Class SecurityContext
- java.lang.Object
-
- com.marcnuri.yakc.model.io.k8s.api.core.v1.SecurityContext
-
- All Implemented Interfaces:
com.marcnuri.yakc.model.Model
public class SecurityContext extends java.lang.Object implements com.marcnuri.yakc.model.Model
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SecurityContext.Builder
-
Constructor Summary
Constructors Constructor Description SecurityContext()
SecurityContext(java.lang.Boolean allowPrivilegeEscalation, Capabilities capabilities, java.lang.Boolean privileged, java.lang.String procMount, java.lang.Boolean readOnlyRootFilesystem, java.lang.Number runAsGroup, java.lang.Boolean runAsNonRoot, java.lang.Number runAsUser, SELinuxOptions seLinuxOptions, SeccompProfile seccompProfile, WindowsSecurityContextOptions windowsOptions)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static SecurityContext.Builder
builder()
protected boolean
canEqual(java.lang.Object other)
boolean
equals(java.lang.Object o)
java.lang.Boolean
getAllowPrivilegeEscalation()
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.Capabilities
getCapabilities()
java.lang.Boolean
getPrivileged()
Run container in privileged mode.java.lang.String
getProcMount()
procMount denotes the type of proc mount to use for the containers.java.lang.Boolean
getReadOnlyRootFilesystem()
Whether this container has a read-only root filesystem.java.lang.Number
getRunAsGroup()
The GID to run the entrypoint of the container process.java.lang.Boolean
getRunAsNonRoot()
Indicates that the container must run as a non-root user.java.lang.Number
getRunAsUser()
The UID to run the entrypoint of the container process.SeccompProfile
getSeccompProfile()
SELinuxOptions
getSeLinuxOptions()
WindowsSecurityContextOptions
getWindowsOptions()
int
hashCode()
void
setAllowPrivilegeEscalation(java.lang.Boolean allowPrivilegeEscalation)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.void
setCapabilities(Capabilities capabilities)
void
setPrivileged(java.lang.Boolean privileged)
Run container in privileged mode.void
setProcMount(java.lang.String procMount)
procMount denotes the type of proc mount to use for the containers.void
setReadOnlyRootFilesystem(java.lang.Boolean readOnlyRootFilesystem)
Whether this container has a read-only root filesystem.void
setRunAsGroup(java.lang.Number runAsGroup)
The GID to run the entrypoint of the container process.void
setRunAsNonRoot(java.lang.Boolean runAsNonRoot)
Indicates that the container must run as a non-root user.void
setRunAsUser(java.lang.Number runAsUser)
The UID to run the entrypoint of the container process.void
setSeccompProfile(SeccompProfile seccompProfile)
void
setSeLinuxOptions(SELinuxOptions seLinuxOptions)
void
setWindowsOptions(WindowsSecurityContextOptions windowsOptions)
SecurityContext.Builder
toBuilder()
java.lang.String
toString()
-
-
-
Constructor Detail
-
SecurityContext
public SecurityContext(java.lang.Boolean allowPrivilegeEscalation, Capabilities capabilities, java.lang.Boolean privileged, java.lang.String procMount, java.lang.Boolean readOnlyRootFilesystem, java.lang.Number runAsGroup, java.lang.Boolean runAsNonRoot, java.lang.Number runAsUser, SELinuxOptions seLinuxOptions, SeccompProfile seccompProfile, WindowsSecurityContextOptions windowsOptions)
-
SecurityContext
public SecurityContext()
-
-
Method Detail
-
builder
public static SecurityContext.Builder builder()
-
toBuilder
public SecurityContext.Builder toBuilder()
-
getAllowPrivilegeEscalation
public java.lang.Boolean getAllowPrivilegeEscalation()
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-
getCapabilities
public Capabilities getCapabilities()
-
getPrivileged
public java.lang.Boolean getPrivileged()
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-
getProcMount
public java.lang.String getProcMount()
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-
getReadOnlyRootFilesystem
public java.lang.Boolean getReadOnlyRootFilesystem()
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-
getRunAsGroup
public java.lang.Number getRunAsGroup()
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-
getRunAsNonRoot
public java.lang.Boolean getRunAsNonRoot()
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
getRunAsUser
public java.lang.Number getRunAsUser()
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-
getSeLinuxOptions
public SELinuxOptions getSeLinuxOptions()
-
getSeccompProfile
public SeccompProfile getSeccompProfile()
-
getWindowsOptions
public WindowsSecurityContextOptions getWindowsOptions()
-
setAllowPrivilegeEscalation
public void setAllowPrivilegeEscalation(java.lang.Boolean allowPrivilegeEscalation)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
-
setCapabilities
public void setCapabilities(Capabilities capabilities)
-
setPrivileged
public void setPrivileged(java.lang.Boolean privileged)
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
-
setProcMount
public void setProcMount(java.lang.String procMount)
procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
-
setReadOnlyRootFilesystem
public void setReadOnlyRootFilesystem(java.lang.Boolean readOnlyRootFilesystem)
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
-
setRunAsGroup
public void setRunAsGroup(java.lang.Number runAsGroup)
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-
setRunAsNonRoot
public void setRunAsNonRoot(java.lang.Boolean runAsNonRoot)
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
-
setRunAsUser
public void setRunAsUser(java.lang.Number runAsUser)
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
-
setSeLinuxOptions
public void setSeLinuxOptions(SELinuxOptions seLinuxOptions)
-
setSeccompProfile
public void setSeccompProfile(SeccompProfile seccompProfile)
-
setWindowsOptions
public void setWindowsOptions(WindowsSecurityContextOptions windowsOptions)
-
equals
public boolean equals(java.lang.Object o)
- Overrides:
equals
in classjava.lang.Object
-
canEqual
protected boolean canEqual(java.lang.Object other)
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classjava.lang.Object
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
-