io.kubernetes.client.models

Class V1SecurityContext

java.lang.Object

io.kubernetes.client.models.V1SecurityContext

public class V1SecurityContext
extends Object

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

Constructor Summary

Constructors

Constructor and Description
V1SecurityContext()

Method Summary

Modifier and Type	Method and Description
V1SecurityContext	allowPrivilegeEscalation(Boolean allowPrivilegeEscalation)
V1SecurityContext	capabilities(V1Capabilities capabilities)
boolean	equals(Object o)
V1Capabilities	getCapabilities() The capabilities to add/drop when running containers.
String	getProcMount() procMount denotes the type of proc mount to use for the containers.
Long	getRunAsGroup() The GID to run the entrypoint of the container process.
Long	getRunAsUser() The UID to run the entrypoint of the container process.
V1SELinuxOptions	getSeLinuxOptions() The SELinux context to be applied to the container.
int	hashCode()
Boolean	isAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
Boolean	isPrivileged() Run container in privileged mode.
Boolean	isReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
Boolean	isRunAsNonRoot() Indicates that the container must run as a non-root user.
V1SecurityContext	privileged(Boolean privileged)
V1SecurityContext	procMount(String procMount)
V1SecurityContext	readOnlyRootFilesystem(Boolean readOnlyRootFilesystem)
V1SecurityContext	runAsGroup(Long runAsGroup)
V1SecurityContext	runAsNonRoot(Boolean runAsNonRoot)
V1SecurityContext	runAsUser(Long runAsUser)
V1SecurityContext	seLinuxOptions(V1SELinuxOptions seLinuxOptions)
void	setAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation)
void	setCapabilities(V1Capabilities capabilities)
void	setPrivileged(Boolean privileged)
void	setProcMount(String procMount)
void	setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)
void	setRunAsGroup(Long runAsGroup)
void	setRunAsNonRoot(Boolean runAsNonRoot)
void	setRunAsUser(Long runAsUser)
void	setSeLinuxOptions(V1SELinuxOptions seLinuxOptions)
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

V1SecurityContext

public V1SecurityContext()

Method Detail

allowPrivilegeEscalation

public V1SecurityContext allowPrivilegeEscalation(Boolean allowPrivilegeEscalation)

isAllowPrivilegeEscalation

public Boolean isAllowPrivilegeEscalation()

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

Returns:

allowPrivilegeEscalation

setAllowPrivilegeEscalation

public void setAllowPrivilegeEscalation(Boolean allowPrivilegeEscalation)

capabilities

public V1SecurityContext capabilities(V1Capabilities capabilities)

getCapabilities

public V1Capabilities getCapabilities()

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

Returns:

capabilities

setCapabilities

public void setCapabilities(V1Capabilities capabilities)

privileged

public V1SecurityContext privileged(Boolean privileged)

isPrivileged

public Boolean isPrivileged()

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

Returns:

privileged

setPrivileged

public void setPrivileged(Boolean privileged)

procMount

public V1SecurityContext procMount(String procMount)

getProcMount

public String getProcMount()

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

Returns:

procMount

setProcMount

public void setProcMount(String procMount)

readOnlyRootFilesystem

public V1SecurityContext readOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

isReadOnlyRootFilesystem

public Boolean isReadOnlyRootFilesystem()

Whether this container has a read-only root filesystem. Default is false.

Returns:

readOnlyRootFilesystem

setReadOnlyRootFilesystem

public void setReadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)

runAsGroup

public V1SecurityContext runAsGroup(Long runAsGroup)

getRunAsGroup

public Long getRunAsGroup()

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Returns:

runAsGroup

setRunAsGroup

public void setRunAsGroup(Long runAsGroup)

runAsNonRoot

public V1SecurityContext runAsNonRoot(Boolean runAsNonRoot)

isRunAsNonRoot

public Boolean isRunAsNonRoot()

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Returns:

runAsNonRoot

setRunAsNonRoot

public void setRunAsNonRoot(Boolean runAsNonRoot)

runAsUser

public V1SecurityContext runAsUser(Long runAsUser)

getRunAsUser

public Long getRunAsUser()

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Returns:

runAsUser

setRunAsUser

public void setRunAsUser(Long runAsUser)

seLinuxOptions

public V1SecurityContext seLinuxOptions(V1SELinuxOptions seLinuxOptions)

getSeLinuxOptions

public V1SELinuxOptions getSeLinuxOptions()

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Returns:

seLinuxOptions

setSeLinuxOptions

public void setSeLinuxOptions(V1SELinuxOptions seLinuxOptions)

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object