.str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         :param Sequence['AllowedFlexVolumeArgs'] allowed_flex_volumes: allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
         :param Sequence['AllowedHostPathArgs'] allowed_host_paths: allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.
-        :param Sequence[str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
-        :param Sequence[str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
+        :param Sequence[builtins.str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
+        :param Sequence[builtins.str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
                
                Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
-        :param Sequence[str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
-        :param bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
-        :param Sequence[str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
+        :param Sequence[builtins.str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+        :param builtins.bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
+        :param Sequence[builtins.str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
                
                Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
-        :param bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
-        :param bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
-        :param bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
+        :param builtins.bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
+        :param builtins.bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
+        :param builtins.bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
         :param Sequence['HostPortRangeArgs'] host_ports: hostPorts determines which host port ranges are allowed to be exposed.
-        :param bool privileged: privileged determines if a pod can request to be run as privileged.
-        :param bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
-        :param Sequence[str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
+        :param builtins.bool privileged: privileged determines if a pod can request to be run as privileged.
+        :param builtins.bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+        :param Sequence[builtins.str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         :param 'RunAsGroupStrategyOptionsArgs' run_as_group: RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
         :param 'RuntimeClassStrategyOptionsArgs' runtime_class: runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.
-        :param Sequence[str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
+        :param Sequence[builtins.str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
         pulumi.set(__self__, "fs_group", fs_group)
         pulumi.set(__self__, "run_as_user", run_as_user)
@@ -1169,7 +1170,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="allowPrivilegeEscalation")
-    def allow_privilege_escalation(self) -> Optional[bool]:
+    def allow_privilege_escalation(self) -> Optional[builtins.bool]:
         """
         allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         """
@@ -1185,7 +1186,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="allowedCapabilities")
-    def allowed_capabilities(self) -> Optional[Sequence[str]]:
+    def allowed_capabilities(self) -> Optional[Sequence[builtins.str]]:
         """
         allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         """
@@ -1209,7 +1210,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="allowedProcMountTypes")
-    def allowed_proc_mount_types(self) -> Optional[Sequence[str]]:
+    def allowed_proc_mount_types(self) -> Optional[Sequence[builtins.str]]:
         """
         AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
         """
@@ -1217,7 +1218,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="allowedUnsafeSysctls")
-    def allowed_unsafe_sysctls(self) -> Optional[Sequence[str]]:
+    def allowed_unsafe_sysctls(self) -> Optional[Sequence[builtins.str]]:
         """
         allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
 
@@ -1227,7 +1228,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="defaultAddCapabilities")
-    def default_add_capabilities(self) -> Optional[Sequence[str]]:
+    def default_add_capabilities(self) -> Optional[Sequence[builtins.str]]:
         """
         defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
         """
@@ -1235,7 +1236,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="defaultAllowPrivilegeEscalation")
-    def default_allow_privilege_escalation(self) -> Optional[bool]:
+    def default_allow_privilege_escalation(self) -> Optional[builtins.bool]:
         """
         defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
         """
@@ -1243,7 +1244,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="forbiddenSysctls")
-    def forbidden_sysctls(self) -> Optional[Sequence[str]]:
+    def forbidden_sysctls(self) -> Optional[Sequence[builtins.str]]:
         """
         forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 
@@ -1253,7 +1254,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="hostIPC")
-    def host_ipc(self) -> Optional[bool]:
+    def host_ipc(self) -> Optional[builtins.bool]:
         """
         hostIPC determines if the policy allows the use of HostIPC in the pod spec.
         """
@@ -1261,7 +1262,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="hostNetwork")
-    def host_network(self) -> Optional[bool]:
+    def host_network(self) -> Optional[builtins.bool]:
         """
         hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
         """
@@ -1269,7 +1270,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="hostPID")
-    def host_pid(self) -> Optional[bool]:
+    def host_pid(self) -> Optional[builtins.bool]:
         """
         hostPID determines if the policy allows the use of HostPID in the pod spec.
         """
@@ -1285,7 +1286,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter
-    def privileged(self) -> Optional[bool]:
+    def privileged(self) -> Optional[builtins.bool]:
         """
         privileged determines if a pod can request to be run as privileged.
         """
@@ -1293,7 +1294,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="readOnlyRootFilesystem")
-    def read_only_root_filesystem(self) -> Optional[bool]:
+    def read_only_root_filesystem(self) -> Optional[builtins.bool]:
         """
         readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
         """
@@ -1301,7 +1302,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter(name="requiredDropCapabilities")
-    def required_drop_capabilities(self) -> Optional[Sequence[str]]:
+    def required_drop_capabilities(self) -> Optional[Sequence[builtins.str]]:
         """
         requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         """
@@ -1325,7 +1326,7 @@ class PodSecurityPolicySpec(dict):
 
