Package io.kubernetes.client.proto

Interface V1beta1Extensions.PodSecurityPolicySpecOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
V1beta1Extensions.PodSecurityPolicySpec, V1beta1Extensions.PodSecurityPolicySpec.Builder
Enclosing class:
V1beta1Extensions
public static interface V1beta1Extensions.PodSecurityPolicySpecOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Details

    • hasPrivileged

      boolean hasPrivileged()
       privileged determines if a pod can request to be run as privileged.
 +optional
      optional bool privileged = 1;

    • getPrivileged

      boolean getPrivileged()
       privileged determines if a pod can request to be run as privileged.
 +optional
      optional bool privileged = 1;

    • getDefaultAddCapabilitiesList

      List<String> getDefaultAddCapabilitiesList()
       defaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capability in both
 defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
 allowed, and need not be included in the allowedCapabilities list.
 +optional
      repeated string defaultAddCapabilities = 2;

    • getDefaultAddCapabilitiesCount

      int getDefaultAddCapabilitiesCount()
       defaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capability in both
 defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
 allowed, and need not be included in the allowedCapabilities list.
 +optional
      repeated string defaultAddCapabilities = 2;

    • getDefaultAddCapabilities

      String getDefaultAddCapabilities(int index)
       defaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capability in both
 defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
 allowed, and need not be included in the allowedCapabilities list.
 +optional
      repeated string defaultAddCapabilities = 2;

    • getDefaultAddCapabilitiesBytes

      com.google.protobuf.ByteString getDefaultAddCapabilitiesBytes(int index)
       defaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capability in both
 defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly
 allowed, and need not be included in the allowedCapabilities list.
 +optional
      repeated string defaultAddCapabilities = 2;

    • getRequiredDropCapabilitiesList

      List<String> getRequiredDropCapabilitiesList()
       requiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
      repeated string requiredDropCapabilities = 3;

    • getRequiredDropCapabilitiesCount

      int getRequiredDropCapabilitiesCount()
       requiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
      repeated string requiredDropCapabilities = 3;

    • getRequiredDropCapabilities

      String getRequiredDropCapabilities(int index)
       requiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
      repeated string requiredDropCapabilities = 3;

    • getRequiredDropCapabilitiesBytes

      com.google.protobuf.ByteString getRequiredDropCapabilitiesBytes(int index)
       requiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
      repeated string requiredDropCapabilities = 3;

    • getAllowedCapabilitiesList

      List<String> getAllowedCapabilitiesList()
       allowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
 +optional
      repeated string allowedCapabilities = 4;

    • getAllowedCapabilitiesCount

      int getAllowedCapabilitiesCount()
       allowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
 +optional
      repeated string allowedCapabilities = 4;

    • getAllowedCapabilities

      String getAllowedCapabilities(int index)
       allowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
 +optional
      repeated string allowedCapabilities = 4;

    • getAllowedCapabilitiesBytes

      com.google.protobuf.ByteString getAllowedCapabilitiesBytes(int index)
       allowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both allowedCapabilities and requiredDropCapabilities.
 +optional
      repeated string allowedCapabilities = 4;

    • getVolumesList

      List<String> getVolumesList()
       volumes is an allowlist of volume plugins. Empty indicates that
 no volumes may be used. To allow all volumes you may use '*'.
 +optional
      repeated string volumes = 5;

    • getVolumesCount

      int getVolumesCount()
       volumes is an allowlist of volume plugins. Empty indicates that
 no volumes may be used. To allow all volumes you may use '*'.
 +optional
      repeated string volumes = 5;

    • getVolumes

      String getVolumes(int index)
       volumes is an allowlist of volume plugins. Empty indicates that
 no volumes may be used. To allow all volumes you may use '*'.
 +optional
      repeated string volumes = 5;

    • getVolumesBytes

      com.google.protobuf.ByteString getVolumesBytes(int index)
       volumes is an allowlist of volume plugins. Empty indicates that
 no volumes may be used. To allow all volumes you may use '*'.
 +optional
      repeated string volumes = 5;

