Package org.cdk8s.plus24

Class ContainerSecurityContext.Builder

    • Method Detail

      • allowPrivilegeEscalation

        @Stability(Stable)
public ContainerSecurityContext.Builder allowPrivilegeEscalation​(Boolean allowPrivilegeEscalation)
        Whether a process can gain more privileges than its parent process.

        Default: false

        Parameters:
        allowPrivilegeEscalation - Whether a process can gain more privileges than its parent process. This parameter is required.
        Returns:
        this

      • ensureNonRoot

        @Stability(Stable)
public ContainerSecurityContext.Builder ensureNonRoot​(Boolean ensureNonRoot)
        Indicates that the container must run as a non-root user.

        If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.

        Default: true

        Parameters:
        ensureNonRoot - Indicates that the container must run as a non-root user. This parameter is required.
        Returns:
        this

      • group

        @Stability(Stable)
public ContainerSecurityContext.Builder group​(Number group)
        The GID to run the entrypoint of the container process.

        Default: - 26000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

        Parameters:
        group - The GID to run the entrypoint of the container process. This parameter is required.
        Returns:
        this

      • privileged

        @Stability(Stable)
public ContainerSecurityContext.Builder privileged​(Boolean privileged)
        Run container in privileged mode.

        Processes in privileged containers are essentially equivalent to root on the host.

        Default: false

        Parameters:
        privileged - Run container in privileged mode. This parameter is required.
        Returns:
        this

      • readOnlyRootFilesystem

        @Stability(Stable)
public ContainerSecurityContext.Builder readOnlyRootFilesystem​(Boolean readOnlyRootFilesystem)
        Whether this container has a read-only root filesystem.

        Default: true

        Parameters:
        readOnlyRootFilesystem - Whether this container has a read-only root filesystem. This parameter is required.
        Returns:
        this

      • user

        @Stability(Stable)
public ContainerSecurityContext.Builder user​(Number user)
        The UID to run the entrypoint of the container process.

        Default: - 25000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

        Parameters:
        user - The UID to run the entrypoint of the container process. This parameter is required.
        Returns:
        this