io.kubernetes.client.proto

Class V1.SecurityContext

java.lang.Object

com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessage

com.google.protobuf.GeneratedMessageV3

io.kubernetes.client.proto.V1.SecurityContext

All Implemented Interfaces:

com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, V1.SecurityContextOrBuilder, Serializable

Enclosing class:

V1

public static final class V1.SecurityContext
extends com.google.protobuf.GeneratedMessageV3
implements V1.SecurityContextOrBuilder

 SecurityContext holds security configuration that will be applied to a container.
 Some fields are present in both SecurityContext and PodSecurityContext.  When both
 are set, the values in SecurityContext take precedence.
 

Protobuf type k8s.io.api.core.v1.SecurityContext

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	V1.SecurityContext.Builder SecurityContext holds security configuration that will be applied to a container.

Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable

Field Summary

Fields

Modifier and Type	Field and Description
static int	ALLOWPRIVILEGEESCALATION_FIELD_NUMBER
static int	CAPABILITIES_FIELD_NUMBER
static com.google.protobuf.Parser<V1.SecurityContext>	PARSER Deprecated.
static int	PRIVILEGED_FIELD_NUMBER
static int	PROCMOUNT_FIELD_NUMBER
static int	READONLYROOTFILESYSTEM_FIELD_NUMBER
static int	RUNASGROUP_FIELD_NUMBER
static int	RUNASNONROOT_FIELD_NUMBER
static int	RUNASUSER_FIELD_NUMBER
static int	SELINUXOPTIONS_FIELD_NUMBER

Fields inherited from class com.google.protobuf.GeneratedMessageV3

alwaysUseFieldBuilders, unknownFields

Fields inherited from class com.google.protobuf.AbstractMessage

memoizedSize

Fields inherited from class com.google.protobuf.AbstractMessageLite

memoizedHashCode

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
boolean	getAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
V1.Capabilities	getCapabilities() The capabilities to add/drop when running containers.
V1.CapabilitiesOrBuilder	getCapabilitiesOrBuilder() The capabilities to add/drop when running containers.
static V1.SecurityContext	getDefaultInstance()
V1.SecurityContext	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
com.google.protobuf.Parser<V1.SecurityContext>	getParserForType()
boolean	getPrivileged() Run container in privileged mode.
String	getProcMount() procMount denotes the type of proc mount to use for the containers.
com.google.protobuf.ByteString	getProcMountBytes() procMount denotes the type of proc mount to use for the containers.
boolean	getReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
long	getRunAsGroup() The GID to run the entrypoint of the container process.
boolean	getRunAsNonRoot() Indicates that the container must run as a non-root user.
long	getRunAsUser() The UID to run the entrypoint of the container process.
V1.SELinuxOptions	getSeLinuxOptions() The SELinux context to be applied to the container.
V1.SELinuxOptionsOrBuilder	getSeLinuxOptionsOrBuilder() The SELinux context to be applied to the container.
int	getSerializedSize()
com.google.protobuf.UnknownFieldSet	getUnknownFields()
boolean	hasAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
boolean	hasCapabilities() The capabilities to add/drop when running containers.
int	hashCode()
boolean	hasPrivileged() Run container in privileged mode.
boolean	hasProcMount() procMount denotes the type of proc mount to use for the containers.
boolean	hasReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
boolean	hasRunAsGroup() The GID to run the entrypoint of the container process.
boolean	hasRunAsNonRoot() Indicates that the container must run as a non-root user.
boolean	hasRunAsUser() The UID to run the entrypoint of the container process.
boolean	hasSeLinuxOptions() The SELinux context to be applied to the container.
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
boolean	isInitialized()
static V1.SecurityContext.Builder	newBuilder()
static V1.SecurityContext.Builder	newBuilder(V1.SecurityContext prototype)
V1.SecurityContext.Builder	newBuilderForType()
protected V1.SecurityContext.Builder	newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
static V1.SecurityContext	parseDelimitedFrom(InputStream input)
static V1.SecurityContext	parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static V1.SecurityContext	parseFrom(byte[] data)
static V1.SecurityContext	parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static V1.SecurityContext	parseFrom(ByteBuffer data)
static V1.SecurityContext	parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static V1.SecurityContext	parseFrom(com.google.protobuf.ByteString data)
static V1.SecurityContext	parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static V1.SecurityContext	parseFrom(com.google.protobuf.CodedInputStream input)
static V1.SecurityContext	parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static V1.SecurityContext	parseFrom(InputStream input)
static V1.SecurityContext	parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<V1.SecurityContext>	parser()
V1.SecurityContext.Builder	toBuilder()
void	writeTo(com.google.protobuf.CodedOutputStream output)

