Package io.kubernetes.client.proto

Class V1.SecurityContext

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessageV3
io.kubernetes.client.proto.V1.SecurityContext
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, V1.SecurityContextOrBuilder, Serializable
Enclosing class:
V1
public static final class V1.SecurityContext extends com.google.protobuf.GeneratedMessageV3 implements V1.SecurityContextOrBuilder
 SecurityContext holds security configuration that will be applied to a container.
 Some fields are present in both SecurityContext and PodSecurityContext.  When both
 are set, the values in SecurityContext take precedence.
Protobuf type k8s.io.api.core.v1.SecurityContext
See Also:

  • Field Details

    • CAPABILITIES_FIELD_NUMBER

      public static final int CAPABILITIES_FIELD_NUMBER
      See Also:

    • PRIVILEGED_FIELD_NUMBER

      public static final int PRIVILEGED_FIELD_NUMBER
      See Also:

    • SELINUXOPTIONS_FIELD_NUMBER

      public static final int SELINUXOPTIONS_FIELD_NUMBER
      See Also:

    • WINDOWSOPTIONS_FIELD_NUMBER

      public static final int WINDOWSOPTIONS_FIELD_NUMBER
      See Also:

    • RUNASUSER_FIELD_NUMBER

      public static final int RUNASUSER_FIELD_NUMBER
      See Also:

    • RUNASGROUP_FIELD_NUMBER

      public static final int RUNASGROUP_FIELD_NUMBER
      See Also:

    • RUNASNONROOT_FIELD_NUMBER

      public static final int RUNASNONROOT_FIELD_NUMBER
      See Also:

    • READONLYROOTFILESYSTEM_FIELD_NUMBER

      public static final int READONLYROOTFILESYSTEM_FIELD_NUMBER
      See Also:

    • ALLOWPRIVILEGEESCALATION_FIELD_NUMBER

      public static final int ALLOWPRIVILEGEESCALATION_FIELD_NUMBER
      See Also:

    • PROCMOUNT_FIELD_NUMBER

      public static final int PROCMOUNT_FIELD_NUMBER
      See Also:

    • SECCOMPPROFILE_FIELD_NUMBER

      public static final int SECCOMPPROFILE_FIELD_NUMBER
      See Also:

    • PARSER

      @Deprecated public static final com.google.protobuf.Parser<V1.SecurityContext> PARSER
      Deprecated.

  • Method Details

    • getUnknownFields

      public final com.google.protobuf.UnknownFieldSet getUnknownFields()
      Specified by:
      getUnknownFields in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getUnknownFields in class com.google.protobuf.GeneratedMessageV3

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

    • hasCapabilities

      public boolean hasCapabilities()
       The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.Capabilities capabilities = 1;
      Specified by:
      hasCapabilities in interface V1.SecurityContextOrBuilder

    • getCapabilities

      public V1.Capabilities getCapabilities()
       The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.Capabilities capabilities = 1;
      Specified by:
      getCapabilities in interface V1.SecurityContextOrBuilder

    • getCapabilitiesOrBuilder

      public V1.CapabilitiesOrBuilder getCapabilitiesOrBuilder()
       The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.Capabilities capabilities = 1;
      Specified by:
      getCapabilitiesOrBuilder in interface V1.SecurityContextOrBuilder

    • hasPrivileged

      public boolean hasPrivileged()
       Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional bool privileged = 2;
      Specified by:
      hasPrivileged in interface V1.SecurityContextOrBuilder

    • getPrivileged

      public boolean getPrivileged()
       Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional bool privileged = 2;
      Specified by:
      getPrivileged in interface V1.SecurityContextOrBuilder

    • hasSeLinuxOptions

      public boolean hasSeLinuxOptions()
       The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;
      Specified by:
      hasSeLinuxOptions in interface V1.SecurityContextOrBuilder

    • getSeLinuxOptions

      public V1.SELinuxOptions getSeLinuxOptions()
       The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;
      Specified by:
      getSeLinuxOptions in interface V1.SecurityContextOrBuilder

    • getSeLinuxOptionsOrBuilder

      public V1.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()
       The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;
      Specified by:
      getSeLinuxOptionsOrBuilder in interface V1.SecurityContextOrBuilder

    • hasWindowsOptions

      public boolean hasWindowsOptions()
       The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
      optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;
      Specified by:
      hasWindowsOptions in interface V1.SecurityContextOrBuilder

    • getWindowsOptions

      public V1.WindowsSecurityContextOptions getWindowsOptions()
       The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
      optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;
      Specified by:
      getWindowsOptions in interface V1.SecurityContextOrBuilder

    • getWindowsOptionsOrBuilder

      public V1.WindowsSecurityContextOptionsOrBuilder getWindowsOptionsOrBuilder()
       The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
      optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;
      Specified by:
      getWindowsOptionsOrBuilder in interface V1.SecurityContextOrBuilder

