Class: Google::Apis::RunV1alpha1::SecurityContext
- Inherits:
-
Object
- Object
- Google::Apis::RunV1alpha1::SecurityContext
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/run_v1alpha1/classes.rb,
generated/google/apis/run_v1alpha1/representations.rb,
generated/google/apis/run_v1alpha1/representations.rb
Overview
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Instance Attribute Summary collapse
-
#allow_privilege_escalation ⇒ Boolean
(also: #allow_privilege_escalation?)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
-
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
-
#privileged ⇒ Boolean
(also: #privileged?)
Run container in privileged mode.
-
#read_only_root_filesystem ⇒ Boolean
(also: #read_only_root_filesystem?)
Whether this container has a read-only root filesystem.
-
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
-
#run_as_non_root ⇒ Boolean
(also: #run_as_non_root?)
Indicates that the container must run as a non-root user.
-
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
-
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container Corresponds to the JSON property
seLinuxOptions
.
Instance Method Summary collapse
-
#initialize(**args) ⇒ SecurityContext
constructor
A new instance of SecurityContext.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ SecurityContext
Returns a new instance of SecurityContext
3591 3592 3593 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3591 def initialize(**args) update!(**args) end |
Instance Attribute Details
#allow_privilege_escalation ⇒ Boolean Also known as: allow_privilege_escalation?
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
+optional
Corresponds to the JSON property allowPrivilegeEscalation
3532 3533 3534 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3532 def allow_privilege_escalation @allow_privilege_escalation end |
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
Corresponds to the JSON property capabilities
3538 3539 3540 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3538 def capabilities @capabilities end |
#privileged ⇒ Boolean Also known as: privileged?
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on
the host. Defaults to false. +optional
Corresponds to the JSON property privileged
3545 3546 3547 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3545 def privileged @privileged end |
#read_only_root_filesystem ⇒ Boolean Also known as: read_only_root_filesystem?
Whether this container has a read-only root filesystem.
Default is false.
+optional
Corresponds to the JSON property readOnlyRootFilesystem
3553 3554 3555 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3553 def read_only_root_filesystem @read_only_root_filesystem end |
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsGroup
3563 3564 3565 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3563 def run_as_group @run_as_group end |
#run_as_non_root ⇒ Boolean Also known as: run_as_non_root?
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsNonRoot
3574 3575 3576 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3574 def run_as_non_root @run_as_non_root end |
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsUser
3584 3585 3586 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3584 def run_as_user @run_as_user end |
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container
Corresponds to the JSON property seLinuxOptions
3589 3590 3591 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3589 def @se_linux_options end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3596 def update!(**args) @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation) @capabilities = args[:capabilities] if args.key?(:capabilities) @privileged = args[:privileged] if args.key?(:privileged) @read_only_root_filesystem = args[:read_only_root_filesystem] if args.key?(:read_only_root_filesystem) @run_as_group = args[:run_as_group] if args.key?(:run_as_group) @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root) @run_as_user = args[:run_as_user] if args.key?(:run_as_user) @se_linux_options = args[:se_linux_options] if args.key?(:se_linux_options) end |