    • hasHostNetwork

      boolean hasHostNetwork()
       hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
 +optional
      optional bool hostNetwork = 6;

    • getHostNetwork

      boolean getHostNetwork()
       hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
 +optional
      optional bool hostNetwork = 6;

    • getHostPortsList

      List<V1beta1Extensions.HostPortRange> getHostPortsList()
       hostPorts determines which host port ranges are allowed to be exposed.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

    • getHostPorts

      V1beta1Extensions.HostPortRange getHostPorts(int index)
       hostPorts determines which host port ranges are allowed to be exposed.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

    • getHostPortsCount

      int getHostPortsCount()
       hostPorts determines which host port ranges are allowed to be exposed.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

    • getHostPortsOrBuilderList

      List<? extends V1beta1Extensions.HostPortRangeOrBuilder> getHostPortsOrBuilderList()
       hostPorts determines which host port ranges are allowed to be exposed.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

    • getHostPortsOrBuilder

      V1beta1Extensions.HostPortRangeOrBuilder getHostPortsOrBuilder(int index)
       hostPorts determines which host port ranges are allowed to be exposed.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

    • hasHostPID

      boolean hasHostPID()
       hostPID determines if the policy allows the use of HostPID in the pod spec.
 +optional
      optional bool hostPID = 8;

    • getHostPID

      boolean getHostPID()
       hostPID determines if the policy allows the use of HostPID in the pod spec.
 +optional
      optional bool hostPID = 8;

    • hasHostIPC

      boolean hasHostIPC()
       hostIPC determines if the policy allows the use of HostIPC in the pod spec.
 +optional
      optional bool hostIPC = 9;

    • getHostIPC

      boolean getHostIPC()
       hostIPC determines if the policy allows the use of HostIPC in the pod spec.
 +optional
      optional bool hostIPC = 9;

    • hasSeLinux

      boolean hasSeLinux()
       seLinux is the strategy that will dictate the allowable labels that may be set.
      optional .k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions seLinux = 10;

    • getSeLinux

      V1beta1Extensions.SELinuxStrategyOptions getSeLinux()
       seLinux is the strategy that will dictate the allowable labels that may be set.
      optional .k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions seLinux = 10;

    • getSeLinuxOrBuilder

      V1beta1Extensions.SELinuxStrategyOptionsOrBuilder getSeLinuxOrBuilder()
       seLinux is the strategy that will dictate the allowable labels that may be set.
      optional .k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions seLinux = 10;

    • hasRunAsUser

      boolean hasRunAsUser()
       runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
      optional .k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions runAsUser = 11;

    • getRunAsUser

      V1beta1Extensions.RunAsUserStrategyOptions getRunAsUser()
       runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
      optional .k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions runAsUser = 11;

    • getRunAsUserOrBuilder

      V1beta1Extensions.RunAsUserStrategyOptionsOrBuilder getRunAsUserOrBuilder()
       runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
      optional .k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions runAsUser = 11;

    • hasRunAsGroup

      boolean hasRunAsGroup()
       RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
 If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
 RunAsGroup feature gate to be enabled.
 +optional
      optional .k8s.io.api.extensions.v1beta1.RunAsGroupStrategyOptions runAsGroup = 22;

    • getRunAsGroup

      V1beta1Extensions.RunAsGroupStrategyOptions getRunAsGroup()
       RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
 If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
 RunAsGroup feature gate to be enabled.
 +optional
      optional .k8s.io.api.extensions.v1beta1.RunAsGroupStrategyOptions runAsGroup = 22;

    • getRunAsGroupOrBuilder

      V1beta1Extensions.RunAsGroupStrategyOptionsOrBuilder getRunAsGroupOrBuilder()
       RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set.
 If this field is omitted, the pod's RunAsGroup can take any value. This field requires the
 RunAsGroup feature gate to be enabled.
 +optional
      optional .k8s.io.api.extensions.v1beta1.RunAsGroupStrategyOptions runAsGroup = 22;

