io.kubernetes.client.proto

Interface V1beta1Extensions.PodSecurityPolicySpecOrBuilder

All Superinterfaces:

com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:

V1beta1Extensions.PodSecurityPolicySpec, V1beta1Extensions.PodSecurityPolicySpec.Builder

Enclosing class:

V1beta1Extensions

public static interface V1beta1Extensions.PodSecurityPolicySpecOrBuilder
extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type	Method and Description
String	getAllowedCapabilities(int index) AllowedCapabilities is a list of capabilities that can be requested to add to the container.
com.google.protobuf.ByteString	getAllowedCapabilitiesBytes(int index) AllowedCapabilities is a list of capabilities that can be requested to add to the container.
int	getAllowedCapabilitiesCount() AllowedCapabilities is a list of capabilities that can be requested to add to the container.
List<String>	getAllowedCapabilitiesList() AllowedCapabilities is a list of capabilities that can be requested to add to the container.
V1beta1Extensions.AllowedHostPath	getAllowedHostPaths(int index) is a white list of allowed host paths.
int	getAllowedHostPathsCount() is a white list of allowed host paths.
List<V1beta1Extensions.AllowedHostPath>	getAllowedHostPathsList() is a white list of allowed host paths.
V1beta1Extensions.AllowedHostPathOrBuilder	getAllowedHostPathsOrBuilder(int index) is a white list of allowed host paths.
List<? extends V1beta1Extensions.AllowedHostPathOrBuilder>	getAllowedHostPathsOrBuilderList() is a white list of allowed host paths.
boolean	getAllowPrivilegeEscalation() AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation.
String	getDefaultAddCapabilities(int index) DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.
com.google.protobuf.ByteString	getDefaultAddCapabilitiesBytes(int index) DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.
int	getDefaultAddCapabilitiesCount() DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.
List<String>	getDefaultAddCapabilitiesList() DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability.
boolean	getDefaultAllowPrivilegeEscalation() DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
V1beta1Extensions.FSGroupStrategyOptions	getFsGroup() FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
V1beta1Extensions.FSGroupStrategyOptionsOrBuilder	getFsGroupOrBuilder() FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
boolean	getHostIPC() hostIPC determines if the policy allows the use of HostIPC in the pod spec.
boolean	getHostNetwork() hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
boolean	getHostPID() hostPID determines if the policy allows the use of HostPID in the pod spec.
V1beta1Extensions.HostPortRange	getHostPorts(int index) hostPorts determines which host port ranges are allowed to be exposed.
int	getHostPortsCount() hostPorts determines which host port ranges are allowed to be exposed.
List<V1beta1Extensions.HostPortRange>	getHostPortsList() hostPorts determines which host port ranges are allowed to be exposed.
V1beta1Extensions.HostPortRangeOrBuilder	getHostPortsOrBuilder(int index) hostPorts determines which host port ranges are allowed to be exposed.
List<? extends V1beta1Extensions.HostPortRangeOrBuilder>	getHostPortsOrBuilderList() hostPorts determines which host port ranges are allowed to be exposed.
boolean	getPrivileged() privileged determines if a pod can request to be run as privileged.
boolean	getReadOnlyRootFilesystem() ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system.
String	getRequiredDropCapabilities(int index) RequiredDropCapabilities are the capabilities that will be dropped from the container.
com.google.protobuf.ByteString	getRequiredDropCapabilitiesBytes(int index) RequiredDropCapabilities are the capabilities that will be dropped from the container.
int	getRequiredDropCapabilitiesCount() RequiredDropCapabilities are the capabilities that will be dropped from the container.
List<String>	getRequiredDropCapabilitiesList() RequiredDropCapabilities are the capabilities that will be dropped from the container.
V1beta1Extensions.RunAsUserStrategyOptions	getRunAsUser() runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
V1beta1Extensions.RunAsUserStrategyOptionsOrBuilder	getRunAsUserOrBuilder() runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
V1beta1Extensions.SELinuxStrategyOptions	getSeLinux() seLinux is the strategy that will dictate the allowable labels that may be set.
V1beta1Extensions.SELinuxStrategyOptionsOrBuilder	getSeLinuxOrBuilder() seLinux is the strategy that will dictate the allowable labels that may be set.
V1beta1Extensions.SupplementalGroupsStrategyOptions	getSupplementalGroups() SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
V1beta1Extensions.SupplementalGroupsStrategyOptionsOrBuilder	getSupplementalGroupsOrBuilder() SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
String	getVolumes(int index) volumes is a white list of allowed volume plugins.
com.google.protobuf.ByteString	getVolumesBytes(int index) volumes is a white list of allowed volume plugins.
int	getVolumesCount() volumes is a white list of allowed volume plugins.
List<String>	getVolumesList() volumes is a white list of allowed volume plugins.
boolean	hasAllowPrivilegeEscalation() AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation.
boolean	hasDefaultAllowPrivilegeEscalation() DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.
boolean	hasFsGroup() FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
boolean	hasHostIPC() hostIPC determines if the policy allows the use of HostIPC in the pod spec.
boolean	hasHostNetwork() hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
boolean	hasHostPID() hostPID determines if the policy allows the use of HostPID in the pod spec.
boolean	hasPrivileged() privileged determines if a pod can request to be run as privileged.
boolean	hasReadOnlyRootFilesystem() ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system.
boolean	hasRunAsUser() runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
boolean	hasSeLinux() seLinux is the strategy that will dictate the allowable labels that may be set.
boolean	hasSupplementalGroups() SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

