Class V1PodSecurityContext
java.lang.Object
io.micronaut.kubernetes.client.openapi.model.V1PodSecurityContext
@Generated("io.micronaut.openapi.generator.JavaMicronautClientCodegen")
public class V1PodSecurityContext
extends Object
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionaddsupplementalGroupsItem
(Long supplementalGroupsItem) Add an item to the supplementalGroups property in a chainable fashion.addsysctlsItem
(V1Sysctl sysctlsItem) Add an item to the sysctls property in a chainable fashion.boolean
Set fsGroup in a chainable fashion.fsGroupChangePolicy
(String fsGroupChangePolicy) Set fsGroupChangePolicy in a chainable fashion.A special supplemental group that applies to all containers in a pod.fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod.The GID to run the entrypoint of the container process.Indicates that the container must run as a non-root user.The UID to run the entrypoint of the container process.A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.Sysctls hold a list of namespaced sysctls used for the pod.int
hashCode()
runAsGroup
(Long runAsGroup) Set runAsGroup in a chainable fashion.runAsNonRoot
(Boolean runAsNonRoot) Set runAsNonRoot in a chainable fashion.Set runAsUser in a chainable fashion.seccompProfile
(V1SeccompProfile seccompProfile) Set seccompProfile in a chainable fashion.seLinuxOptions
(V1SELinuxOptions seLinuxOptions) Set seLinuxOptions in a chainable fashion.void
setFsGroup
(Long fsGroup) Set the fsGroup property valuevoid
setFsGroupChangePolicy
(String fsGroupChangePolicy) Set the fsGroupChangePolicy property valuevoid
setRunAsGroup
(Long runAsGroup) Set the runAsGroup property valuevoid
setRunAsNonRoot
(Boolean runAsNonRoot) Set the runAsNonRoot property valuevoid
setRunAsUser
(Long runAsUser) Set the runAsUser property valuevoid
setSeccompProfile
(V1SeccompProfile seccompProfile) Set the seccompProfile property valuevoid
setSeLinuxOptions
(V1SELinuxOptions seLinuxOptions) Set the seLinuxOptions property valuevoid
setSupplementalGroups
(List<@NotNull Long> supplementalGroups) Set the supplementalGroups property valuevoid
setSysctls
(List<@Valid V1Sysctl> sysctls) Set the sysctls property valuevoid
setWindowsOptions
(V1WindowsSecurityContextOptions windowsOptions) Set the windowsOptions property valuesupplementalGroups
(List<@NotNull Long> supplementalGroups) Set supplementalGroups in a chainable fashion.Set sysctls in a chainable fashion.toString()
windowsOptions
(V1WindowsSecurityContextOptions windowsOptions) Set windowsOptions in a chainable fashion.
-
Field Details
-
JSON_PROPERTY_FS_GROUP
- See Also:
-
JSON_PROPERTY_FS_GROUP_CHANGE_POLICY
- See Also:
-
JSON_PROPERTY_RUN_AS_GROUP
- See Also:
-
JSON_PROPERTY_RUN_AS_NON_ROOT
- See Also:
-
JSON_PROPERTY_RUN_AS_USER
- See Also:
-
JSON_PROPERTY_SE_LINUX_OPTIONS
- See Also:
-
JSON_PROPERTY_SECCOMP_PROFILE
- See Also:
-
JSON_PROPERTY_SUPPLEMENTAL_GROUPS
- See Also:
-
JSON_PROPERTY_SYSCTLS
- See Also:
-
JSON_PROPERTY_WINDOWS_OPTIONS
- See Also:
-
-
Constructor Details
-
V1PodSecurityContext
public V1PodSecurityContext()
-
-
Method Details
-
getFsGroup
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the fsGroup property value
-
setFsGroup
Set the fsGroup property value- Parameters:
fsGroup
- property value to set
-
fsGroup
Set fsGroup in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getFsGroupChangePolicy
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the fsGroupChangePolicy property value
-
setFsGroupChangePolicy
Set the fsGroupChangePolicy property value- Parameters:
fsGroupChangePolicy
- property value to set
-
fsGroupChangePolicy
Set fsGroupChangePolicy in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getRunAsGroup
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the runAsGroup property value
-
setRunAsGroup
Set the runAsGroup property value- Parameters:
runAsGroup
- property value to set
-
runAsGroup
Set runAsGroup in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getRunAsNonRoot
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.- Returns:
- the runAsNonRoot property value
-
setRunAsNonRoot
Set the runAsNonRoot property value- Parameters:
runAsNonRoot
- property value to set
-
runAsNonRoot
Set runAsNonRoot in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getRunAsUser
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the runAsUser property value
-
setRunAsUser
Set the runAsUser property value- Parameters:
runAsUser
- property value to set
-
runAsUser
Set runAsUser in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSeLinuxOptions
- Returns:
- the seLinuxOptions property value
-
setSeLinuxOptions
Set the seLinuxOptions property value- Parameters:
seLinuxOptions
- property value to set
-
seLinuxOptions
Set seLinuxOptions in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSeccompProfile
- Returns:
- the seccompProfile property value
-
setSeccompProfile
Set the seccompProfile property value- Parameters:
seccompProfile
- property value to set
-
seccompProfile
Set seccompProfile in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSupplementalGroups
A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the supplementalGroups property value
-
setSupplementalGroups
Set the supplementalGroups property value- Parameters:
supplementalGroups
- property value to set
-
supplementalGroups
Set supplementalGroups in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
addsupplementalGroupsItem
Add an item to the supplementalGroups property in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSysctls
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the sysctls property value
-
setSysctls
Set the sysctls property value- Parameters:
sysctls
- property value to set
-
sysctls
Set sysctls in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
addsysctlsItem
Add an item to the sysctls property in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getWindowsOptions
- Returns:
- the windowsOptions property value
-
setWindowsOptions
Set the windowsOptions property value- Parameters:
windowsOptions
- property value to set
-
windowsOptions
Set windowsOptions in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
equals
-
hashCode
public int hashCode() -
toString
-