    • hasRunAsUser

      public boolean hasRunAsUser()
       The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsUser = 4;
      Specified by:
      hasRunAsUser in interface V1.SecurityContextOrBuilder

    • getRunAsUser

      public long getRunAsUser()
       The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsUser = 4;
      Specified by:
      getRunAsUser in interface V1.SecurityContextOrBuilder

    • hasRunAsGroup

      public boolean hasRunAsGroup()
       The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsGroup = 8;
      Specified by:
      hasRunAsGroup in interface V1.SecurityContextOrBuilder

    • getRunAsGroup

      public long getRunAsGroup()
       The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional int64 runAsGroup = 8;
      Specified by:
      getRunAsGroup in interface V1.SecurityContextOrBuilder

    • hasRunAsNonRoot

      public boolean hasRunAsNonRoot()
       Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
      optional bool runAsNonRoot = 5;
      Specified by:
      hasRunAsNonRoot in interface V1.SecurityContextOrBuilder

    • getRunAsNonRoot

      public boolean getRunAsNonRoot()
       Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
      optional bool runAsNonRoot = 5;
      Specified by:
      getRunAsNonRoot in interface V1.SecurityContextOrBuilder

    • hasReadOnlyRootFilesystem

      public boolean hasReadOnlyRootFilesystem()
       Whether this container has a read-only root filesystem.
 Default is false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional bool readOnlyRootFilesystem = 6;
      Specified by:
      hasReadOnlyRootFilesystem in interface V1.SecurityContextOrBuilder

    • getReadOnlyRootFilesystem

      public boolean getReadOnlyRootFilesystem()
       Whether this container has a read-only root filesystem.
 Default is false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional bool readOnlyRootFilesystem = 6;
      Specified by:
      getReadOnlyRootFilesystem in interface V1.SecurityContextOrBuilder

    • hasAllowPrivilegeEscalation

      public boolean hasAllowPrivilegeEscalation()
       AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional bool allowPrivilegeEscalation = 7;
      Specified by:
      hasAllowPrivilegeEscalation in interface V1.SecurityContextOrBuilder

    • getAllowPrivilegeEscalation

      public boolean getAllowPrivilegeEscalation()
       AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional bool allowPrivilegeEscalation = 7;
      Specified by:
      getAllowPrivilegeEscalation in interface V1.SecurityContextOrBuilder

    • hasProcMount

      public boolean hasProcMount()
       procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional string procMount = 9;
      Specified by:
      hasProcMount in interface V1.SecurityContextOrBuilder

    • getProcMount

      public String getProcMount()
       procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional string procMount = 9;
      Specified by:
      getProcMount in interface V1.SecurityContextOrBuilder

    • getProcMountBytes

      public com.google.protobuf.ByteString getProcMountBytes()
       procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional string procMount = 9;
      Specified by:
      getProcMountBytes in interface V1.SecurityContextOrBuilder

    • hasSeccompProfile

      public boolean hasSeccompProfile()
       The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;
      Specified by:
      hasSeccompProfile in interface V1.SecurityContextOrBuilder

    • getSeccompProfile

      public V1.SeccompProfile getSeccompProfile()
       The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;
      Specified by:
      getSeccompProfile in interface V1.SecurityContextOrBuilder

    • getSeccompProfileOrBuilder

      public V1.SeccompProfileOrBuilder getSeccompProfileOrBuilder()
       The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
      optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;
      Specified by:
      getSeccompProfileOrBuilder in interface V1.SecurityContextOrBuilder

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3

    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessageV3
      Throws:
      IOException

    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessageV3

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage

    • parseFrom

      public static V1.SecurityContext parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static V1.SecurityContext parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static V1.SecurityContext parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static V1.SecurityContext parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static V1.SecurityContext parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static V1.SecurityContext parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static V1.SecurityContext parseFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static V1.SecurityContext parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static V1.SecurityContext parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static V1.SecurityContext parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseFrom

      public static V1.SecurityContext parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static V1.SecurityContext parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • newBuilderForType

      public V1.SecurityContext.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite

    • newBuilder

      public static V1.SecurityContext.Builder newBuilder()

    • newBuilder

      public static V1.SecurityContext.Builder newBuilder(V1.SecurityContext prototype)

    • toBuilder

      public V1.SecurityContext.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite

    • newBuilderForType

      protected V1.SecurityContext.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
      Specified by:
      newBuilderForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstance

      public static V1.SecurityContext getDefaultInstance()

    • parser

      public static com.google.protobuf.Parser<V1.SecurityContext> parser()

    • getParserForType

      public com.google.protobuf.Parser<V1.SecurityContext> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstanceForType

      public V1.SecurityContext getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder