Class V1PodSecurityContext
java.lang.Object
io.micronaut.kubernetes.client.openapi.model.V1PodSecurityContext
@Generated("io.micronaut.openapi.generator.JavaMicronautClientCodegen")
public class V1PodSecurityContext
extends Object
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionaddSupplementalGroupsItem
(Long supplementalGroupsItem) Add an item to the supplementalGroups property in a chainable fashion.addSysctlsItem
(V1Sysctl sysctlsItem) Add an item to the sysctls property in a chainable fashion.appArmorProfile
(V1AppArmorProfile appArmorProfile) Set appArmorProfile in a chainable fashion.boolean
Set fsGroup in a chainable fashion.fsGroupChangePolicy
(String fsGroupChangePolicy) Set fsGroupChangePolicy in a chainable fashion.A special supplemental group that applies to all containers in a pod.fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod.The GID to run the entrypoint of the container process.Indicates that the container must run as a non-root user.The UID to run the entrypoint of the container process.seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified).Defines how supplemental groups of the first container processes are calculated.Sysctls hold a list of namespaced sysctls used for the pod.int
hashCode()
runAsGroup
(Long runAsGroup) Set runAsGroup in a chainable fashion.runAsNonRoot
(Boolean runAsNonRoot) Set runAsNonRoot in a chainable fashion.Set runAsUser in a chainable fashion.seccompProfile
(V1SeccompProfile seccompProfile) Set seccompProfile in a chainable fashion.seLinuxChangePolicy
(String seLinuxChangePolicy) Set seLinuxChangePolicy in a chainable fashion.seLinuxOptions
(V1SELinuxOptions seLinuxOptions) Set seLinuxOptions in a chainable fashion.void
setAppArmorProfile
(V1AppArmorProfile appArmorProfile) Set the appArmorProfile property valuevoid
setFsGroup
(Long fsGroup) Set the fsGroup property valuevoid
setFsGroupChangePolicy
(String fsGroupChangePolicy) Set the fsGroupChangePolicy property valuevoid
setRunAsGroup
(Long runAsGroup) Set the runAsGroup property valuevoid
setRunAsNonRoot
(Boolean runAsNonRoot) Set the runAsNonRoot property valuevoid
setRunAsUser
(Long runAsUser) Set the runAsUser property valuevoid
setSeccompProfile
(V1SeccompProfile seccompProfile) Set the seccompProfile property valuevoid
setSeLinuxChangePolicy
(String seLinuxChangePolicy) Set the seLinuxChangePolicy property valuevoid
setSeLinuxOptions
(V1SELinuxOptions seLinuxOptions) Set the seLinuxOptions property valuevoid
setSupplementalGroups
(List<@NotNull Long> supplementalGroups) Set the supplementalGroups property valuevoid
setSupplementalGroupsPolicy
(String supplementalGroupsPolicy) Set the supplementalGroupsPolicy property valuevoid
setSysctls
(List<@Valid V1Sysctl> sysctls) Set the sysctls property valuevoid
setWindowsOptions
(V1WindowsSecurityContextOptions windowsOptions) Set the windowsOptions property valuesupplementalGroups
(List<@NotNull Long> supplementalGroups) Set supplementalGroups in a chainable fashion.supplementalGroupsPolicy
(String supplementalGroupsPolicy) Set supplementalGroupsPolicy in a chainable fashion.Set sysctls in a chainable fashion.toString()
windowsOptions
(V1WindowsSecurityContextOptions windowsOptions) Set windowsOptions in a chainable fashion.
