Package io.kubernetes.client.proto

Interface V1.PodSecurityContextOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
V1.PodSecurityContext, V1.PodSecurityContext.Builder
Enclosing class:
V1
public static interface V1.PodSecurityContextOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Details

    • hasSeLinuxOptions

      boolean hasSeLinuxOptions()
       The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

    • getSeLinuxOptions

      V1.SELinuxOptions getSeLinuxOptions()
       The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

    • getSeLinuxOptionsOrBuilder

      V1.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()
       The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

    • hasWindowsOptions

      boolean hasWindowsOptions()
       The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
      optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

    • getWindowsOptions

      V1.WindowsSecurityContextOptions getWindowsOptions()
       The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
      optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

    • getWindowsOptionsOrBuilder

      V1.WindowsSecurityContextOptionsOrBuilder getWindowsOptionsOrBuilder()
       The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
      optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

    • hasRunAsUser

      boolean hasRunAsUser()
       The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsUser = 2;

    • getRunAsUser

      long getRunAsUser()
       The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsUser = 2;

    • hasRunAsGroup

      boolean hasRunAsGroup()
       The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsGroup = 6;

    • getRunAsGroup

      long getRunAsGroup()
       The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsGroup = 6;

    • hasRunAsNonRoot

      boolean hasRunAsNonRoot()
       Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
      optional bool runAsNonRoot = 3;

    • getRunAsNonRoot

      boolean getRunAsNonRoot()
       Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
      optional bool runAsNonRoot = 3;

    • getSupplementalGroupsList

      List<Long> getSupplementalGroupsList()
       A list of groups applied to the first process run in each container, in addition
 to the container's primary GID.  If unspecified, no groups will be added to
 any container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated int64 supplementalGroups = 4;

    • getSupplementalGroupsCount

      int getSupplementalGroupsCount()
       A list of groups applied to the first process run in each container, in addition
 to the container's primary GID.  If unspecified, no groups will be added to
 any container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated int64 supplementalGroups = 4;

    • getSupplementalGroups

      long getSupplementalGroups(int index)
       A list of groups applied to the first process run in each container, in addition
 to the container's primary GID.  If unspecified, no groups will be added to
 any container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated int64 supplementalGroups = 4;

    • hasFsGroup

      boolean hasFsGroup()
       A special supplemental group that applies to all containers in a pod.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:
 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----
 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 fsGroup = 5;

    • getFsGroup

      long getFsGroup()
       A special supplemental group that applies to all containers in a pod.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:
 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----
 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 fsGroup = 5;

    • getSysctlsList

      List<V1.Sysctl> getSysctlsList()
       Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

    • getSysctls

      V1.Sysctl getSysctls(int index)
       Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

    • getSysctlsCount

      int getSysctlsCount()
       Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

    • getSysctlsOrBuilderList

      List<? extends V1.SysctlOrBuilder> getSysctlsOrBuilderList()
       Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

    • getSysctlsOrBuilder

      V1.SysctlOrBuilder getSysctlsOrBuilder(int index)
       Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

    • hasFsGroupChangePolicy

      boolean hasFsGroupChangePolicy()
       fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional string fsGroupChangePolicy = 9;

    • getFsGroupChangePolicy

      String getFsGroupChangePolicy()
       fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional string fsGroupChangePolicy = 9;

    • getFsGroupChangePolicyBytes

      com.google.protobuf.ByteString getFsGroupChangePolicyBytes()
       fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional string fsGroupChangePolicy = 9;

    • hasSeccompProfile

      boolean hasSeccompProfile()
       The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;

    • getSeccompProfile

      V1.SeccompProfile getSeccompProfile()
       The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;

    • getSeccompProfileOrBuilder

      V1.SeccompProfileOrBuilder getSeccompProfileOrBuilder()
       The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;