isInitialized

Method Detail

hasPrivileged

boolean hasPrivileged()

 privileged determines if a pod can request to be run as privileged.
 +optional
 

optional bool privileged = 1;

getPrivileged

boolean getPrivileged()

 privileged determines if a pod can request to be run as privileged.
 +optional
 

optional bool privileged = 1;

getDefaultAddCapabilitiesList

List<String> getDefaultAddCapabilitiesList()

 DefaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capabiility in both
 DefaultAddCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string defaultAddCapabilities = 2;

getDefaultAddCapabilitiesCount

int getDefaultAddCapabilitiesCount()

 DefaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capabiility in both
 DefaultAddCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string defaultAddCapabilities = 2;

getDefaultAddCapabilities

String getDefaultAddCapabilities(int index)

 DefaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capabiility in both
 DefaultAddCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string defaultAddCapabilities = 2;

getDefaultAddCapabilitiesBytes

com.google.protobuf.ByteString getDefaultAddCapabilitiesBytes(int index)

 DefaultAddCapabilities is the default set of capabilities that will be added to the container
 unless the pod spec specifically drops the capability.  You may not list a capabiility in both
 DefaultAddCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string defaultAddCapabilities = 2;

getRequiredDropCapabilitiesList

List<String> getRequiredDropCapabilitiesList()

 RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
 

repeated string requiredDropCapabilities = 3;

getRequiredDropCapabilitiesCount

int getRequiredDropCapabilitiesCount()

 RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
 

repeated string requiredDropCapabilities = 3;

getRequiredDropCapabilities

String getRequiredDropCapabilities(int index)

 RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
 

repeated string requiredDropCapabilities = 3;

getRequiredDropCapabilitiesBytes

com.google.protobuf.ByteString getRequiredDropCapabilitiesBytes(int index)

 RequiredDropCapabilities are the capabilities that will be dropped from the container.  These
 are required to be dropped and cannot be added.
 +optional
 

repeated string requiredDropCapabilities = 3;

getAllowedCapabilitiesList

List<String> getAllowedCapabilitiesList()

 AllowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string allowedCapabilities = 4;

getAllowedCapabilitiesCount

int getAllowedCapabilitiesCount()

 AllowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string allowedCapabilities = 4;

getAllowedCapabilities

String getAllowedCapabilities(int index)

 AllowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string allowedCapabilities = 4;

getAllowedCapabilitiesBytes

com.google.protobuf.ByteString getAllowedCapabilitiesBytes(int index)

