Package org.cdk8s.plus24
Class PodSecurityContext.Builder
- java.lang.Object
-
- org.cdk8s.plus24.PodSecurityContext.Builder
-
- All Implemented Interfaces:
software.amazon.jsii.Builder<PodSecurityContext>
- Enclosing class:
- PodSecurityContext
@Stability(Stable) public static final class PodSecurityContext.Builder extends Object implements software.amazon.jsii.Builder<PodSecurityContext>
A fluent builder forPodSecurityContext.
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description PodSecurityContextbuild()static PodSecurityContext.Buildercreate()PodSecurityContext.BuilderensureNonRoot(Boolean ensureNonRoot)Indicates that the container must run as a non-root user.PodSecurityContext.BuilderfsGroup(Number fsGroup)Modify the ownership and permissions of pod volumes to this GID.PodSecurityContext.BuilderfsGroupChangePolicy(FsGroupChangePolicy fsGroupChangePolicy)Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.PodSecurityContext.Buildergroup(Number group)The GID to run the entrypoint of the container process.PodSecurityContext.Buildersysctls(List<? extends Sysctl> sysctls)Sysctls hold a list of namespaced sysctls used for the pod.PodSecurityContext.Builderuser(Number user)The UID to run the entrypoint of the container process.
-
-
-
Method Detail
-
create
@Stability(Stable) public static PodSecurityContext.Builder create()
- Returns:
- a new instance of
PodSecurityContext.Builder.
-
ensureNonRoot
@Stability(Stable) public PodSecurityContext.Builder ensureNonRoot(Boolean ensureNonRoot)
Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Default: true
- Parameters:
ensureNonRoot- Indicates that the container must run as a non-root user. This parameter is required.- Returns:
this
-
fsGroup
@Stability(Stable) public PodSecurityContext.Builder fsGroup(Number fsGroup)
Modify the ownership and permissions of pod volumes to this GID.Default: - Volume ownership is not changed.
- Parameters:
fsGroup- Modify the ownership and permissions of pod volumes to this GID. This parameter is required.- Returns:
this
-
fsGroupChangePolicy
@Stability(Stable) public PodSecurityContext.Builder fsGroupChangePolicy(FsGroupChangePolicy fsGroupChangePolicy)
Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Default: FsGroupChangePolicy.ALWAYS
- Parameters:
fsGroupChangePolicy- Defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This parameter is required.- Returns:
this
-
group
@Stability(Stable) public PodSecurityContext.Builder group(Number group)
The GID to run the entrypoint of the container process.Default: - Group configured by container runtime
- Parameters:
group- The GID to run the entrypoint of the container process. This parameter is required.- Returns:
this
-
sysctls
@Stability(Stable) public PodSecurityContext.Builder sysctls(List<? extends Sysctl> sysctls)
Sysctls hold a list of namespaced sysctls used for the pod.Pods with unsupported sysctls (by the container runtime) might fail to launch.
Default: - No sysctls
- Parameters:
sysctls- Sysctls hold a list of namespaced sysctls used for the pod. This parameter is required.- Returns:
this
-
user
@Stability(Stable) public PodSecurityContext.Builder user(Number user)
The UID to run the entrypoint of the container process.Default: - User specified in image metadata
- Parameters:
user- The UID to run the entrypoint of the container process. This parameter is required.- Returns:
this
-
build
@Stability(Stable) public PodSecurityContext build()
- Specified by:
buildin interfacesoftware.amazon.jsii.Builder<PodSecurityContext>- Returns:
- a newly built instance of
PodSecurityContext.
-
-