     @property
     @pulumi.getter
-    def volumes(self) -> Optional[Sequence[str]]:
+    def volumes(self) -> Optional[Sequence[builtins.str]]:
         """
         volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
@@ -1397,60 +1398,60 @@ class PodSecurityPolicySpecPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 allow_privilege_escalation: Optional[bool] = None,
+                 allow_privilege_escalation: Optional[builtins.bool] = None,
                  allowed_csi_drivers: Optional[Sequence['outputs.AllowedCSIDriverPatch']] = None,
-                 allowed_capabilities: Optional[Sequence[str]] = None,
+                 allowed_capabilities: Optional[Sequence[builtins.str]] = None,
                  allowed_flex_volumes: Optional[Sequence['outputs.AllowedFlexVolumePatch']] = None,
                  allowed_host_paths: Optional[Sequence['outputs.AllowedHostPathPatch']] = None,
-                 allowed_proc_mount_types: Optional[Sequence[str]] = None,
-                 allowed_unsafe_sysctls: Optional[Sequence[str]] = None,
-                 default_add_capabilities: Optional[Sequence[str]] = None,
-                 default_allow_privilege_escalation: Optional[bool] = None,
-                 forbidden_sysctls: Optional[Sequence[str]] = None,
+                 allowed_proc_mount_types: Optional[Sequence[builtins.str]] = None,
+                 allowed_unsafe_sysctls: Optional[Sequence[builtins.str]] = None,
+                 default_add_capabilities: Optional[Sequence[builtins.str]] = None,
+                 default_allow_privilege_escalation: Optional[builtins.bool] = None,
+                 forbidden_sysctls: Optional[Sequence[builtins.str]] = None,
                  fs_group: Optional['outputs.FSGroupStrategyOptionsPatch'] = None,
-                 host_ipc: Optional[bool] = None,
-                 host_network: Optional[bool] = None,
-                 host_pid: Optional[bool] = None,
+                 host_ipc: Optional[builtins.bool] = None,
+                 host_network: Optional[builtins.bool] = None,
+                 host_pid: Optional[builtins.bool] = None,
                  host_ports: Optional[Sequence['outputs.HostPortRangePatch']] = None,
-                 privileged: Optional[bool] = None,
-                 read_only_root_filesystem: Optional[bool] = None,
-                 required_drop_capabilities: Optional[Sequence[str]] = None,
+                 privileged: Optional[builtins.bool] = None,
+                 read_only_root_filesystem: Optional[builtins.bool] = None,
+                 required_drop_capabilities: Optional[Sequence[builtins.str]] = None,
                  run_as_group: Optional['outputs.RunAsGroupStrategyOptionsPatch'] = None,
                  run_as_user: Optional['outputs.RunAsUserStrategyOptionsPatch'] = None,
                  runtime_class: Optional['outputs.RuntimeClassStrategyOptionsPatch'] = None,
                  se_linux: Optional['outputs.SELinuxStrategyOptionsPatch'] = None,
                  supplemental_groups: Optional['outputs.SupplementalGroupsStrategyOptionsPatch'] = None,
-                 volumes: Optional[Sequence[str]] = None):
+                 volumes: Optional[Sequence[builtins.str]] = None):
         """
         PodSecurityPolicySpec defines the policy enforced.
-        :param bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
+        :param builtins.bool allow_privilege_escalation: allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         :param Sequence['AllowedCSIDriverPatchArgs'] allowed_csi_drivers: AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
-        :param Sequence[str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
+        :param Sequence[builtins.str] allowed_capabilities: allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         :param Sequence['AllowedFlexVolumePatchArgs'] allowed_flex_volumes: allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.
         :param Sequence['AllowedHostPathPatchArgs'] allowed_host_paths: allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.
-        :param Sequence[str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
-        :param Sequence[str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
+        :param Sequence[builtins.str] allowed_proc_mount_types: AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
+        :param Sequence[builtins.str] allowed_unsafe_sysctls: allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
                