Methods inherited from class com.google.protobuf.GeneratedMessageV3

computeStringSize, computeStringSizeNoTag, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, internalGetMapField, makeExtensionsImmutable, newBuilderForType, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

Methods inherited from class com.google.protobuf.AbstractMessage

findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite

addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite

toByteArray, toByteString, writeDelimitedTo, writeTo

Field Detail

CAPABILITIES_FIELD_NUMBER

public static final int CAPABILITIES_FIELD_NUMBER

See Also:

Constant Field Values

PRIVILEGED_FIELD_NUMBER

public static final int PRIVILEGED_FIELD_NUMBER

See Also:

Constant Field Values

SELINUXOPTIONS_FIELD_NUMBER

public static final int SELINUXOPTIONS_FIELD_NUMBER

See Also:

Constant Field Values

RUNASUSER_FIELD_NUMBER

public static final int RUNASUSER_FIELD_NUMBER

See Also:

Constant Field Values

RUNASGROUP_FIELD_NUMBER

public static final int RUNASGROUP_FIELD_NUMBER

See Also:

Constant Field Values

RUNASNONROOT_FIELD_NUMBER

public static final int RUNASNONROOT_FIELD_NUMBER

See Also:

Constant Field Values

READONLYROOTFILESYSTEM_FIELD_NUMBER

public static final int READONLYROOTFILESYSTEM_FIELD_NUMBER

See Also:

Constant Field Values

ALLOWPRIVILEGEESCALATION_FIELD_NUMBER

public static final int ALLOWPRIVILEGEESCALATION_FIELD_NUMBER

See Also:

Constant Field Values

PROCMOUNT_FIELD_NUMBER

public static final int PROCMOUNT_FIELD_NUMBER

See Also:

Constant Field Values

PARSER

@Deprecated
public static final com.google.protobuf.Parser<V1.SecurityContext> PARSER

Deprecated.

Method Detail

getUnknownFields

public final com.google.protobuf.UnknownFieldSet getUnknownFields()

Specified by:

getUnknownFields in interface com.google.protobuf.MessageOrBuilder

Overrides:

getUnknownFields in class com.google.protobuf.GeneratedMessageV3

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

hasCapabilities

public boolean hasCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

Specified by:

hasCapabilities in interface V1.SecurityContextOrBuilder

getCapabilities

public V1.Capabilities getCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

Specified by:

getCapabilities in interface V1.SecurityContextOrBuilder

getCapabilitiesOrBuilder

public V1.CapabilitiesOrBuilder getCapabilitiesOrBuilder()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

Specified by:

getCapabilitiesOrBuilder in interface V1.SecurityContextOrBuilder

hasPrivileged

public boolean hasPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

Specified by:

hasPrivileged in interface V1.SecurityContextOrBuilder

getPrivileged

public boolean getPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

Specified by:

getPrivileged in interface V1.SecurityContextOrBuilder

hasSeLinuxOptions

public boolean hasSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

Specified by:

hasSeLinuxOptions in interface V1.SecurityContextOrBuilder

getSeLinuxOptions

public V1.SELinuxOptions getSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

Specified by:

getSeLinuxOptions in interface V1.SecurityContextOrBuilder

getSeLinuxOptionsOrBuilder

public V1.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

Specified by:

getSeLinuxOptionsOrBuilder in interface V1.SecurityContextOrBuilder

hasRunAsUser

public boolean hasRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

Specified by:

hasRunAsUser in interface V1.SecurityContextOrBuilder

getRunAsUser

public long getRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

Specified by:

getRunAsUser in interface V1.SecurityContextOrBuilder

hasRunAsGroup

public boolean hasRunAsGroup()

 The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsGroup = 8;

Specified by:

hasRunAsGroup in interface V1.SecurityContextOrBuilder

getRunAsGroup

public long getRunAsGroup()

 The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsGroup = 8;

