io.kubernetes.client.models

Class V1beta1PodSecurityPolicySpec

java.lang.Object

io.kubernetes.client.models.V1beta1PodSecurityPolicySpec

public class V1beta1PodSecurityPolicySpec
extends Object

Pod Security Policy Spec defines the policy enforced.

Constructor Summary

Constructors

Constructor and Description
V1beta1PodSecurityPolicySpec()

Method Summary

Modifier and Type	Method and Description
V1beta1PodSecurityPolicySpec	addAllowedCapabilitiesItem(String allowedCapabilitiesItem)
V1beta1PodSecurityPolicySpec	addDefaultAddCapabilitiesItem(String defaultAddCapabilitiesItem)
V1beta1PodSecurityPolicySpec	addHostPortsItem(V1beta1HostPortRange hostPortsItem)
V1beta1PodSecurityPolicySpec	addRequiredDropCapabilitiesItem(String requiredDropCapabilitiesItem)
V1beta1PodSecurityPolicySpec	addVolumesItem(String volumesItem)
V1beta1PodSecurityPolicySpec	allowedCapabilities(List<String> allowedCapabilities)
V1beta1PodSecurityPolicySpec	defaultAddCapabilities(List<String> defaultAddCapabilities)
boolean	equals(Object o)
V1beta1PodSecurityPolicySpec	fsGroup(V1beta1FSGroupStrategyOptions fsGroup)
List<String>	getAllowedCapabilities() AllowedCapabilities is a list of capabilities that can be requested to add to the container.
List<String>	getDefaultAddCapabilities() DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.
V1beta1FSGroupStrategyOptions	getFsGroup() FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
List<V1beta1HostPortRange>	getHostPorts() hostPorts determines which host port ranges are allowed to be exposed.
List<String>	getRequiredDropCapabilities() RequiredDropCapabilities are the capabilities that will be dropped from the container.
V1beta1RunAsUserStrategyOptions	getRunAsUser() runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
V1beta1SELinuxStrategyOptions	getSeLinux() seLinux is the strategy that will dictate the allowable labels that may be set.
V1beta1SupplementalGroupsStrategyOptions	getSupplementalGroups() SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
List<String>	getVolumes() volumes is a white list of allowed volume plugins.
int	hashCode()
V1beta1PodSecurityPolicySpec	hostIPC(Boolean hostIPC)
V1beta1PodSecurityPolicySpec	hostNetwork(Boolean hostNetwork)
V1beta1PodSecurityPolicySpec	hostPID(Boolean hostPID)
V1beta1PodSecurityPolicySpec	hostPorts(List<V1beta1HostPortRange> hostPorts)
Boolean	isHostIPC() hostIPC determines if the policy allows the use of HostIPC in the pod spec.
Boolean	isHostNetwork() hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
Boolean	isHostPID() hostPID determines if the policy allows the use of HostPID in the pod spec.
Boolean	isPrivileged() privileged determines if a pod can request to be run as privileged.
Boolean	isReadOnlyRootFilesystem() ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system.
V1beta1PodSecurityPolicySpec	privileged(Boolean privileged)
V1beta1PodSecurityPolicySpec	readOnlyRootFilesystem(Boolean readOnlyRootFilesystem)
V1beta1PodSecurityPolicySpec	requiredDropCapabilities(List<String> requiredDropCapabilities)
V1beta1PodSecurityPolicySpec	runAsUser(V1beta1RunAsUserStrategyOptions runAsUser)
V1beta1PodSecurityPolicySpec	seLinux(V1beta1SELinuxStrategyOptions seLinux)
void	setAllowedCapabilities(List<String> allowedCapabilities)
void	setDefaultAddCapabilities(List<String> defaultAddCapabilities)
void	setFsGroup(V1beta1FSGroupStrategyOptions fsGroup)
void	setHostIPC(Boolean hostIPC)
void	setHostNetwork(Boolean hostNetwork)
void	setHostPID(Boolean hostPID)
void	setHostPorts(List<V1beta1HostPortRange> hostPorts)
void	setPrivileged(Boolean privileged)
void	setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)
void	setRequiredDropCapabilities(List<String> requiredDropCapabilities)
void	setRunAsUser(V1beta1RunAsUserStrategyOptions runAsUser)
void	setSeLinux(V1beta1SELinuxStrategyOptions seLinux)
void	setSupplementalGroups(V1beta1SupplementalGroupsStrategyOptions supplementalGroups)
void	setVolumes(List<String> volumes)
V1beta1PodSecurityPolicySpec	supplementalGroups(V1beta1SupplementalGroupsStrategyOptions supplementalGroups)
String	toString()
V1beta1PodSecurityPolicySpec	volumes(List<String> volumes)

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

V1beta1PodSecurityPolicySpec

public V1beta1PodSecurityPolicySpec()

Method Detail

allowedCapabilities

public V1beta1PodSecurityPolicySpec allowedCapabilities(List<String> allowedCapabilities)

addAllowedCapabilitiesItem

public V1beta1PodSecurityPolicySpec addAllowedCapabilitiesItem(String allowedCapabilitiesItem)

getAllowedCapabilities

public List<String> getAllowedCapabilities()

AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.

