Class: Google::Apis::RunV1alpha1::SecurityContext
- Inherits:
-
Object
- Object
- Google::Apis::RunV1alpha1::SecurityContext
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/run_v1alpha1/classes.rb,
generated/google/apis/run_v1alpha1/representations.rb,
generated/google/apis/run_v1alpha1/representations.rb
Overview
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Instance Attribute Summary collapse
-
#allow_privilege_escalation ⇒ Boolean
(also: #allow_privilege_escalation?)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
-
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
-
#privileged ⇒ Boolean
(also: #privileged?)
Run container in privileged mode.
-
#read_only_root_filesystem ⇒ Boolean
(also: #read_only_root_filesystem?)
Whether this container has a read-only root filesystem.
-
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
-
#run_as_non_root ⇒ Boolean
(also: #run_as_non_root?)
Indicates that the container must run as a non-root user.
-
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
-
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container Corresponds to the JSON property
seLinuxOptions
.
Instance Method Summary collapse
-
#initialize(**args) ⇒ SecurityContext
constructor
A new instance of SecurityContext.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ SecurityContext
Returns a new instance of SecurityContext
2832 2833 2834 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2832 def initialize(**args) update!(**args) end |
Instance Attribute Details
#allow_privilege_escalation ⇒ Boolean Also known as: allow_privilege_escalation?
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
+optional
Corresponds to the JSON property allowPrivilegeEscalation
2773 2774 2775 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2773 def allow_privilege_escalation @allow_privilege_escalation end |
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
Corresponds to the JSON property capabilities
2779 2780 2781 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2779 def capabilities @capabilities end |
#privileged ⇒ Boolean Also known as: privileged?
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on
the host. Defaults to false. +optional
Corresponds to the JSON property privileged
2786 2787 2788 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2786 def privileged @privileged end |
#read_only_root_filesystem ⇒ Boolean Also known as: read_only_root_filesystem?
Whether this container has a read-only root filesystem.
Default is false.
+optional
Corresponds to the JSON property readOnlyRootFilesystem
2794 2795 2796 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2794 def read_only_root_filesystem @read_only_root_filesystem end |
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsGroup
2804 2805 2806 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2804 def run_as_group @run_as_group end |
#run_as_non_root ⇒ Boolean Also known as: run_as_non_root?
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsNonRoot
2815 2816 2817 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2815 def run_as_non_root @run_as_non_root end |
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsUser
2825 2826 2827 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2825 def run_as_user @run_as_user end |
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container
Corresponds to the JSON property seLinuxOptions
2830 2831 2832 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2830 def @se_linux_options end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 2837 def update!(**args) @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation) @capabilities = args[:capabilities] if args.key?(:capabilities) @privileged = args[:privileged] if args.key?(:privileged) @read_only_root_filesystem = args[:read_only_root_filesystem] if args.key?(:read_only_root_filesystem) @run_as_group = args[:run_as_group] if args.key?(:run_as_group) @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root) @run_as_user = args[:run_as_user] if args.key?(:run_as_user) @se_linux_options = args[:se_linux_options] if args.key?(:se_linux_options) end |