Package io.kubernetes.client.openapi.models

Class V1SecurityContext

java.lang.Object
io.kubernetes.client.openapi.models.V1SecurityContext
@Generated(value="org.openapitools.codegen.languages.JavaClientCodegen", date="2024-02-02T17:56:12.287571Z[Etc/UTC]") public class V1SecurityContext extends Object
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

  • Field Details

  • Constructor Details

    • V1SecurityContext

      public V1SecurityContext()

  • Method Details

    • allowPrivilegeEscalation

      public V1SecurityContext allowPrivilegeEscalation(Boolean allowPrivilegeEscalation)

    • getAllowPrivilegeEscalation

      @Nullable public Boolean getAllowPrivilegeEscalation()
      AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
      Returns:
      allowPrivilegeEscalation

    • setAllowPrivilegeEscalation

      public void setAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation)

    • capabilities

      public V1SecurityContext capabilities(V1Capabilities capabilities)

    • getCapabilities

      @Nullable public V1Capabilities getCapabilities()
      Get capabilities
      Returns:
      capabilities

    • setCapabilities

      public void setCapabilities(V1Capabilities capabilities)

    • privileged

      public V1SecurityContext privileged(Boolean privileged)

    • getPrivileged

      @Nullable public Boolean getPrivileged()
      Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      privileged

    • setPrivileged

      public void setPrivileged(Boolean privileged)

    • procMount

      public V1SecurityContext procMount(String procMount)

    • getProcMount

      @Nullable public String getProcMount()
      procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      procMount

    • setProcMount

      public void setProcMount(String procMount)

    • readOnlyRootFilesystem

      public V1SecurityContext readOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

    • getReadOnlyRootFilesystem

      @Nullable public Boolean getReadOnlyRootFilesystem()
      Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      readOnlyRootFilesystem

    • setReadOnlyRootFilesystem

      public void setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

    • runAsGroup

      public V1SecurityContext runAsGroup(Long runAsGroup)

    • getRunAsGroup

      @Nullable public Long getRunAsGroup()
      The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      runAsGroup

    • setRunAsGroup

      public void setRunAsGroup(Long runAsGroup)

    • runAsNonRoot

      public V1SecurityContext runAsNonRoot(Boolean runAsNonRoot)

    • getRunAsNonRoot

      @Nullable public Boolean getRunAsNonRoot()
      Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
      Returns:
      runAsNonRoot

    • setRunAsNonRoot

      public void setRunAsNonRoot(Boolean runAsNonRoot)

    • runAsUser

      public V1SecurityContext runAsUser(Long runAsUser)

    • getRunAsUser

      @Nullable public Long getRunAsUser()
      The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      runAsUser

    • setRunAsUser

      public void setRunAsUser(Long runAsUser)

    • seLinuxOptions

      public V1SecurityContext seLinuxOptions(V1SELinuxOptions seLinuxOptions)

    • getSeLinuxOptions

      @Nullable public V1SELinuxOptions getSeLinuxOptions()
      Get seLinuxOptions
      Returns:
      seLinuxOptions

    • setSeLinuxOptions

      public void setSeLinuxOptions(V1SELinuxOptions seLinuxOptions)

    • seccompProfile

      public V1SecurityContext seccompProfile(V1SeccompProfile seccompProfile)

    • getSeccompProfile

      @Nullable public V1SeccompProfile getSeccompProfile()
      Get seccompProfile
      Returns:
      seccompProfile

    • setSeccompProfile

      public void setSeccompProfile(V1SeccompProfile seccompProfile)

    • windowsOptions

      public V1SecurityContext windowsOptions(V1WindowsSecurityContextOptions windowsOptions)

    • getWindowsOptions

      @Nullable public V1WindowsSecurityContextOptions getWindowsOptions()
      Get windowsOptions
      Returns:
      windowsOptions

    • setWindowsOptions

      public void setWindowsOptions(V1WindowsSecurityContextOptions windowsOptions)

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • validateJsonObject

      public static void validateJsonObject(com.google.gson.JsonObject jsonObj) throws IOException
      Validates the JSON Object and throws an exception if issues found
      Parameters:
      jsonObj - JSON Object
      Throws:
      IOException - if the JSON Object is invalid with respect to V1SecurityContext

    • fromJson

      public static V1SecurityContext fromJson(String jsonString) throws IOException
      Create an instance of V1SecurityContext given an JSON string
      Parameters:
      jsonString - JSON string
      Returns:
      An instance of V1SecurityContext
      Throws:
      IOException - if the JSON string is invalid with respect to V1SecurityContext

    • toJson

      public String toJson()
      Convert an instance of V1SecurityContext to an JSON string
      Returns:
      JSON string