Package io.kubernetes.client.openapi.models

Class V1SecurityContext

java.lang.Object
io.kubernetes.client.openapi.models.V1SecurityContext
@Generated(value="org.openapitools.codegen.languages.JavaClientCodegen", date="2025-05-20T20:47:13.890592Z[Etc/UTC]", comments="Generator version: 7.13.0") public class V1SecurityContext extends Object
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

  • Field Details

  • Constructor Details

    • V1SecurityContext

      public V1SecurityContext()

  • Method Details

    • allowPrivilegeEscalation

      public V1SecurityContext allowPrivilegeEscalation(@Nullable Boolean allowPrivilegeEscalation)

    • getAllowPrivilegeEscalation

      @Nullable public Boolean getAllowPrivilegeEscalation()
      AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
      Returns:
      allowPrivilegeEscalation

    • setAllowPrivilegeEscalation

      public void setAllowPrivilegeEscalation(@Nullable Boolean allowPrivilegeEscalation)

    • appArmorProfile

      public V1SecurityContext appArmorProfile(@Nullable V1AppArmorProfile appArmorProfile)

    • getAppArmorProfile

      @Nullable public V1AppArmorProfile getAppArmorProfile()
      Get appArmorProfile
      Returns:
      appArmorProfile

    • setAppArmorProfile

      public void setAppArmorProfile(@Nullable V1AppArmorProfile appArmorProfile)

    • capabilities

      public V1SecurityContext capabilities(@Nullable V1Capabilities capabilities)

    • getCapabilities

      @Nullable public V1Capabilities getCapabilities()
      Get capabilities
      Returns:
      capabilities

    • setCapabilities

      public void setCapabilities(@Nullable V1Capabilities capabilities)

    • privileged

      public V1SecurityContext privileged(@Nullable Boolean privileged)

    • getPrivileged

      @Nullable public Boolean getPrivileged()
      Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      privileged

    • setPrivileged

      public void setPrivileged(@Nullable Boolean privileged)

    • procMount

      public V1SecurityContext procMount(@Nullable String procMount)

    • getProcMount

      @Nullable public String getProcMount()
      procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      procMount

    • setProcMount

      public void setProcMount(@Nullable String procMount)

    • readOnlyRootFilesystem

      public V1SecurityContext readOnlyRootFilesystem(@Nullable Boolean readOnlyRootFilesystem)

    • getReadOnlyRootFilesystem

      @Nullable public Boolean getReadOnlyRootFilesystem()
      Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      readOnlyRootFilesystem

    • setReadOnlyRootFilesystem

      public void setReadOnlyRootFilesystem(@Nullable Boolean readOnlyRootFilesystem)

    • runAsGroup

      public V1SecurityContext runAsGroup(@Nullable Long runAsGroup)

    • getRunAsGroup

      @Nullable public Long getRunAsGroup()
      The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      runAsGroup

    • setRunAsGroup

      public void setRunAsGroup(@Nullable Long runAsGroup)

    • runAsNonRoot

      public V1SecurityContext runAsNonRoot(@Nullable Boolean runAsNonRoot)

    • getRunAsNonRoot

      @Nullable public Boolean getRunAsNonRoot()
      Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
      Returns:
      runAsNonRoot

    • setRunAsNonRoot

      public void setRunAsNonRoot(@Nullable Boolean runAsNonRoot)

    • runAsUser

      public V1SecurityContext runAsUser(@Nullable Long runAsUser)

    • getRunAsUser

      @Nullable public Long getRunAsUser()
      The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
      Returns:
      runAsUser

    • setRunAsUser

      public void setRunAsUser(@Nullable Long runAsUser)

    • seLinuxOptions

      public V1SecurityContext seLinuxOptions(@Nullable V1SELinuxOptions seLinuxOptions)

    • getSeLinuxOptions

      @Nullable public V1SELinuxOptions getSeLinuxOptions()
      Get seLinuxOptions
      Returns:
      seLinuxOptions

    • setSeLinuxOptions

      public void setSeLinuxOptions(@Nullable V1SELinuxOptions seLinuxOptions)

    • seccompProfile

      public V1SecurityContext seccompProfile(@Nullable V1SeccompProfile seccompProfile)

    • getSeccompProfile

      @Nullable public V1SeccompProfile getSeccompProfile()
      Get seccompProfile
      Returns:
      seccompProfile

    • setSeccompProfile

      public void setSeccompProfile(@Nullable V1SeccompProfile seccompProfile)

    • windowsOptions

      public V1SecurityContext windowsOptions(@Nullable V1WindowsSecurityContextOptions windowsOptions)

    • getWindowsOptions

      @Nullable public V1WindowsSecurityContextOptions getWindowsOptions()
      Get windowsOptions
      Returns:
      windowsOptions

    • setWindowsOptions

      public void setWindowsOptions(@Nullable V1WindowsSecurityContextOptions windowsOptions)

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • validateJsonElement

      public static void validateJsonElement(com.google.gson.JsonElement jsonElement) throws IOException
      Validates the JSON Element and throws an exception if issues found
      Parameters:
      jsonElement - JSON Element
      Throws:
      IOException - if the JSON Element is invalid with respect to V1SecurityContext

    • fromJson

      public static V1SecurityContext fromJson(String jsonString) throws IOException
      Create an instance of V1SecurityContext given an JSON string
      Parameters:
      jsonString - JSON string
      Returns:
      An instance of V1SecurityContext
      Throws:
      IOException - if the JSON string is invalid with respect to V1SecurityContext

    • toJson

      public String toJson()
      Convert an instance of V1SecurityContext to an JSON string
      Returns:
      JSON string