Returns:

allowedCapabilities

setAllowedCapabilities

public void setAllowedCapabilities(List<String> allowedCapabilities)

defaultAddCapabilities

public V1beta1PodSecurityPolicySpec defaultAddCapabilities(List<String> defaultAddCapabilities)

addDefaultAddCapabilitiesItem

public V1beta1PodSecurityPolicySpec addDefaultAddCapabilitiesItem(String defaultAddCapabilitiesItem)

getDefaultAddCapabilities

public List<String> getDefaultAddCapabilities()

DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.

Returns:

defaultAddCapabilities

setDefaultAddCapabilities

public void setDefaultAddCapabilities(List<String> defaultAddCapabilities)

fsGroup

public V1beta1PodSecurityPolicySpec fsGroup(V1beta1FSGroupStrategyOptions fsGroup)

getFsGroup

public V1beta1FSGroupStrategyOptions getFsGroup()

FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.

Returns:

fsGroup

setFsGroup

public void setFsGroup(V1beta1FSGroupStrategyOptions fsGroup)

hostIPC

public V1beta1PodSecurityPolicySpec hostIPC(Boolean hostIPC)

isHostIPC

public Boolean isHostIPC()

hostIPC determines if the policy allows the use of HostIPC in the pod spec.

Returns:

hostIPC

setHostIPC

public void setHostIPC(Boolean hostIPC)

hostNetwork

public V1beta1PodSecurityPolicySpec hostNetwork(Boolean hostNetwork)

isHostNetwork

public Boolean isHostNetwork()

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

Returns:

hostNetwork

setHostNetwork

public void setHostNetwork(Boolean hostNetwork)

hostPID

public V1beta1PodSecurityPolicySpec hostPID(Boolean hostPID)

isHostPID

public Boolean isHostPID()

hostPID determines if the policy allows the use of HostPID in the pod spec.

Returns:

hostPID

setHostPID

public void setHostPID(Boolean hostPID)

hostPorts

public V1beta1PodSecurityPolicySpec hostPorts(List<V1beta1HostPortRange> hostPorts)

addHostPortsItem

public V1beta1PodSecurityPolicySpec addHostPortsItem(V1beta1HostPortRange hostPortsItem)

getHostPorts

public List<V1beta1HostPortRange> getHostPorts()

hostPorts determines which host port ranges are allowed to be exposed.

Returns:

hostPorts

setHostPorts

public void setHostPorts(List<V1beta1HostPortRange> hostPorts)

privileged

public V1beta1PodSecurityPolicySpec privileged(Boolean privileged)

isPrivileged

public Boolean isPrivileged()

privileged determines if a pod can request to be run as privileged.

Returns:

privileged

setPrivileged

public void setPrivileged(Boolean privileged)

readOnlyRootFilesystem

public V1beta1PodSecurityPolicySpec readOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

isReadOnlyRootFilesystem

public Boolean isReadOnlyRootFilesystem()

ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.

Returns:

readOnlyRootFilesystem

setReadOnlyRootFilesystem

public void setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

requiredDropCapabilities

public V1beta1PodSecurityPolicySpec requiredDropCapabilities(List<String> requiredDropCapabilities)

addRequiredDropCapabilitiesItem

public V1beta1PodSecurityPolicySpec addRequiredDropCapabilitiesItem(String requiredDropCapabilitiesItem)

getRequiredDropCapabilities

public List<String> getRequiredDropCapabilities()

RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.

Returns:

requiredDropCapabilities

setRequiredDropCapabilities

public void setRequiredDropCapabilities(List<String> requiredDropCapabilities)

runAsUser

public V1beta1PodSecurityPolicySpec runAsUser(V1beta1RunAsUserStrategyOptions runAsUser)

getRunAsUser

public V1beta1RunAsUserStrategyOptions getRunAsUser()

runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.

Returns:

runAsUser

setRunAsUser

public void setRunAsUser(V1beta1RunAsUserStrategyOptions runAsUser)

seLinux

public V1beta1PodSecurityPolicySpec seLinux(V1beta1SELinuxStrategyOptions seLinux)

getSeLinux

public V1beta1SELinuxStrategyOptions getSeLinux()

seLinux is the strategy that will dictate the allowable labels that may be set.

Returns:

seLinux

setSeLinux

public void setSeLinux(V1beta1SELinuxStrategyOptions seLinux)

supplementalGroups

public V1beta1PodSecurityPolicySpec supplementalGroups(V1beta1SupplementalGroupsStrategyOptions supplementalGroups)

getSupplementalGroups

public V1beta1SupplementalGroupsStrategyOptions getSupplementalGroups()

SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.

Returns:

supplementalGroups

setSupplementalGroups

public void setSupplementalGroups(V1beta1SupplementalGroupsStrategyOptions supplementalGroups)

volumes

public V1beta1PodSecurityPolicySpec volumes(List<String> volumes)

addVolumesItem

public V1beta1PodSecurityPolicySpec addVolumesItem(String volumesItem)

getVolumes

public List<String> getVolumes()

volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.

Returns:

volumes

setVolumes

public void setVolumes(List<String> volumes)

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object