Class: Google::Apis::RunV1alpha1::SecurityContext
- Inherits:
-
Object
- Object
- Google::Apis::RunV1alpha1::SecurityContext
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/run_v1alpha1/classes.rb,
generated/google/apis/run_v1alpha1/representations.rb,
generated/google/apis/run_v1alpha1/representations.rb
Overview
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Instance Attribute Summary collapse
-
#allow_privilege_escalation ⇒ Boolean
(also: #allow_privilege_escalation?)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
-
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
-
#privileged ⇒ Boolean
(also: #privileged?)
Run container in privileged mode.
-
#read_only_root_filesystem ⇒ Boolean
(also: #read_only_root_filesystem?)
Whether this container has a read-only root filesystem.
-
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
-
#run_as_non_root ⇒ Boolean
(also: #run_as_non_root?)
Indicates that the container must run as a non-root user.
-
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
-
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container Corresponds to the JSON property
seLinuxOptions
.
Instance Method Summary collapse
-
#initialize(**args) ⇒ SecurityContext
constructor
A new instance of SecurityContext.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ SecurityContext
Returns a new instance of SecurityContext
3547 3548 3549 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3547 def initialize(**args) update!(**args) end |
Instance Attribute Details
#allow_privilege_escalation ⇒ Boolean Also known as: allow_privilege_escalation?
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
+optional
Corresponds to the JSON property allowPrivilegeEscalation
3488 3489 3490 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3488 def allow_privilege_escalation @allow_privilege_escalation end |
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
Corresponds to the JSON property capabilities
3494 3495 3496 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3494 def capabilities @capabilities end |
#privileged ⇒ Boolean Also known as: privileged?
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on
the host. Defaults to false. +optional
Corresponds to the JSON property privileged
3501 3502 3503 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3501 def privileged @privileged end |
#read_only_root_filesystem ⇒ Boolean Also known as: read_only_root_filesystem?
Whether this container has a read-only root filesystem.
Default is false.
+optional
Corresponds to the JSON property readOnlyRootFilesystem
3509 3510 3511 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3509 def read_only_root_filesystem @read_only_root_filesystem end |
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsGroup
3519 3520 3521 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3519 def run_as_group @run_as_group end |
#run_as_non_root ⇒ Boolean Also known as: run_as_non_root?
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsNonRoot
3530 3531 3532 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3530 def run_as_non_root @run_as_non_root end |
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsUser
3540 3541 3542 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3540 def run_as_user @run_as_user end |
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container
Corresponds to the JSON property seLinuxOptions
3545 3546 3547 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3545 def @se_linux_options end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3552 def update!(**args) @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation) @capabilities = args[:capabilities] if args.key?(:capabilities) @privileged = args[:privileged] if args.key?(:privileged) @read_only_root_filesystem = args[:read_only_root_filesystem] if args.key?(:read_only_root_filesystem) @run_as_group = args[:run_as_group] if args.key?(:run_as_group) @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root) @run_as_user = args[:run_as_user] if args.key?(:run_as_user) @se_linux_options = args[:se_linux_options] if args.key?(:se_linux_options) end |