Class: Google::Apis::RunV1alpha1::SecurityContext
- Inherits:
-
Object
- Object
- Google::Apis::RunV1alpha1::SecurityContext
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/run_v1alpha1/classes.rb,
generated/google/apis/run_v1alpha1/representations.rb,
generated/google/apis/run_v1alpha1/representations.rb
Overview
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Instance Attribute Summary collapse
-
#allow_privilege_escalation ⇒ Boolean
(also: #allow_privilege_escalation?)
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
-
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
-
#privileged ⇒ Boolean
(also: #privileged?)
Run container in privileged mode.
-
#read_only_root_filesystem ⇒ Boolean
(also: #read_only_root_filesystem?)
Whether this container has a read-only root filesystem.
-
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
-
#run_as_non_root ⇒ Boolean
(also: #run_as_non_root?)
Indicates that the container must run as a non-root user.
-
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
-
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container Corresponds to the JSON property
seLinuxOptions
.
Instance Method Summary collapse
-
#initialize(**args) ⇒ SecurityContext
constructor
A new instance of SecurityContext.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ SecurityContext
Returns a new instance of SecurityContext.
3971 3972 3973 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3971 def initialize(**args) update!(**args) end |
Instance Attribute Details
#allow_privilege_escalation ⇒ Boolean Also known as: allow_privilege_escalation?
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
+optional
Corresponds to the JSON property allowPrivilegeEscalation
3912 3913 3914 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3912 def allow_privilege_escalation @allow_privilege_escalation end |
#capabilities ⇒ Google::Apis::RunV1alpha1::Capabilities
Adds and removes POSIX capabilities from running containers.
Corresponds to the JSON property capabilities
3918 3919 3920 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3918 def capabilities @capabilities end |
#privileged ⇒ Boolean Also known as: privileged?
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on
the host. Defaults to false. +optional
Corresponds to the JSON property privileged
3925 3926 3927 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3925 def privileged @privileged end |
#read_only_root_filesystem ⇒ Boolean Also known as: read_only_root_filesystem?
Whether this container has a read-only root filesystem.
Default is false.
+optional
Corresponds to the JSON property readOnlyRootFilesystem
3933 3934 3935 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3933 def read_only_root_filesystem @read_only_root_filesystem end |
#run_as_group ⇒ Fixnum
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsGroup
3943 3944 3945 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3943 def run_as_group @run_as_group end |
#run_as_non_root ⇒ Boolean Also known as: run_as_non_root?
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsNonRoot
3954 3955 3956 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3954 def run_as_non_root @run_as_non_root end |
#run_as_user ⇒ Fixnum
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes
precedence. +optional
Corresponds to the JSON property runAsUser
3964 3965 3966 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3964 def run_as_user @run_as_user end |
#se_linux_options ⇒ Google::Apis::RunV1alpha1::SeLinuxOptions
SELinuxOptions are the labels to be applied to the container
Corresponds to the JSON property seLinuxOptions
3969 3970 3971 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3969 def @se_linux_options end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 |
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 3976 def update!(**args) @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation) @capabilities = args[:capabilities] if args.key?(:capabilities) @privileged = args[:privileged] if args.key?(:privileged) @read_only_root_filesystem = args[:read_only_root_filesystem] if args.key?(:read_only_root_filesystem) @run_as_group = args[:run_as_group] if args.key?(:run_as_group) @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root) @run_as_user = args[:run_as_user] if args.key?(:run_as_user) @se_linux_options = args[:se_linux_options] if args.key?(:se_linux_options) end |