cdk8s-plus-25

Version:

cdk8s+ is a software development framework that provides high level abstractions for authoring Kubernetes applications. cdk8s-plus-25 synthesizes Kubernetes manifests for Kubernetes 1.25.0

github.com/cdk8s-team/cdk8s-plus

cdk8s-team/cdk8s-plus

1,763 lines (1,060 loc) • 667 kB

Markdown

# API Reference <a name="API Reference"></a> ## Constructs <a name="Constructs"></a> ### AbstractPod <a name="cdk8s_plus_25.AbstractPod"></a> - *Implements:* [`cdk8s_plus_25.IPodSelector`](#cdk8s_plus_25.IPodSelector), [`cdk8s_plus_25.INetworkPolicyPeer`](#cdk8s_plus_25.INetworkPolicyPeer), [`cdk8s_plus_25.ISubject`](#cdk8s_plus_25.ISubject) #### Initializers <a name="cdk8s_plus_25.AbstractPod.Initializer"></a> ```python import cdk8s_plus_25 cdk8s_plus_25.AbstractPod( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: ISecret = None, host_aliases: typing.List[HostAlias] = None, host_network: bool = None, init_containers: typing.List[ContainerProps] = None, isolate: bool = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, termination_grace_period: Duration = None, volumes: typing.List[Volume] = None ) ``` ##### `scope`Required <a name="cdk8s_plus_25.AbstractPod.parameter.scope"></a> - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`Required <a name="cdk8s_plus_25.AbstractPod.parameter.id"></a> - *Type:* `str` --- ##### `metadata`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.metadata"></a> - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.automount_service_account_token"></a> - *Type:* `bool` - *Default:* false Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.containers"></a> - *Type:* typing.List[[`cdk8s_plus_25.ContainerProps`](#cdk8s_plus_25.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.dns"></a> - *Type:* [`cdk8s_plus_25.PodDnsProps`](#cdk8s_plus_25.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.docker_registry_auth"></a> - *Type:* [`cdk8s_plus_25.ISecret`](#cdk8s_plus_25.ISecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.host_aliases"></a> - *Type:* typing.List[[`cdk8s_plus_25.HostAlias`](#cdk8s_plus_25.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `host_network`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.host_network"></a> - *Type:* `bool` - *Default:* false Host network for the pod. --- ##### `init_containers`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.init_containers"></a> - *Type:* typing.List[[`cdk8s_plus_25.ContainerProps`](#cdk8s_plus_25.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `isolate`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.isolate"></a> - *Type:* `bool` - *Default:* false Isolates the pod. This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the `.connections` property. --- ##### `restart_policy`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.restart_policy"></a> - *Type:* [`cdk8s_plus_25.RestartPolicy`](#cdk8s_plus_25.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.security_context"></a> - *Type:* [`cdk8s_plus_25.PodSecurityContextProps`](#cdk8s_plus_25.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: true SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.service_account"></a> - *Type:* [`cdk8s_plus_25.IServiceAccount`](#cdk8s_plus_25.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `termination_grace_period`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.termination_grace_period"></a> - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(30) Grace period until the pod is terminated. --- ##### `volumes`Optional <a name="cdk8s_plus_25.AbstractPodProps.parameter.volumes"></a> - *Type:* typing.List[[`cdk8s_plus_25.Volume`](#cdk8s_plus_25.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- #### Methods <a name="Methods"></a> ##### `add_container` <a name="cdk8s_plus_25.AbstractPod.add_container"></a> ```python def add_container( args: typing.List[str] = None, command: typing.List[str] = None, env_from: typing.List[EnvFrom] = None, env_variables: typing.Mapping[EnvValue] = None, image_pull_policy: ImagePullPolicy = None, lifecycle: ContainerLifecycle = None, liveness: Probe = None, name: str = None, port: typing.Union[int, float] = None, port_number: typing.Union[int, float] = None, ports: typing.List[ContainerPort] = None, readiness: Probe = None, resources: ContainerResources = None, security_context: ContainerSecurityContextProps = None, startup: Probe = None, volume_mounts: typing.List[VolumeMount] = None, working_dir: str = None, image: str ) ``` ###### `args`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.args"></a> - *Type:* typing.List[`str`] - *Default:* [] Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. > https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `command`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.command"></a> - *Type:* typing.List[`str`] - *Default:* The docker image's ENTRYPOINT. Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `env_from`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.env_from"></a> - *Type:* typing.List[[`cdk8s_plus_25.EnvFrom`](#cdk8s_plus_25.EnvFrom)] - *Default:* No sources. List of sources to populate environment variables in the container. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the `envVariables` property with a duplicate key will take precedence. --- ###### `env_variables`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.env_variables"></a> - *Type:* typing.Mapping[[`cdk8s_plus_25.EnvValue`](#cdk8s_plus_25.EnvValue)] - *Default:* No environment variables. Environment variables to set in the container. --- ###### `image_pull_policy`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.image_pull_policy"></a> - *Type:* [`cdk8s_plus_25.ImagePullPolicy`](#cdk8s_plus_25.ImagePullPolicy) - *Default:* ImagePullPolicy.ALWAYS Image pull policy for this container. --- ###### `lifecycle`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.lifecycle"></a> - *Type:* [`cdk8s_plus_25.ContainerLifecycle`](#cdk8s_plus_25.ContainerLifecycle) Describes actions that the management system should take in response to container lifecycle events. --- ###### `liveness`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.liveness"></a> - *Type:* [`cdk8s_plus_25.Probe`](#cdk8s_plus_25.Probe) - *Default:* no liveness probe is defined Periodic probe of container liveness. Container will be restarted if the probe fails. --- ###### `name`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.name"></a> - *Type:* `str` - *Default:* 'main' Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. --- ###### ~~`port`~~Optional <a name="cdk8s_plus_25.ContainerProps.parameter.port"></a> - *Deprecated:* - use `portNumber`. - *Type:* `typing.Union[int, float]` --- ###### `port_number`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.port_number"></a> - *Type:* `typing.Union[int, float]` - *Default:* Only the ports mentiond in the `ports` property are exposed. Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. This is a convinience property if all you need a single TCP numbered port. In case more advanced configuartion is required, use the `ports` property. This port is added to the list of ports mentioned in the `ports` property. --- ###### `ports`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.ports"></a> - *Type:* typing.List[[`cdk8s_plus_25.ContainerPort`](#cdk8s_plus_25.ContainerPort)] - *Default:* Only the port mentioned in the `portNumber` property is exposed. List of ports to expose from this container. --- ###### `readiness`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.readiness"></a> - *Type:* [`cdk8s_plus_25.Probe`](#cdk8s_plus_25.Probe) - *Default:* no readiness probe is defined Determines when the container is ready to serve traffic. --- ###### `resources`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.resources"></a> - *Type:* [`cdk8s_plus_25.ContainerResources`](#cdk8s_plus_25.ContainerResources) - *Default:* cpu: request: 1000 millis limit: 1500 millis memory: request: 512 mebibytes limit: 2048 mebibytes Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ###### `security_context`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.security_context"></a> - *Type:* [`cdk8s_plus_25.ContainerSecurityContextProps`](#cdk8s_plus_25.ContainerSecurityContextProps) - *Default:* ensureNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false user: 25000 group: 26000 SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context. > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ --- ###### `startup`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.startup"></a> - *Type:* [`cdk8s_plus_25.Probe`](#cdk8s_plus_25.Probe) - *Default:* If a port is provided, then knocks on that port to determine when the container is ready for readiness and liveness probe checks. Otherwise, no startup probe is defined. StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully --- ###### `volume_mounts`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.volume_mounts"></a> - *Type:* typing.List[[`cdk8s_plus_25.VolumeMount`](#cdk8s_plus_25.VolumeMount)] Pod volumes to mount into the container's filesystem. Cannot be updated. --- ###### `working_dir`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.working_dir"></a> - *Type:* `str` - *Default:* The container runtime's default. Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. --- ###### `image`Required <a name="cdk8s_plus_25.ContainerProps.parameter.image"></a> - *Type:* `str` Docker image name. --- ##### `add_host_alias` <a name="cdk8s_plus_25.AbstractPod.add_host_alias"></a> ```python def add_host_alias( hostnames: typing.List[str], ip: str ) ``` ###### `hostnames`Required <a name="cdk8s_plus_25.HostAlias.parameter.hostnames"></a> - *Type:* typing.List[`str`] Hostnames for the chosen IP address. --- ###### `ip`Required <a name="cdk8s_plus_25.HostAlias.parameter.ip"></a> - *Type:* `str` IP address of the host file entry. --- ##### `add_init_container` <a name="cdk8s_plus_25.AbstractPod.add_init_container"></a> ```python def add_init_container( args: typing.List[str] = None, command: typing.List[str] = None, env_from: typing.List[EnvFrom] = None, env_variables: typing.Mapping[EnvValue] = None, image_pull_policy: ImagePullPolicy = None, lifecycle: ContainerLifecycle = None, liveness: Probe = None, name: str = None, port: typing.Union[int, float] = None, port_number: typing.Union[int, float] = None, ports: typing.List[ContainerPort] = None, readiness: Probe = None, resources: ContainerResources = None, security_context: ContainerSecurityContextProps = None, startup: Probe = None, volume_mounts: typing.List[VolumeMount] = None, working_dir: str = None, image: str ) ``` ###### `args`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.args"></a> - *Type:* typing.List[`str`] - *Default:* [] Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. > https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `command`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.command"></a> - *Type:* typing.List[`str`] - *Default:* The docker image's ENTRYPOINT. Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `env_from`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.env_from"></a> - *Type:* typing.List[[`cdk8s_plus_25.EnvFrom`](#cdk8s_plus_25.EnvFrom)] - *Default:* No sources. List of sources to populate environment variables in the container. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the `envVariables` property with a duplicate key will take precedence. --- ###### `env_variables`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.env_variables"></a> - *Type:* typing.Mapping[[`cdk8s_plus_25.EnvValue`](#cdk8s_plus_25.EnvValue)] - *Default:* No environment variables. Environment variables to set in the container. --- ###### `image_pull_policy`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.image_pull_policy"></a> - *Type:* [`cdk8s_plus_25.ImagePullPolicy`](#cdk8s_plus_25.ImagePullPolicy) - *Default:* ImagePullPolicy.ALWAYS Image pull policy for this container. --- ###### `lifecycle`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.lifecycle"></a> - *Type:* [`cdk8s_plus_25.ContainerLifecycle`](#cdk8s_plus_25.ContainerLifecycle) Describes actions that the management system should take in response to container lifecycle events. --- ###### `liveness`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.liveness"></a> - *Type:* [`cdk8s_plus_25.Probe`](#cdk8s_plus_25.Probe) - *Default:* no liveness probe is defined Periodic probe of container liveness. Container will be restarted if the probe fails. --- ###### `name`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.name"></a> - *Type:* `str` - *Default:* 'main' Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. --- ###### ~~`port`~~Optional <a name="cdk8s_plus_25.ContainerProps.parameter.port"></a> - *Deprecated:* - use `portNumber`. - *Type:* `typing.Union[int, float]` --- ###### `port_number`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.port_number"></a> - *Type:* `typing.Union[int, float]` - *Default:* Only the ports mentiond in the `ports` property are exposed. Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. This is a convinience property if all you need a single TCP numbered port. In case more advanced configuartion is required, use the `ports` property. This port is added to the list of ports mentioned in the `ports` property. --- ###### `ports`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.ports"></a> - *Type:* typing.List[[`cdk8s_plus_25.ContainerPort`](#cdk8s_plus_25.ContainerPort)] - *Default:* Only the port mentioned in the `portNumber` property is exposed. List of ports to expose from this container. --- ###### `readiness`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.readiness"></a> - *Type:* [`cdk8s_plus_25.Probe`](#cdk8s_plus_25.Probe) - *Default:* no readiness probe is defined Determines when the container is ready to serve traffic. --- ###### `resources`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.resources"></a> - *Type:* [`cdk8s_plus_25.ContainerResources`](#cdk8s_plus_25.ContainerResources) - *Default:* cpu: request: 1000 millis limit: 1500 millis memory: request: 512 mebibytes limit: 2048 mebibytes Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ###### `security_context`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.security_context"></a> - *Type:* [`cdk8s_plus_25.ContainerSecurityContextProps`](#cdk8s_plus_25.ContainerSecurityContextProps) - *Default:* ensureNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false user: 25000 group: 26000 SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context. > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ --- ###### `startup`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.startup"></a> - *Type:* [`cdk8s_plus_25.Probe`](#cdk8s_plus_25.Probe) - *Default:* If a port is provided, then knocks on that port to determine when the container is ready for readiness and liveness probe checks. Otherwise, no startup probe is defined. StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully --- ###### `volume_mounts`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.volume_mounts"></a> - *Type:* typing.List[[`cdk8s_plus_25.VolumeMount`](#cdk8s_plus_25.VolumeMount)] Pod volumes to mount into the container's filesystem. Cannot be updated. --- ###### `working_dir`Optional <a name="cdk8s_plus_25.ContainerProps.parameter.working_dir"></a> - *Type:* `str` - *Default:* The container runtime's default. Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. --- ###### `image`Required <a name="cdk8s_plus_25.ContainerProps.parameter.image"></a> - *Type:* `str` Docker image name. --- ##### `add_volume` <a name="cdk8s_plus_25.AbstractPod.add_volume"></a> ```python def add_volume( vol: Volume ) ``` ###### `vol`Required <a name="cdk8s_plus_25.AbstractPod.parameter.vol"></a> - *Type:* [`cdk8s_plus_25.Volume`](#cdk8s_plus_25.Volume) --- ##### `attach_container` <a name="cdk8s_plus_25.AbstractPod.attach_container"></a> ```python def attach_container( cont: Container ) ``` ###### `cont`Required <a name="cdk8s_plus_25.AbstractPod.parameter.cont"></a> - *Type:* [`cdk8s_plus_25.Container`](#cdk8s_plus_25.Container) --- ##### `to_network_policy_peer_config` <a name="cdk8s_plus_25.AbstractPod.to_network_policy_peer_config"></a> ```python def to_network_policy_peer_config() ``` ##### `to_pod_selector` <a name="cdk8s_plus_25.AbstractPod.to_pod_selector"></a> ```python def to_pod_selector() ``` ##### `to_pod_selector_config` <a name="cdk8s_plus_25.AbstractPod.to_pod_selector_config"></a> ```python def to_pod_selector_config() ``` ##### `to_subject_configuration` <a name="cdk8s_plus_25.AbstractPod.to_subject_configuration"></a> ```python def to_subject_configuration() ``` #### Properties <a name="Properties"></a> ##### `automount_service_account_token`Required <a name="cdk8s_plus_25.AbstractPod.property.automount_service_account_token"></a> ```python automount_service_account_token: bool ``` - *Type:* `bool` --- ##### `containers`Required <a name="cdk8s_plus_25.AbstractPod.property.containers"></a> ```python containers: typing.List[Container] ``` - *Type:* typing.List[[`cdk8s_plus_25.Container`](#cdk8s_plus_25.Container)] --- ##### `dns`Required <a name="cdk8s_plus_25.AbstractPod.property.dns"></a> ```python dns: PodDns ``` - *Type:* [`cdk8s_plus_25.PodDns`](#cdk8s_plus_25.PodDns) --- ##### `host_aliases`Required <a name="cdk8s_plus_25.AbstractPod.property.host_aliases"></a> ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_25.HostAlias`](#cdk8s_plus_25.HostAlias)] --- ##### `init_containers`Required <a name="cdk8s_plus_25.AbstractPod.property.init_containers"></a> ```python init_containers: typing.List[Container] ``` - *Type:* typing.List[[`cdk8s_plus_25.Container`](#cdk8s_plus_25.Container)] --- ##### `pod_metadata`Required <a name="cdk8s_plus_25.AbstractPod.property.pod_metadata"></a> ```python pod_metadata: ApiObjectMetadataDefinition ``` - *Type:* [`cdk8s.ApiObjectMetadataDefinition`](#cdk8s.ApiObjectMetadataDefinition) --- ##### `security_context`Required <a name="cdk8s_plus_25.AbstractPod.property.security_context"></a> ```python security_context: PodSecurityContext ``` - *Type:* [`cdk8s_plus_25.PodSecurityContext`](#cdk8s_plus_25.PodSecurityContext) --- ##### `volumes`Required <a name="cdk8s_plus_25.AbstractPod.property.volumes"></a> ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_25.Volume`](#cdk8s_plus_25.Volume)] --- ##### `docker_registry_auth`Optional <a name="cdk8s_plus_25.AbstractPod.property.docker_registry_auth"></a> ```python docker_registry_auth: ISecret ``` - *Type:* [`cdk8s_plus_25.ISecret`](#cdk8s_plus_25.ISecret) --- ##### `host_network`Optional <a name="cdk8s_plus_25.AbstractPod.property.host_network"></a> ```python host_network: bool ``` - *Type:* `bool` --- ##### `restart_policy`Optional <a name="cdk8s_plus_25.AbstractPod.property.restart_policy"></a> ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_25.RestartPolicy`](#cdk8s_plus_25.RestartPolicy) --- ##### `service_account`Optional <a name="cdk8s_plus_25.AbstractPod.property.service_account"></a> ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_25.IServiceAccount`](#cdk8s_plus_25.IServiceAccount) --- ##### `termination_grace_period`Optional <a name="cdk8s_plus_25.AbstractPod.property.termination_grace_period"></a> ```python termination_grace_period: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) --- ### AwsElasticBlockStorePersistentVolume <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume"></a> Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #### Initializers <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.Initializer"></a> ```python import cdk8s_plus_25 cdk8s_plus_25.AwsElasticBlockStorePersistentVolume( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, volume_id: str, fs_type: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `scope`Required <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.parameter.scope"></a> - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`Required <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.parameter.id"></a> - *Type:* `str` --- ##### `metadata`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.metadata"></a> - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.access_modes"></a> - *Type:* typing.List[[`cdk8s_plus_25.PersistentVolumeAccessMode`](#cdk8s_plus_25.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.claim"></a> - *Type:* [`cdk8s_plus_25.IPersistentVolumeClaim`](#cdk8s_plus_25.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.mount_options"></a> - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.reclaim_policy"></a> - *Type:* [`cdk8s_plus_25.PersistentVolumeReclaimPolicy`](#cdk8s_plus_25.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.storage"></a> - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.storage_class_name"></a> - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.volume_mode"></a> - *Type:* [`cdk8s_plus_25.PersistentVolumeMode`](#cdk8s_plus_25.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `volume_id`Required <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.volume_id"></a> - *Type:* `str` Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `fs_type`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.fs_type"></a> - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `partition`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.partition"></a> - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolumeProps.parameter.read_only"></a> - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- #### Properties <a name="Properties"></a> ##### `fs_type`Required <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.property.fs_type"></a> ```python fs_type: str ``` - *Type:* `str` File system type of this volume. --- ##### `read_only`Required <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.property.read_only"></a> ```python read_only: bool ``` - *Type:* `bool` Whether or not it is mounted as a read-only volume. --- ##### `volume_id`Required <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.property.volume_id"></a> ```python volume_id: str ``` - *Type:* `str` Volume id of this volume. --- ##### `partition`Optional <a name="cdk8s_plus_25.AwsElasticBlockStorePersistentVolume.property.partition"></a> ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Partition of this volume. --- ### AzureDiskPersistentVolume <a name="cdk8s_plus_25.AzureDiskPersistentVolume"></a> AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #### Initializers <a name="cdk8s_plus_25.AzureDiskPersistentVolume.Initializer"></a> ```python import cdk8s_plus_25 cdk8s_plus_25.AzureDiskPersistentVolume( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, disk_name: str, disk_uri: str, caching_mode: AzureDiskPersistentVolumeCachingMode = None, fs_type: str = None, kind: AzureDiskPersistentVolumeKind = None, read_only: bool = None ) ``` ##### `scope`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.parameter.scope"></a> - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.parameter.id"></a> - *Type:* `str` --- ##### `metadata`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.metadata"></a> - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.access_modes"></a> - *Type:* typing.List[[`cdk8s_plus_25.PersistentVolumeAccessMode`](#cdk8s_plus_25.