Package io.fabric8.kubernetes.api.model

Class SecurityContext

java.lang.Object

io.fabric8.kubernetes.api.model.SecurityContext

All Implemented Interfaces:

io.fabric8.kubernetes.api.builder.Editable<SecurityContextBuilder>, KubernetesResource, Serializable

@Generated("io.fabric8.kubernetes.schema.generator.model.ModelGenerator")
public class SecurityContext
extends Object
implements io.fabric8.kubernetes.api.builder.Editable<SecurityContextBuilder>, KubernetesResource

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor	Description
SecurityContext()	No args constructor for use in serialization
SecurityContext(Boolean allowPrivilegeEscalation, AppArmorProfile appArmorProfile, Capabilities capabilities, Boolean privileged, String procMount, Boolean readOnlyRootFilesystem, Long runAsGroup, Boolean runAsNonRoot, Long runAsUser, SELinuxOptions seLinuxOptions, SeccompProfile seccompProfile, WindowsSecurityContextOptions windowsOptions)

Method Summary

Modifier and Type	Method	Description
SecurityContextBuilder	edit()
Map<String,Object>	getAdditionalProperties()
Boolean	getAllowPrivilegeEscalation()	AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
AppArmorProfile	getAppArmorProfile()	SecurityContext holds security configuration that will be applied to a container.
Capabilities	getCapabilities()	SecurityContext holds security configuration that will be applied to a container.
Boolean	getPrivileged()	Run container in privileged mode.
String	getProcMount()	procMount denotes the type of proc mount to use for the containers.
Boolean	getReadOnlyRootFilesystem()	Whether this container has a read-only root filesystem.
Long	getRunAsGroup()	The GID to run the entrypoint of the container process.
Boolean	getRunAsNonRoot()	Indicates that the container must run as a non-root user.
Long	getRunAsUser()	The UID to run the entrypoint of the container process.
SeccompProfile	getSeccompProfile()	SecurityContext holds security configuration that will be applied to a container.
SELinuxOptions	getSeLinuxOptions()	SecurityContext holds security configuration that will be applied to a container.
WindowsSecurityContextOptions	getWindowsOptions()	SecurityContext holds security configuration that will be applied to a container.
void	setAdditionalProperties(Map<String,Object> additionalProperties)
void	setAdditionalProperty(String name, Object value)
void	setAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation)	AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
void	setAppArmorProfile(AppArmorProfile appArmorProfile)	SecurityContext holds security configuration that will be applied to a container.
void	setCapabilities(Capabilities capabilities)	SecurityContext holds security configuration that will be applied to a container.
void	setPrivileged(Boolean privileged)	Run container in privileged mode.
void	setProcMount(String procMount)	procMount denotes the type of proc mount to use for the containers.
void	setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)	Whether this container has a read-only root filesystem.
void	setRunAsGroup(Long runAsGroup)	The GID to run the entrypoint of the container process.
void	setRunAsNonRoot(Boolean runAsNonRoot)	Indicates that the container must run as a non-root user.
void	setRunAsUser(Long runAsUser)	The UID to run the entrypoint of the container process.
void	setSeccompProfile(SeccompProfile seccompProfile)	SecurityContext holds security configuration that will be applied to a container.
void	setSeLinuxOptions(SELinuxOptions seLinuxOptions)	SecurityContext holds security configuration that will be applied to a container.
void	setWindowsOptions(WindowsSecurityContextOptions windowsOptions)	SecurityContext holds security configuration that will be applied to a container.
SecurityContextBuilder	toBuilder()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityContext

public SecurityContext()

No args constructor for use in serialization

SecurityContext

public SecurityContext(Boolean allowPrivilegeEscalation,
                       AppArmorProfile appArmorProfile,
                       Capabilities capabilities,
                       Boolean privileged,
                       String procMount,
                       Boolean readOnlyRootFilesystem,
                       Long runAsGroup,
                       Boolean runAsNonRoot,
                       Long runAsUser,
                       SELinuxOptions seLinuxOptions,
                       SeccompProfile seccompProfile,
                       WindowsSecurityContextOptions windowsOptions)

Method Detail

getAllowPrivilegeEscalation

public Boolean getAllowPrivilegeEscalation()

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.

setAllowPrivilegeEscalation

public void setAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation)

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.

getAppArmorProfile

public AppArmorProfile getAppArmorProfile()

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

setAppArmorProfile

public void setAppArmorProfile(AppArmorProfile appArmorProfile)

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

getCapabilities

public Capabilities getCapabilities()

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

setCapabilities

public void setCapabilities(Capabilities capabilities)

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

getPrivileged

public Boolean getPrivileged()

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

setPrivileged

public void setPrivileged(Boolean privileged)

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

getProcMount

public String getProcMount()

procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

setProcMount

public void setProcMount(String procMount)

procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

getReadOnlyRootFilesystem

public Boolean getReadOnlyRootFilesystem()

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

setReadOnlyRootFilesystem

public void setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

getRunAsGroup

public Long getRunAsGroup()

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

setRunAsGroup

public void setRunAsGroup(Long runAsGroup)

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

getRunAsNonRoot

public Boolean getRunAsNonRoot()

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

setRunAsNonRoot

public void setRunAsNonRoot(Boolean runAsNonRoot)

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

getRunAsUser

public Long getRunAsUser()

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

setRunAsUser

public void setRunAsUser(Long runAsUser)

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

getSeLinuxOptions

public SELinuxOptions getSeLinuxOptions()

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

setSeLinuxOptions

public void setSeLinuxOptions(SELinuxOptions seLinuxOptions)

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

getSeccompProfile

public SeccompProfile getSeccompProfile()

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

setSeccompProfile

public void setSeccompProfile(SeccompProfile seccompProfile)

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

getWindowsOptions

public WindowsSecurityContextOptions getWindowsOptions()

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

setWindowsOptions

public void setWindowsOptions(WindowsSecurityContextOptions windowsOptions)

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

edit

public SecurityContextBuilder edit()

Specified by:

edit in interface io.fabric8.kubernetes.api.builder.Editable<SecurityContextBuilder>

toBuilder

public SecurityContextBuilder toBuilder()

getAdditionalProperties

public Map<String,Object> getAdditionalProperties()

setAdditionalProperty

public void setAdditionalProperty(String name,
                                  Object value)

setAdditionalProperties

public void setAdditionalProperties(Map<String,Object> additionalProperties)