Specified by:

getRunAsGroup in interface V1.SecurityContextOrBuilder

hasRunAsNonRoot

public boolean hasRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

Specified by:

hasRunAsNonRoot in interface V1.SecurityContextOrBuilder

getRunAsNonRoot

public boolean getRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

Specified by:

getRunAsNonRoot in interface V1.SecurityContextOrBuilder

hasReadOnlyRootFilesystem

public boolean hasReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

Specified by:

hasReadOnlyRootFilesystem in interface V1.SecurityContextOrBuilder

getReadOnlyRootFilesystem

public boolean getReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

Specified by:

getReadOnlyRootFilesystem in interface V1.SecurityContextOrBuilder

hasAllowPrivilegeEscalation

public boolean hasAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

Specified by:

hasAllowPrivilegeEscalation in interface V1.SecurityContextOrBuilder

getAllowPrivilegeEscalation

public boolean getAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

Specified by:

getAllowPrivilegeEscalation in interface V1.SecurityContextOrBuilder

hasProcMount

public boolean hasProcMount()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

Specified by:

hasProcMount in interface V1.SecurityContextOrBuilder

getProcMount

public String getProcMount()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

Specified by:

getProcMount in interface V1.SecurityContextOrBuilder

getProcMountBytes

public com.google.protobuf.ByteString getProcMountBytes()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

Specified by:

getProcMountBytes in interface V1.SecurityContextOrBuilder

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3

writeTo

public void writeTo(com.google.protobuf.CodedOutputStream output)
             throws IOException

Specified by:

writeTo in interface com.google.protobuf.MessageLite

Overrides:

writeTo in class com.google.protobuf.GeneratedMessageV3

Throws:

IOException

getSerializedSize

public int getSerializedSize()

Specified by:

getSerializedSize in interface com.google.protobuf.MessageLite

Overrides:

getSerializedSize in class com.google.protobuf.GeneratedMessageV3

equals

public boolean equals(Object obj)

Specified by:

equals in interface com.google.protobuf.Message

Overrides:

equals in class com.google.protobuf.AbstractMessage

hashCode

public int hashCode()

Specified by:

hashCode in interface com.google.protobuf.Message

Overrides:

hashCode in class com.google.protobuf.AbstractMessage

parseFrom

public static V1.SecurityContext parseFrom(ByteBuffer data)
                                    throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static V1.SecurityContext parseFrom(ByteBuffer data,
                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                    throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static V1.SecurityContext parseFrom(com.google.protobuf.ByteString data)
                                    throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static V1.SecurityContext parseFrom(com.google.protobuf.ByteString data,
                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                    throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static V1.SecurityContext parseFrom(byte[] data)
                                    throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static V1.SecurityContext parseFrom(byte[] data,
                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                    throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static V1.SecurityContext parseFrom(InputStream input)
                                    throws IOException

Throws:

IOException

parseFrom

public static V1.SecurityContext parseFrom(InputStream input,
                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                    throws IOException

Throws:

IOException

parseDelimitedFrom

public static V1.SecurityContext parseDelimitedFrom(InputStream input)
                                             throws IOException

Throws:

IOException

parseDelimitedFrom

public static V1.SecurityContext parseDelimitedFrom(InputStream input,
                                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                             throws IOException

Throws:

IOException

parseFrom

public static V1.SecurityContext parseFrom(com.google.protobuf.CodedInputStream input)
                                    throws IOException

Throws:

IOException

parseFrom

public static V1.SecurityContext parseFrom(com.google.protobuf.CodedInputStream input,
                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                    throws IOException

Throws:

IOException

newBuilderForType

public V1.SecurityContext.Builder newBuilderForType()

Specified by:

newBuilderForType in interface com.google.protobuf.Message

Specified by:

newBuilderForType in interface com.google.protobuf.MessageLite

newBuilder

public static V1.SecurityContext.Builder newBuilder()

newBuilder

public static V1.SecurityContext.Builder newBuilder(V1.SecurityContext prototype)

toBuilder

public V1.SecurityContext.Builder toBuilder()

Specified by:

toBuilder in interface com.google.protobuf.Message

Specified by:

toBuilder in interface com.google.protobuf.MessageLite

newBuilderForType

protected V1.SecurityContext.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

Specified by:

newBuilderForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstance

public static V1.SecurityContext getDefaultInstance()

parser

public static com.google.protobuf.Parser<V1.SecurityContext> parser()

getParserForType

public com.google.protobuf.Parser<V1.SecurityContext> getParserForType()

Specified by:

getParserForType in interface com.google.protobuf.Message

Specified by:

getParserForType in interface com.google.protobuf.MessageLite

Overrides:

getParserForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstanceForType

public V1.SecurityContext getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder