Package org.cdk8s.plus24
Interface PodSecurityContextProps
-
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
PodSecurityContextProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.75.0 (build 63bb957)", date="2023-02-20T02:42:01.933Z") @Stability(Stable) public interface PodSecurityContextProps extends software.amazon.jsii.JsiiSerializable
Properties for `PodSecurityContext`.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static classPodSecurityContextProps.BuilderA builder forPodSecurityContextPropsstatic classPodSecurityContextProps.Jsii$ProxyAn implementation forPodSecurityContextProps
-
Method Summary
All Methods Static Methods Instance Methods Default Methods Modifier and Type Method Description static PodSecurityContextProps.Builderbuilder()default BooleangetEnsureNonRoot()Indicates that the container must run as a non-root user.default NumbergetFsGroup()Modify the ownership and permissions of pod volumes to this GID.default FsGroupChangePolicygetFsGroupChangePolicy()Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.default NumbergetGroup()The GID to run the entrypoint of the container process.default List<Sysctl>getSysctls()Sysctls hold a list of namespaced sysctls used for the pod.default NumbergetUser()The UID to run the entrypoint of the container process.
-
-
-
Method Detail
-
getEnsureNonRoot
@Stability(Stable) @Nullable default Boolean getEnsureNonRoot()
Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Default: true
-
getFsGroup
@Stability(Stable) @Nullable default Number getFsGroup()
Modify the ownership and permissions of pod volumes to this GID.Default: - Volume ownership is not changed.
-
getFsGroupChangePolicy
@Stability(Stable) @Nullable default FsGroupChangePolicy getFsGroupChangePolicy()
Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Default: FsGroupChangePolicy.ALWAYS
-
getGroup
@Stability(Stable) @Nullable default Number getGroup()
The GID to run the entrypoint of the container process.Default: - Group configured by container runtime
-
getSysctls
@Stability(Stable) @Nullable default List<Sysctl> getSysctls()
Sysctls hold a list of namespaced sysctls used for the pod.Pods with unsupported sysctls (by the container runtime) might fail to launch.
Default: - No sysctls
-
getUser
@Stability(Stable) @Nullable default Number getUser()
The UID to run the entrypoint of the container process.Default: - User specified in image metadata
-
builder
@Stability(Stable) static PodSecurityContextProps.Builder builder()
- Returns:
- a
PodSecurityContextProps.BuilderofPodSecurityContextProps
-
-