-
Field Details
-
JSON_PROPERTY_APP_ARMOR_PROFILE
- See Also:
-
JSON_PROPERTY_FS_GROUP
- See Also:
-
JSON_PROPERTY_FS_GROUP_CHANGE_POLICY
- See Also:
-
JSON_PROPERTY_RUN_AS_GROUP
- See Also:
-
JSON_PROPERTY_RUN_AS_NON_ROOT
- See Also:
-
JSON_PROPERTY_RUN_AS_USER
- See Also:
-
JSON_PROPERTY_SE_LINUX_CHANGE_POLICY
- See Also:
-
JSON_PROPERTY_SE_LINUX_OPTIONS
- See Also:
-
JSON_PROPERTY_SECCOMP_PROFILE
- See Also:
-
JSON_PROPERTY_SUPPLEMENTAL_GROUPS
- See Also:
-
JSON_PROPERTY_SUPPLEMENTAL_GROUPS_POLICY
- See Also:
-
JSON_PROPERTY_SYSCTLS
- See Also:
-
JSON_PROPERTY_WINDOWS_OPTIONS
- See Also:
-
-
Constructor Details
-
V1PodSecurityContext
public V1PodSecurityContext()
-
-
Method Details
-
getAppArmorProfile
- Returns:
- the appArmorProfile property value
-
setAppArmorProfile
Set the appArmorProfile property value- Parameters:
appArmorProfile
- property value to set
-
appArmorProfile
Set appArmorProfile in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getFsGroup
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the fsGroup property value
-
setFsGroup
Set the fsGroup property value- Parameters:
fsGroup
- property value to set
-
fsGroup
Set fsGroup in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getFsGroupChangePolicy
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the fsGroupChangePolicy property value
-
setFsGroupChangePolicy
Set the fsGroupChangePolicy property value- Parameters:
fsGroupChangePolicy
- property value to set
-
fsGroupChangePolicy
Set fsGroupChangePolicy in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getRunAsGroup
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the runAsGroup property value
-
setRunAsGroup
Set the runAsGroup property value- Parameters:
runAsGroup
- property value to set
-
runAsGroup
Set runAsGroup in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getRunAsNonRoot
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.- Returns:
- the runAsNonRoot property value
-
setRunAsNonRoot
Set the runAsNonRoot property value- Parameters:
runAsNonRoot
- property value to set
-
runAsNonRoot
Set runAsNonRoot in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getRunAsUser
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the runAsUser property value
-
setRunAsUser
Set the runAsUser property value- Parameters:
runAsUser
- property value to set
-
runAsUser
Set runAsUser in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSeLinuxChangePolicy
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are \"MountOption\" and \"Recursive\". \"Recursive\" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. \"MountOption\" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. \"MountOption\" value is allowed only when SELinuxMount feature gate is enabled. If not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used. If not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes and \"Recursive\" for all other volumes. This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the seLinuxChangePolicy property value
-
setSeLinuxChangePolicy
Set the seLinuxChangePolicy property value- Parameters:
seLinuxChangePolicy
- property value to set
-
seLinuxChangePolicy
Set seLinuxChangePolicy in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSeLinuxOptions
- Returns:
- the seLinuxOptions property value
-
setSeLinuxOptions
Set the seLinuxOptions property value- Parameters:
seLinuxOptions
- property value to set
-
seLinuxOptions
Set seLinuxOptions in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSeccompProfile
- Returns:
- the seccompProfile property value
-
setSeccompProfile
Set the seccompProfile property value- Parameters:
seccompProfile
- property value to set
-
seccompProfile
Set seccompProfile in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSupplementalGroups
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the supplementalGroups property value
-
setSupplementalGroups
Set the supplementalGroups property value- Parameters:
supplementalGroups
- property value to set
-
supplementalGroups
Set supplementalGroups in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
addSupplementalGroupsItem
Add an item to the supplementalGroups property in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSupplementalGroupsPolicy
Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the supplementalGroupsPolicy property value
-
setSupplementalGroupsPolicy
Set the supplementalGroupsPolicy property value- Parameters:
supplementalGroupsPolicy
- property value to set
-
supplementalGroupsPolicy
Set supplementalGroupsPolicy in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getSysctls
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.- Returns:
- the sysctls property value
-
setSysctls
Set the sysctls property value- Parameters:
sysctls
- property value to set
-
sysctls
Set sysctls in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
addSysctlsItem
Add an item to the sysctls property in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
getWindowsOptions
- Returns:
- the windowsOptions property value
-
setWindowsOptions
Set the windowsOptions property value- Parameters:
windowsOptions
- property value to set
-
windowsOptions
Set windowsOptions in a chainable fashion.- Returns:
- The same instance of V1PodSecurityContext for chaining.
-
equals
-
hashCode
public int hashCode() -
toString
-