                Examples: e.g. "foo/*" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
-        :param Sequence[str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
-        :param bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
-        :param Sequence[str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
+        :param Sequence[builtins.str] default_add_capabilities: defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
+        :param builtins.bool default_allow_privilege_escalation: defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
+        :param Sequence[builtins.str] forbidden_sysctls: forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
                
                Examples: e.g. "foo/*" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
         :param 'FSGroupStrategyOptionsPatchArgs' fs_group: fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
-        :param bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
-        :param bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
-        :param bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
+        :param builtins.bool host_ipc: hostIPC determines if the policy allows the use of HostIPC in the pod spec.
+        :param builtins.bool host_network: hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
+        :param builtins.bool host_pid: hostPID determines if the policy allows the use of HostPID in the pod spec.
         :param Sequence['HostPortRangePatchArgs'] host_ports: hostPorts determines which host port ranges are allowed to be exposed.
-        :param bool privileged: privileged determines if a pod can request to be run as privileged.
-        :param bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
-        :param Sequence[str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
+        :param builtins.bool privileged: privileged determines if a pod can request to be run as privileged.
+        :param builtins.bool read_only_root_filesystem: readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
+        :param Sequence[builtins.str] required_drop_capabilities: requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         :param 'RunAsGroupStrategyOptionsPatchArgs' run_as_group: RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod's RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.
         :param 'RunAsUserStrategyOptionsPatchArgs' run_as_user: runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
         :param 'RuntimeClassStrategyOptionsPatchArgs' runtime_class: runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod's runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.
         :param 'SELinuxStrategyOptionsPatchArgs' se_linux: seLinux is the strategy that will dictate the allowable labels that may be set.
         :param 'SupplementalGroupsStrategyOptionsPatchArgs' supplemental_groups: supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
-        :param Sequence[str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
+        :param Sequence[builtins.str] volumes: volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
         if allow_privilege_escalation is not None:
             pulumi.set(__self__, "allow_privilege_escalation", allow_privilege_escalation)
@@ -1503,7 +1504,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="allowPrivilegeEscalation")
-    def allow_privilege_escalation(self) -> Optional[bool]:
+    def allow_privilege_escalation(self) -> Optional[builtins.bool]:
         """
         allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.
         """
@@ -1519,7 +1520,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="allowedCapabilities")
-    def allowed_capabilities(self) -> Optional[Sequence[str]]:
+    def allowed_capabilities(self) -> Optional[Sequence[builtins.str]]:
         """
         allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
         """
@@ -1543,7 +1544,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="allowedProcMountTypes")
-    def allowed_proc_mount_types(self) -> Optional[Sequence[str]]:
+    def allowed_proc_mount_types(self) -> Optional[Sequence[builtins.str]]:
         """
         AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.
         """
@@ -1551,7 +1552,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="allowedUnsafeSysctls")
-    def allowed_unsafe_sysctls(self) -> Optional[Sequence[str]]:
+    def allowed_unsafe_sysctls(self) -> Optional[Sequence[builtins.str]]:
         """
         allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.
 