    • hasSupplementalGroups

      boolean hasSupplementalGroups()
       supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
      optional .k8s.io.api.extensions.v1beta1.SupplementalGroupsStrategyOptions supplementalGroups = 12;

    • getSupplementalGroups

      V1beta1Extensions.SupplementalGroupsStrategyOptions getSupplementalGroups()
       supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
      optional .k8s.io.api.extensions.v1beta1.SupplementalGroupsStrategyOptions supplementalGroups = 12;

    • getSupplementalGroupsOrBuilder

      V1beta1Extensions.SupplementalGroupsStrategyOptionsOrBuilder getSupplementalGroupsOrBuilder()
       supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
      optional .k8s.io.api.extensions.v1beta1.SupplementalGroupsStrategyOptions supplementalGroups = 12;

    • hasFsGroup

      boolean hasFsGroup()
       fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
      optional .k8s.io.api.extensions.v1beta1.FSGroupStrategyOptions fsGroup = 13;

    • getFsGroup

      V1beta1Extensions.FSGroupStrategyOptions getFsGroup()
       fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
      optional .k8s.io.api.extensions.v1beta1.FSGroupStrategyOptions fsGroup = 13;

    • getFsGroupOrBuilder

      V1beta1Extensions.FSGroupStrategyOptionsOrBuilder getFsGroupOrBuilder()
       fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.
      optional .k8s.io.api.extensions.v1beta1.FSGroupStrategyOptions fsGroup = 13;

    • hasReadOnlyRootFilesystem

      boolean hasReadOnlyRootFilesystem()
       readOnlyRootFilesystem when set to true will force containers to run with a read only root file
 system.  If the container specifically requests to run with a non-read only root file system
 the PSP should deny the pod.
 If set to false the container may run with a read only root file system if it wishes but it
 will not be forced to.
 +optional
      optional bool readOnlyRootFilesystem = 14;

    • getReadOnlyRootFilesystem

      boolean getReadOnlyRootFilesystem()
       readOnlyRootFilesystem when set to true will force containers to run with a read only root file
 system.  If the container specifically requests to run with a non-read only root file system
 the PSP should deny the pod.
 If set to false the container may run with a read only root file system if it wishes but it
 will not be forced to.
 +optional
      optional bool readOnlyRootFilesystem = 14;

    • hasDefaultAllowPrivilegeEscalation

      boolean hasDefaultAllowPrivilegeEscalation()
       defaultAllowPrivilegeEscalation controls the default setting for whether a
 process can gain more privileges than its parent process.
 +optional
      optional bool defaultAllowPrivilegeEscalation = 15;

    • getDefaultAllowPrivilegeEscalation

      boolean getDefaultAllowPrivilegeEscalation()
       defaultAllowPrivilegeEscalation controls the default setting for whether a
 process can gain more privileges than its parent process.
 +optional
      optional bool defaultAllowPrivilegeEscalation = 15;

    • hasAllowPrivilegeEscalation

      boolean hasAllowPrivilegeEscalation()
       allowPrivilegeEscalation determines if a pod can request to allow
 privilege escalation. If unspecified, defaults to true.
 +optional
      optional bool allowPrivilegeEscalation = 16;

    • getAllowPrivilegeEscalation

      boolean getAllowPrivilegeEscalation()
       allowPrivilegeEscalation determines if a pod can request to allow
 privilege escalation. If unspecified, defaults to true.
 +optional
      optional bool allowPrivilegeEscalation = 16;

    • getAllowedHostPathsList

      List<V1beta1Extensions.AllowedHostPath> getAllowedHostPathsList()
       allowedHostPaths is an allowlist of host paths. Empty indicates
 that all host paths may be used.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

    • getAllowedHostPaths

      V1beta1Extensions.AllowedHostPath getAllowedHostPaths(int index)
       allowedHostPaths is an allowlist of host paths. Empty indicates
 that all host paths may be used.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

    • getAllowedHostPathsCount

      int getAllowedHostPathsCount()
       allowedHostPaths is an allowlist of host paths. Empty indicates
 that all host paths may be used.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

    • getAllowedHostPathsOrBuilderList

      List<? extends V1beta1Extensions.AllowedHostPathOrBuilder> getAllowedHostPathsOrBuilderList()
       allowedHostPaths is an allowlist of host paths. Empty indicates
 that all host paths may be used.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

    • getAllowedHostPathsOrBuilder

      V1beta1Extensions.AllowedHostPathOrBuilder getAllowedHostPathsOrBuilder(int index)
       allowedHostPaths is an allowlist of host paths. Empty indicates
 that all host paths may be used.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

    • getAllowedFlexVolumesList

      List<V1beta1Extensions.AllowedFlexVolume> getAllowedFlexVolumesList()
       allowedFlexVolumes is an allowlist of Flexvolumes.  Empty or nil indicates that all
 Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
 is allowed in the "volumes" field.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedFlexVolume allowedFlexVolumes = 18;

    • getAllowedFlexVolumes

      V1beta1Extensions.AllowedFlexVolume getAllowedFlexVolumes(int index)
       allowedFlexVolumes is an allowlist of Flexvolumes.  Empty or nil indicates that all
 Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
 is allowed in the "volumes" field.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedFlexVolume allowedFlexVolumes = 18;

    • getAllowedFlexVolumesCount

      int getAllowedFlexVolumesCount()
       allowedFlexVolumes is an allowlist of Flexvolumes.  Empty or nil indicates that all
 Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
 is allowed in the "volumes" field.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedFlexVolume allowedFlexVolumes = 18;

    • getAllowedFlexVolumesOrBuilderList

      List<? extends V1beta1Extensions.AllowedFlexVolumeOrBuilder> getAllowedFlexVolumesOrBuilderList()
       allowedFlexVolumes is an allowlist of Flexvolumes.  Empty or nil indicates that all
 Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
 is allowed in the "volumes" field.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedFlexVolume allowedFlexVolumes = 18;

    • getAllowedFlexVolumesOrBuilder

      V1beta1Extensions.AllowedFlexVolumeOrBuilder getAllowedFlexVolumesOrBuilder(int index)
       allowedFlexVolumes is an allowlist of Flexvolumes.  Empty or nil indicates that all
 Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes
 is allowed in the "volumes" field.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedFlexVolume allowedFlexVolumes = 18;

    • getAllowedCSIDriversList

      List<V1beta1Extensions.AllowedCSIDriver> getAllowedCSIDriversList()
       AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedCSIDriver allowedCSIDrivers = 23;

    • getAllowedCSIDrivers

      V1beta1Extensions.AllowedCSIDriver getAllowedCSIDrivers(int index)
       AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedCSIDriver allowedCSIDrivers = 23;

    • getAllowedCSIDriversCount

      int getAllowedCSIDriversCount()
       AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedCSIDriver allowedCSIDrivers = 23;

    • getAllowedCSIDriversOrBuilderList

      List<? extends V1beta1Extensions.AllowedCSIDriverOrBuilder> getAllowedCSIDriversOrBuilderList()
       AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedCSIDriver allowedCSIDrivers = 23;

    • getAllowedCSIDriversOrBuilder

      V1beta1Extensions.AllowedCSIDriverOrBuilder getAllowedCSIDriversOrBuilder(int index)
       AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
 +optional
      repeated .k8s.io.api.extensions.v1beta1.AllowedCSIDriver allowedCSIDrivers = 23;

    • getAllowedUnsafeSysctlsList

      List<String> getAllowedUnsafeSysctlsList()
       allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
 Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
 Examples:
 e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
 e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
 +optional
      repeated string allowedUnsafeSysctls = 19;

    • getAllowedUnsafeSysctlsCount

      int getAllowedUnsafeSysctlsCount()
       allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
 Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
 Examples:
 e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
 e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
 +optional
      repeated string allowedUnsafeSysctls = 19;

    • getAllowedUnsafeSysctls

      String getAllowedUnsafeSysctls(int index)
       allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
 Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
 Examples:
 e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
 e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
 +optional
      repeated string allowedUnsafeSysctls = 19;