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.claim"></a> - *Type:* [`cdk8s_plus_25.IPersistentVolumeClaim`](#cdk8s_plus_25.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.mount_options"></a> - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.reclaim_policy"></a> - *Type:* [`cdk8s_plus_25.PersistentVolumeReclaimPolicy`](#cdk8s_plus_25.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.storage"></a> - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.storage_class_name"></a> - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.volume_mode"></a> - *Type:* [`cdk8s_plus_25.PersistentVolumeMode`](#cdk8s_plus_25.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `disk_name`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.disk_name"></a> - *Type:* `str` The Name of the data disk in the blob storage. --- ##### `disk_uri`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.disk_uri"></a> - *Type:* `str` The URI the data disk in the blob storage. --- ##### `caching_mode`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.caching_mode"></a> - *Type:* [`cdk8s_plus_25.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_25.AzureDiskPersistentVolumeCachingMode) - *Default:* AzureDiskPersistentVolumeCachingMode.NONE. Host Caching mode. --- ##### `fs_type`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.fs_type"></a> - *Type:* `str` - *Default:* 'ext4' Filesystem type to mount. Must be a filesystem type supported by the host operating system. --- ##### `kind`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.kind"></a> - *Type:* [`cdk8s_plus_25.AzureDiskPersistentVolumeKind`](#cdk8s_plus_25.AzureDiskPersistentVolumeKind) - *Default:* AzureDiskPersistentVolumeKind.SHARED Kind of disk. --- ##### `read_only`Optional <a name="cdk8s_plus_25.AzureDiskPersistentVolumeProps.parameter.read_only"></a> - *Type:* `bool` - *Default:* false Force the ReadOnly setting in VolumeMounts. --- #### Properties <a name="Properties"></a> ##### `azure_kind`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.property.azure_kind"></a> ```python azure_kind: AzureDiskPersistentVolumeKind ``` - *Type:* [`cdk8s_plus_25.AzureDiskPersistentVolumeKind`](#cdk8s_plus_25.AzureDiskPersistentVolumeKind) Azure kind of this volume. --- ##### `caching_mode`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.property.caching_mode"></a> ```python caching_mode: AzureDiskPersistentVolumeCachingMode ``` - *Type:* [`cdk8s_plus_25.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_25.AzureDiskPersistentVolumeCachingMode) Caching mode of this volume. --- ##### `disk_name`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.property.disk_name"></a> ```python disk_name: str ``` - *Type:* `str` Disk name of this volume. --- ##### `disk_uri`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.property.disk_uri"></a> ```python disk_uri: str ``` - *Type:* `str` Disk URI of this volume. --- ##### `fs_type`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.property.fs_type"></a> ```python fs_type: str ``` - *Type:* `str` File system type of this volume. --- ##### `read_only`Required <a name="cdk8s_plus_25.AzureDiskPersistentVolume.property.read_only"></a> ```python read_only: bool ``` - *Type:* `bool` Whether or not it is mounted as a read-only volume. --- ### BasicAuthSecret <a name="cdk8s_plus_25.BasicAuthSecret"></a> Create a secret for basic authentication. > https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret #### Initializers <a name="cdk8s_plus_25.BasicAuthSecret.Initializer"></a> ```python import cdk8s_plus_25 cdk8s_plus_25.BasicAuthSecret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, password: str, username: str ) ``` ##### `scope`Required <a name="cdk8s_plus_25.BasicAuthSecret.parameter.scope"></a> - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`Required <a name="cdk8s_plus_25.BasicAuthSecret.parameter.id"></a> - *Type:* `str` --- ##### `metadata`Optional <a name="cdk8s_plus_25.BasicAuthSecretProps.parameter.metadata"></a> - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`Optional <a name="cdk8s_plus_25.BasicAuthSecretProps.parameter.immutable"></a> - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `password`Required <a name="cdk8s_plus_25.BasicAuthSecretProps.parameter.password"></a> - *Type:* `str` The password or token for