@@ -1561,7 +1562,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="defaultAddCapabilities")
-    def default_add_capabilities(self) -> Optional[Sequence[str]]:
+    def default_add_capabilities(self) -> Optional[Sequence[builtins.str]]:
         """
         defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.  You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.
         """
@@ -1569,7 +1570,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="defaultAllowPrivilegeEscalation")
-    def default_allow_privilege_escalation(self) -> Optional[bool]:
+    def default_allow_privilege_escalation(self) -> Optional[builtins.bool]:
         """
         defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
         """
@@ -1577,7 +1578,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="forbiddenSysctls")
-    def forbidden_sysctls(self) -> Optional[Sequence[str]]:
+    def forbidden_sysctls(self) -> Optional[Sequence[builtins.str]]:
         """
         forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "*" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 
@@ -1595,7 +1596,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="hostIPC")
-    def host_ipc(self) -> Optional[bool]:
+    def host_ipc(self) -> Optional[builtins.bool]:
         """
         hostIPC determines if the policy allows the use of HostIPC in the pod spec.
         """
@@ -1603,7 +1604,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="hostNetwork")
-    def host_network(self) -> Optional[bool]:
+    def host_network(self) -> Optional[builtins.bool]:
         """
         hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
         """
@@ -1611,7 +1612,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="hostPID")
-    def host_pid(self) -> Optional[bool]:
+    def host_pid(self) -> Optional[builtins.bool]:
         """
         hostPID determines if the policy allows the use of HostPID in the pod spec.
         """
@@ -1627,7 +1628,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter
-    def privileged(self) -> Optional[bool]:
+    def privileged(self) -> Optional[builtins.bool]:
         """
         privileged determines if a pod can request to be run as privileged.
         """
@@ -1635,7 +1636,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="readOnlyRootFilesystem")
-    def read_only_root_filesystem(self) -> Optional[bool]:
+    def read_only_root_filesystem(self) -> Optional[builtins.bool]:
         """
         readOnlyRootFilesystem when set to true will force containers to run with a read only root file system.  If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.
         """
@@ -1643,7 +1644,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter(name="requiredDropCapabilities")
-    def required_drop_capabilities(self) -> Optional[Sequence[str]]:
+    def required_drop_capabilities(self) -> Optional[Sequence[builtins.str]]:
         """
         requiredDropCapabilities are the capabilities that will be dropped from the container.  These are required to be dropped and cannot be added.
         """
@@ -1691,7 +1692,7 @@ class PodSecurityPolicySpecPatch(dict):
 
     @property
     @pulumi.getter
-    def volumes(self) -> Optional[Sequence[str]]:
+    def volumes(self) -> Optional[Sequence[builtins.str]]:
         """
         volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.
         """
@@ -1704,11 +1705,11 @@ class RunAsGroupStrategyOptions(dict):
     RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
     """
     def __init__(__self__, *,
-                 rule: str,
+                 rule: builtins.str,
                  ranges: Optional[Sequence['outputs.IDRange']] = None):
         """
         RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+        :param builtins.str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
         """
         pulumi.set(__self__, "rule", rule)
@@ -1717,7 +1718,7 @@ class RunAsGroupStrategyOptions(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> str:
+    def rule(self) -> builtins.str:
         """
         rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         """
@@ -1739,11 +1740,11 @@ class RunAsGroupStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[builtins.str] = None):
         """
         RunAsGroupStrategyOptions defines the strategy type and any options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
+        :param builtins.str rule: rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
@@ -1760,7 +1761,7 @@ class RunAsGroupStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate the allowable RunAsGroup values that may be set.
         """
@@ -1773,11 +1774,11 @@ class RunAsUserStrategyOptions(dict):
     RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
     """
     def __init__(__self__, *,
-                 rule: str,
+                 rule: builtins.str,
                  ranges: Optional[Sequence['outputs.IDRange']] = None):
         """
         RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
+        :param builtins.str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
         """
         pulumi.set(__self__, "rule", rule)
@@ -1786,7 +1787,7 @@ class RunAsUserStrategyOptions(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> str:
+    def rule(self) -> builtins.str:
         """
         rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         """
@@ -1808,11 +1809,11 @@ class RunAsUserStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[builtins.str] = None):
         """
         RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
+        :param builtins.str rule: rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
@@ -1829,7 +1830,7 @@ class RunAsUserStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate the allowable RunAsUser values that may be set.
         """
@@ -1861,12 +1862,12 @@ class RuntimeClassStrategyOptions(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 allowed_runtime_class_names: Sequence[str],
-                 default_runtime_class_name: Optional[str] = None):
+                 allowed_runtime_class_names: Sequence[builtins.str],
+                 default_runtime_class_name: Optional[builtins.str] = None):
         """
         RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.
-        :param Sequence[str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
-        :param str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
+        :param Sequence[builtins.str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
+        :param builtins.str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
         pulumi.set(__self__, "allowed_runtime_class_names", allowed_runtime_class_names)
         if default_runtime_class_name is not None:
@@ -1874,7 +1875,7 @@ class RuntimeClassStrategyOptions(dict):
 
     @property
     @pulumi.getter(name="allowedRuntimeClassNames")
-    def allowed_runtime_class_names(self) -> Sequence[str]:
+    def allowed_runtime_class_names(self) -> Sequence[builtins.str]:
         """
         allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
         """
@@ -1882,7 +1883,7 @@ class RuntimeClassStrategyOptions(dict):
 
     @property
     @pulumi.getter(name="defaultRuntimeClassName")
-    def default_runtime_class_name(self) -> Optional[str]:
+    def default_runtime_class_name(self) -> Optional[builtins.str]:
         """
         defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
@@ -1914,12 +1915,12 @@ class RuntimeClassStrategyOptionsPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 allowed_runtime_class_names: Optional[Sequence[str]] = None,
-                 default_runtime_class_name: Optional[str] = None):
+                 allowed_runtime_class_names: Optional[Sequence[builtins.str]] = None,
+                 default_runtime_class_name: Optional[builtins.str] = None):
         """
         RuntimeClassStrategyOptions define the strategy that will dictate the allowable RuntimeClasses for a pod.
-        :param Sequence[str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
-        :param str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
+        :param Sequence[builtins.str] allowed_runtime_class_names: allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
+        :param builtins.str default_runtime_class_name: defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
         if allowed_runtime_class_names is not None:
             pulumi.set(__self__, "allowed_runtime_class_names", allowed_runtime_class_names)
@@ -1928,7 +1929,7 @@ class RuntimeClassStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter(name="allowedRuntimeClassNames")
-    def allowed_runtime_class_names(self) -> Optional[Sequence[str]]:
+    def allowed_runtime_class_names(self) -> Optional[Sequence[builtins.str]]:
         """
         allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.
         """
@@ -1936,7 +1937,7 @@ class RuntimeClassStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter(name="defaultRuntimeClassName")
-    def default_runtime_class_name(self) -> Optional[str]:
+    def default_runtime_class_name(self) -> Optional[builtins.str]:
         """
         defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.
         """
@@ -1966,11 +1967,11 @@ class SELinuxStrategyOptions(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 rule: str,
+                 rule: builtins.str,
                  se_linux_options: Optional['_core.v1.outputs.SELinuxOptions'] = None):
         """
         SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable labels that may be set.
+        :param builtins.str rule: rule is the strategy that will dictate the allowable labels that may be set.
         :param '_core.v1.SELinuxOptionsArgs' se_linux_options: seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
         """
         pulumi.set(__self__, "rule", rule)
@@ -1979,7 +1980,7 @@ class SELinuxStrategyOptions(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> str:
+    def rule(self) -> builtins.str:
         """
         rule is the strategy that will dictate the allowable labels that may be set.
         """
@@ -2017,11 +2018,11 @@ class SELinuxStrategyOptionsPatch(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 rule: Optional[str] = None,
+                 rule: Optional[builtins.str] = None,
                  se_linux_options: Optional['_core.v1.outputs.SELinuxOptionsPatch'] = None):
         """
         SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
-        :param str rule: rule is the strategy that will dictate the allowable labels that may be set.
+        :param builtins.str rule: rule is the strategy that will dictate the allowable labels that may be set.
         :param '_core.v1.SELinuxOptionsPatchArgs' se_linux_options: seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
         """
         if rule is not None:
@@ -2031,7 +2032,7 @@ class SELinuxStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate the allowable labels that may be set.
         """
@@ -2053,11 +2054,11 @@ class SupplementalGroupsStrategyOptions(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRange']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[builtins.str] = None):
         """
         SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangeArgs'] ranges: ranges are the allowed ranges of supplemental groups.  If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
+        :param builtins.str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
@@ -2074,7 +2075,7 @@ class SupplementalGroupsStrategyOptions(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """
@@ -2088,11 +2089,11 @@ class SupplementalGroupsStrategyOptionsPatch(dict):
     """
     def __init__(__self__, *,
                  ranges: Optional[Sequence['outputs.IDRangePatch']] = None,
-                 rule: Optional[str] = None):
+                 rule: Optional[builtins.str] = None):
         """
         SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
         :param Sequence['IDRangePatchArgs'] ranges: ranges are the allowed ranges of supplemental groups.  If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.
-        :param str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
+        :param builtins.str rule: rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """
         if ranges is not None:
             pulumi.set(__self__, "ranges", ranges)
@@ -2109,7 +2110,7 @@ class SupplementalGroupsStrategyOptionsPatch(dict):
 
     @property
     @pulumi.getter
-    def rule(self) -> Optional[str]:
+    def rule(self) -> Optional[builtins.str]:
         """
         rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
         """