Package org.cdk8s.plus24

Interface ContainerSecurityContextProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

ContainerSecurityContextProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.75.0 (build 63bb957)",
           date="2023-02-20T02:42:01.808Z")
@Stability(Stable)
public interface ContainerSecurityContextProps
extends software.amazon.jsii.JsiiSerializable

Properties for `ContainerSecurityContext`.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	ContainerSecurityContextProps.Builder	A builder for ContainerSecurityContextProps
static class	ContainerSecurityContextProps.Jsii$Proxy	An implementation for ContainerSecurityContextProps

Method Summary

Modifier and Type	Method	Description
static ContainerSecurityContextProps.Builder	builder()
default Boolean	getAllowPrivilegeEscalation()	Whether a process can gain more privileges than its parent process.
default Boolean	getEnsureNonRoot()	Indicates that the container must run as a non-root user.
default Number	getGroup()	The GID to run the entrypoint of the container process.
default Boolean	getPrivileged()	Run container in privileged mode.
default Boolean	getReadOnlyRootFilesystem()	Whether this container has a read-only root filesystem.
default Number	getUser()	The UID to run the entrypoint of the container process.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getAllowPrivilegeEscalation

@Stability(Stable)
@Nullable
default Boolean getAllowPrivilegeEscalation()

Whether a process can gain more privileges than its parent process.

Default: false

getEnsureNonRoot

@Stability(Stable)
@Nullable
default Boolean getEnsureNonRoot()

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.

Default: true

getGroup

@Stability(Stable)
@Nullable
default Number getGroup()

The GID to run the entrypoint of the container process.

Default: - 26000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

getPrivileged

@Stability(Stable)
@Nullable
default Boolean getPrivileged()

Run container in privileged mode.

Processes in privileged containers are essentially equivalent to root on the host.

Default: false

getReadOnlyRootFilesystem

@Stability(Stable)
@Nullable
default Boolean getReadOnlyRootFilesystem()

Whether this container has a read-only root filesystem.

Default: true

getUser

@Stability(Stable)
@Nullable
default Number getUser()

The UID to run the entrypoint of the container process.

Default: - 25000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

builder

@Stability(Stable)
static ContainerSecurityContextProps.Builder builder()

Returns:

a ContainerSecurityContextProps.Builder of ContainerSecurityContextProps