authentication. --- ##### `username`Required <a name="cdk8s_plus_25.BasicAuthSecretProps.parameter.username"></a> - *Type:* `str` The user name for authentication. --- ### ClusterRole <a name="cdk8s_plus_25.ClusterRole"></a> - *Implements:* [`cdk8s_plus_25.IClusterRole`](#cdk8s_plus_25.IClusterRole), [`cdk8s_plus_25.IRole`](#cdk8s_plus_25.IRole) ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. #### Initializers <a name="cdk8s_plus_25.ClusterRole.Initializer"></a> ```python import cdk8s_plus_25 cdk8s_plus_25.ClusterRole( scope: Construct, id: str, metadata: ApiObjectMetadata = None, aggregation_labels: typing.Mapping[str] = None, rules: typing.List[ClusterRolePolicyRule] = None ) ``` ##### `scope`Required <a name="cdk8s_plus_25.ClusterRole.parameter.scope"></a> - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`Required <a name="cdk8s_plus_25.ClusterRole.parameter.id"></a> - *Type:* `str` --- ##### `metadata`Optional <a name="cdk8s_plus_25.ClusterRoleProps.parameter.metadata"></a> - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `aggregation_labels`Optional <a name="cdk8s_plus_25.ClusterRoleProps.parameter.aggregation_labels"></a> - *Type:* typing.Mapping[`str`] Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole's rules. --- ##### `rules`Optional <a name="cdk8s_plus_25.ClusterRoleProps.parameter.rules"></a> - *Type:* typing.List[[`cdk8s_plus_25.ClusterRolePolicyRule`](#cdk8s_plus_25.ClusterRolePolicyRule)] - *Default:* [] A list of rules the role should allow. --- #### Methods <a name="Methods"></a> ##### `aggregate` <a name="cdk8s_plus_25.ClusterRole.aggregate"></a> ```python def aggregate( key: str, value: str ) ``` ###### `key`Required <a name="cdk8s_plus_25.ClusterRole.parameter.key"></a> - *Type:* `str` --- ###### `value`Required <a name="cdk8s_plus_25.ClusterRole.parameter.value"></a> - *Type:* `str` --- ##### `allow` <a name="cdk8s_plus_25.ClusterRole.allow"></a> ```python def allow( verbs: typing.List[str], endpoints: IApiEndpoint ) ``` ###### `verbs`Required <a name="cdk8s_plus_25.ClusterRole.parameter.verbs"></a> - *Type:* typing.List[`str`] --- ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The endpoints(s) to apply to. --- ##### `allow_create` <a name="cdk8s_plus_25.ClusterRole.allow_create"></a> ```python def allow_create( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_delete` <a name="cdk8s_plus_25.ClusterRole.allow_delete"></a> ```python def allow_delete( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_delete_collection` <a name="cdk8s_plus_25.ClusterRole.allow_delete_collection"></a> ```python def allow_delete_collection( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_get` <a name="cdk8s_plus_25.ClusterRole.allow_get"></a> ```python def allow_get( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_list` <a name="cdk8s_plus_25.ClusterRole.allow_list"></a> ```python def allow_list( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_patch` <a name="cdk8s_plus_25.ClusterRole.allow_patch"></a> ```python def allow_patch( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_read` <a name="cdk8s_plus_25.ClusterRole.allow_read"></a> ```python def allow_read( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_read_write` <a name="cdk8s_plus_25.ClusterRole.allow_read_write"></a> ```python def allow_read_write( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_update` <a name="cdk8s_plus_25.ClusterRole.allow_update"></a> ```python def allow_update( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_watch` <a name="cdk8s_plus_25.ClusterRole.allow_watch"></a> ```python def allow_watch( endpoints: IApiEndpoint ) ``` ###### `endpoints`Required <a name="cdk8s_plus_25.ClusterRole.parameter.endpoints"></a> - *Type:* [`cdk8s_plus_25.IApiEndpoint`](#cdk8s_plus_25.IApiEndpoint) The resource(s) to apply to. --- ##### `bind` <a name="cdk8s_plus_25.ClusterRole.bind"></a> ```python def bind( subjects: ISubject ) ``` ###### `subjects`Required <a name="cdk8s_plus_25.ClusterRole.parameter.subjects"></a> - *Type:* [`cdk8s_plus_25.ISubject`](#cdk8s_plus_25.ISubject) a list of subjects to bind to. --- ##### `bind_in_namespace` <a name="cdk8s_plus_25.ClusterRole.bind_in_namespace"></a> ```python def bind_in_namespace( namespace: str, subjects: ISubject ) ``` ###### `namespace`Required <a name="cdk8s_plus_25.ClusterRole.parameter.namespace"></a> - *Type:* `str` the namespace to limit permissions to. --- ###### `subjects`Required <a name="cdk8s_plus_25.ClusterRole.parameter.subjects"></a> - *Type:* [`cdk8s_plus_25.ISubject`](#cdk8s_plus_25.ISubject) a list of subjects to bind to. --- ##### `combine` <a name="cdk8s_plus_2