    • getAllowedUnsafeSysctlsBytes

      com.google.protobuf.ByteString getAllowedUnsafeSysctlsBytes(int index)
       allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed.
 Kubelet has to allowlist all unsafe sysctls explicitly to avoid rejection.
 Examples:
 e.g. "foo/*" allows "foo/bar", "foo/baz", etc.
 e.g. "foo.*" allows "foo.bar", "foo.baz", etc.
 +optional
      repeated string allowedUnsafeSysctls = 19;

    • getForbiddenSysctlsList

      List<String> getForbiddenSysctlsList()
       forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 Examples:
 e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
 e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
 +optional
      repeated string forbiddenSysctls = 20;

    • getForbiddenSysctlsCount

      int getForbiddenSysctlsCount()
       forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 Examples:
 e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
 e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
 +optional
      repeated string forbiddenSysctls = 20;

    • getForbiddenSysctls

      String getForbiddenSysctls(int index)
       forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 Examples:
 e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
 e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
 +optional
      repeated string forbiddenSysctls = 20;

    • getForbiddenSysctlsBytes

      com.google.protobuf.ByteString getForbiddenSysctlsBytes(int index)
       forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none.
 Each entry is either a plain sysctl name or ends in "*" in which case it is considered
 as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.
 Examples:
 e.g. "foo/*" forbids "foo/bar", "foo/baz", etc.
 e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.
 +optional
      repeated string forbiddenSysctls = 20;

    • getAllowedProcMountTypesList

      List<String> getAllowedProcMountTypesList()
       AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
 Empty or nil indicates that only the DefaultProcMountType may be used.
 This requires the ProcMountType feature flag to be enabled.
 +optional
      repeated string allowedProcMountTypes = 21;

    • getAllowedProcMountTypesCount

      int getAllowedProcMountTypesCount()
       AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
 Empty or nil indicates that only the DefaultProcMountType may be used.
 This requires the ProcMountType feature flag to be enabled.
 +optional
      repeated string allowedProcMountTypes = 21;

    • getAllowedProcMountTypes

      String getAllowedProcMountTypes(int index)
       AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
 Empty or nil indicates that only the DefaultProcMountType may be used.
 This requires the ProcMountType feature flag to be enabled.
 +optional
      repeated string allowedProcMountTypes = 21;

    • getAllowedProcMountTypesBytes

      com.google.protobuf.ByteString getAllowedProcMountTypesBytes(int index)
       AllowedProcMountTypes is an allowlist of allowed ProcMountTypes.
 Empty or nil indicates that only the DefaultProcMountType may be used.
 This requires the ProcMountType feature flag to be enabled.
 +optional
      repeated string allowedProcMountTypes = 21;

    • hasRuntimeClass

      boolean hasRuntimeClass()
       runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
 If this field is omitted, the pod's runtimeClassName field is unrestricted.
 Enforcement of this field depends on the RuntimeClass feature gate being enabled.
 +optional
      optional .k8s.io.api.extensions.v1beta1.RuntimeClassStrategyOptions runtimeClass = 24;

    • getRuntimeClass

      V1beta1Extensions.RuntimeClassStrategyOptions getRuntimeClass()
       runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
 If this field is omitted, the pod's runtimeClassName field is unrestricted.
 Enforcement of this field depends on the RuntimeClass feature gate being enabled.
 +optional
      optional .k8s.io.api.extensions.v1beta1.RuntimeClassStrategyOptions runtimeClass = 24;

    • getRuntimeClassOrBuilder

      V1beta1Extensions.RuntimeClassStrategyOptionsOrBuilder getRuntimeClassOrBuilder()
       runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod.
 If this field is omitted, the pod's runtimeClassName field is unrestricted.
 Enforcement of this field depends on the RuntimeClass feature gate being enabled.
 +optional
      optional .k8s.io.api.extensions.v1beta1.RuntimeClassStrategyOptions runtimeClass = 24;