 AllowedCapabilities is a list of capabilities that can be requested to add to the container.
 Capabilities in this field may be added at the pod author's discretion.
 You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.
 +optional
 

repeated string allowedCapabilities = 4;

getVolumesList

List<String> getVolumesList()

 volumes is a white list of allowed volume plugins.  Empty indicates that all plugins
 may be used.
 +optional
 

repeated string volumes = 5;

getVolumesCount

int getVolumesCount()

 volumes is a white list of allowed volume plugins.  Empty indicates that all plugins
 may be used.
 +optional
 

repeated string volumes = 5;

getVolumes

String getVolumes(int index)

 volumes is a white list of allowed volume plugins.  Empty indicates that all plugins
 may be used.
 +optional
 

repeated string volumes = 5;

getVolumesBytes

com.google.protobuf.ByteString getVolumesBytes(int index)

 volumes is a white list of allowed volume plugins.  Empty indicates that all plugins
 may be used.
 +optional
 

repeated string volumes = 5;

hasHostNetwork

boolean hasHostNetwork()

 hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
 +optional
 

optional bool hostNetwork = 6;

getHostNetwork

boolean getHostNetwork()

 hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.
 +optional
 

optional bool hostNetwork = 6;

getHostPortsList

List<V1beta1Extensions.HostPortRange> getHostPortsList()

 hostPorts determines which host port ranges are allowed to be exposed.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

getHostPorts

V1beta1Extensions.HostPortRange getHostPorts(int index)

 hostPorts determines which host port ranges are allowed to be exposed.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

getHostPortsCount

int getHostPortsCount()

 hostPorts determines which host port ranges are allowed to be exposed.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

getHostPortsOrBuilderList

List<? extends V1beta1Extensions.HostPortRangeOrBuilder> getHostPortsOrBuilderList()

 hostPorts determines which host port ranges are allowed to be exposed.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

getHostPortsOrBuilder

V1beta1Extensions.HostPortRangeOrBuilder getHostPortsOrBuilder(int index)

 hostPorts determines which host port ranges are allowed to be exposed.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.HostPortRange hostPorts = 7;

hasHostPID

boolean hasHostPID()

 hostPID determines if the policy allows the use of HostPID in the pod spec.
 +optional
 

optional bool hostPID = 8;

getHostPID

boolean getHostPID()

 hostPID determines if the policy allows the use of HostPID in the pod spec.
 +optional
 

optional bool hostPID = 8;

hasHostIPC

boolean hasHostIPC()

 hostIPC determines if the policy allows the use of HostIPC in the pod spec.
 +optional
 

optional bool hostIPC = 9;

getHostIPC

boolean getHostIPC()

 hostIPC determines if the policy allows the use of HostIPC in the pod spec.
 +optional
 

optional bool hostIPC = 9;

hasSeLinux

boolean hasSeLinux()

 seLinux is the strategy that will dictate the allowable labels that may be set.
 

optional .k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions seLinux = 10;

getSeLinux

V1beta1Extensions.SELinuxStrategyOptions getSeLinux()

 seLinux is the strategy that will dictate the allowable labels that may be set.
 

optional .k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions seLinux = 10;

getSeLinuxOrBuilder

V1beta1Extensions.SELinuxStrategyOptionsOrBuilder getSeLinuxOrBuilder()

 seLinux is the strategy that will dictate the allowable labels that may be set.
 

optional .k8s.io.api.extensions.v1beta1.SELinuxStrategyOptions seLinux = 10;

hasRunAsUser

boolean hasRunAsUser()

 runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
 

optional .k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions runAsUser = 11;

getRunAsUser

V1beta1Extensions.RunAsUserStrategyOptions getRunAsUser()

 runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
 

optional .k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions runAsUser = 11;

getRunAsUserOrBuilder

V1beta1Extensions.RunAsUserStrategyOptionsOrBuilder getRunAsUserOrBuilder()

 runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.
 

optional .k8s.io.api.extensions.v1beta1.RunAsUserStrategyOptions runAsUser = 11;

hasSupplementalGroups

boolean hasSupplementalGroups()

 SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
 

optional .k8s.io.api.extensions.v1beta1.SupplementalGroupsStrategyOptions supplementalGroups = 12;

getSupplementalGroups

V1beta1Extensions.SupplementalGroupsStrategyOptions getSupplementalGroups()

 SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
 

optional .k8s.io.api.extensions.v1beta1.SupplementalGroupsStrategyOptions supplementalGroups = 12;

getSupplementalGroupsOrBuilder

V1beta1Extensions.SupplementalGroupsStrategyOptionsOrBuilder getSupplementalGroupsOrBuilder()

 SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.
 

optional .k8s.io.api.extensions.v1beta1.SupplementalGroupsStrategyOptions supplementalGroups = 12;

hasFsGroup

boolean hasFsGroup()

 FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
 

optional .k8s.io.api.extensions.v1beta1.FSGroupStrategyOptions fsGroup = 13;

getFsGroup

V1beta1Extensions.FSGroupStrategyOptions getFsGroup()

 FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
 

optional .k8s.io.api.extensions.v1beta1.FSGroupStrategyOptions fsGroup = 13;

getFsGroupOrBuilder

V1beta1Extensions.FSGroupStrategyOptionsOrBuilder getFsGroupOrBuilder()

 FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.
 

optional .k8s.io.api.extensions.v1beta1.FSGroupStrategyOptions fsGroup = 13;

hasReadOnlyRootFilesystem

boolean hasReadOnlyRootFilesystem()

 ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
 system.  If the container specifically requests to run with a non-read only root file system
 the PSP should deny the pod.
 If set to false the container may run with a read only root file system if it wishes but it
 will not be forced to.
 +optional
 

optional bool readOnlyRootFilesystem = 14;

getReadOnlyRootFilesystem

boolean getReadOnlyRootFilesystem()

 ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file
 system.  If the container specifically requests to run with a non-read only root file system
 the PSP should deny the pod.
 If set to false the container may run with a read only root file system if it wishes but it
 will not be forced to.
 +optional
 

optional bool readOnlyRootFilesystem = 14;

hasDefaultAllowPrivilegeEscalation

boolean hasDefaultAllowPrivilegeEscalation()

 DefaultAllowPrivilegeEscalation controls the default setting for whether a
 process can gain more privileges than its parent process.
 +optional
 

optional bool defaultAllowPrivilegeEscalation = 15;

getDefaultAllowPrivilegeEscalation

boolean getDefaultAllowPrivilegeEscalation()

 DefaultAllowPrivilegeEscalation controls the default setting for whether a
 process can gain more privileges than its parent process.
 +optional
 

optional bool defaultAllowPrivilegeEscalation = 15;

hasAllowPrivilegeEscalation

boolean hasAllowPrivilegeEscalation()

 AllowPrivilegeEscalation determines if a pod can request to allow
 privilege escalation. If unspecified, defaults to true.
 +optional
 

optional bool allowPrivilegeEscalation = 16;

getAllowPrivilegeEscalation

boolean getAllowPrivilegeEscalation()

 AllowPrivilegeEscalation determines if a pod can request to allow
 privilege escalation. If unspecified, defaults to true.
 +optional
 

optional bool allowPrivilegeEscalation = 16;

getAllowedHostPathsList

List<V1beta1Extensions.AllowedHostPath> getAllowedHostPathsList()

 is a white list of allowed host paths. Empty indicates that all host paths may be used.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

getAllowedHostPaths

V1beta1Extensions.AllowedHostPath getAllowedHostPaths(int index)

 is a white list of allowed host paths. Empty indicates that all host paths may be used.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

getAllowedHostPathsCount

int getAllowedHostPathsCount()

 is a white list of allowed host paths. Empty indicates that all host paths may be used.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

getAllowedHostPathsOrBuilderList

List<? extends V1beta1Extensions.AllowedHostPathOrBuilder> getAllowedHostPathsOrBuilderList()

 is a white list of allowed host paths. Empty indicates that all host paths may be used.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;

getAllowedHostPathsOrBuilder

V1beta1Extensions.AllowedHostPathOrBuilder getAllowedHostPathsOrBuilder(int index)

 is a white list of allowed host paths. Empty indicates that all host paths may be used.
 +optional
 

repeated .k8s.io.api.extensions.v1beta1.AllowedHostPath allowedHostPaths = 17;