io.kubernetes.client.proto

Interface V1.SecurityContextOrBuilder

All Superinterfaces:

com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:

V1.SecurityContext, V1.SecurityContext.Builder

Enclosing class:

V1

public static interface V1.SecurityContextOrBuilder
extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type	Method and Description
boolean	getAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process.
V1.Capabilities	getCapabilities() The capabilities to add/drop when running containers.
V1.CapabilitiesOrBuilder	getCapabilitiesOrBuilder() The capabilities to add/drop when running containers.
boolean	getPrivileged() Run container in privileged mode.
boolean	getReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
boolean	getRunAsNonRoot() Indicates that the container must run as a non-root user.
long	getRunAsUser() The UID to run the entrypoint of the container process.
V1.SELinuxOptions	getSeLinuxOptions() The SELinux context to be applied to the container.
V1.SELinuxOptionsOrBuilder	getSeLinuxOptionsOrBuilder() The SELinux context to be applied to the container.
boolean	hasAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process.
boolean	hasCapabilities() The capabilities to add/drop when running containers.
boolean	hasPrivileged() Run container in privileged mode.
boolean	hasReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
boolean	hasRunAsNonRoot() Indicates that the container must run as a non-root user.
boolean	hasRunAsUser() The UID to run the entrypoint of the container process.
boolean	hasSeLinuxOptions() The SELinux context to be applied to the container.

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

isInitialized

Method Detail

hasCapabilities

boolean hasCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

getCapabilities

V1.Capabilities getCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

getCapabilitiesOrBuilder

V1.CapabilitiesOrBuilder getCapabilitiesOrBuilder()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

hasPrivileged

boolean hasPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

getPrivileged

boolean getPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

hasSeLinuxOptions

boolean hasSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

getSeLinuxOptions

V1.SELinuxOptions getSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

getSeLinuxOptionsOrBuilder

V1.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

hasRunAsUser

boolean hasRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

getRunAsUser

long getRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

hasRunAsNonRoot

boolean hasRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

getRunAsNonRoot

boolean getRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

hasReadOnlyRootFilesystem

boolean hasReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

getReadOnlyRootFilesystem

boolean getReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

hasAllowPrivilegeEscalation

boolean hasAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than it's parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

getAllowPrivilegeEscalation

boolean getAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than it's parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;