Class: Google::Apis::RunV1alpha1::SecurityContext

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
generated/google/apis/run_v1alpha1/classes.rb,
generated/google/apis/run_v1alpha1/representations.rb,
generated/google/apis/run_v1alpha1/representations.rb

Overview

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Core::JsonObjectSupport

#to_json

Methods included from Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ SecurityContext

Returns a new instance of SecurityContext.



4281
4282
4283
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4281

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allow_privilege_escalationBoolean Also known as: allow_privilege_escalation?

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN +optional Corresponds to the JSON property allowPrivilegeEscalation

Returns:

  • (Boolean) 


4222
4223
4224
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4222

def allow_privilege_escalation
  @allow_privilege_escalation
end

#capabilitiesGoogle::Apis::RunV1alpha1::Capabilities

Adds and removes POSIX capabilities from running containers. Corresponds to the JSON property capabilities

Returns:



4228
4229
4230
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4228

def capabilities
  @capabilities
end

#privilegedBoolean Also known as: privileged?

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. +optional Corresponds to the JSON property privileged

Returns:

  • (Boolean) 


4235
4236
4237
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4235

def privileged
  @privileged
end

#read_only_root_filesystemBoolean Also known as: read_only_root_filesystem?

Whether this container has a read-only root filesystem. Default is false. +optional Corresponds to the JSON property readOnlyRootFilesystem

Returns:

  • (Boolean) 


4243
4244
4245
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4243

def read_only_root_filesystem
  @read_only_root_filesystem
end

#run_as_groupFixnum

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional Corresponds to the JSON property runAsGroup

Returns:

  • (Fixnum) 


4253
4254
4255
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4253

def run_as_group
  @run_as_group
end

#run_as_non_rootBoolean Also known as: run_as_non_root?

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional Corresponds to the JSON property runAsNonRoot

Returns:

  • (Boolean) 


4264
4265
4266
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4264

def run_as_non_root
  @run_as_non_root
end

#run_as_userFixnum

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +optional Corresponds to the JSON property runAsUser

Returns:

  • (Fixnum) 


4274
4275
4276
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4274

def run_as_user
  @run_as_user
end

#se_linux_optionsGoogle::Apis::RunV1alpha1::SeLinuxOptions

SELinuxOptions are the labels to be applied to the container Corresponds to the JSON property seLinuxOptions

Returns:



4279
4280
4281
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4279

def se_linux_options
  @se_linux_options
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
 
# File 'generated/google/apis/run_v1alpha1/classes.rb', line 4286

def update!(**args)
  @allow_privilege_escalation = args[:allow_privilege_escalation] if args.key?(:allow_privilege_escalation)
  @capabilities = args[:capabilities] if args.key?(:capabilities)
  @privileged = args[:privileged] if args.key?(:privileged)
  @read_only_root_filesystem = args[:read_only_root_filesystem] if args.key?(:read_only_root_filesystem)
  @run_as_group = args[:run_as_group] if args.key?(:run_as_group)
  @run_as_non_root = args[:run_as_non_root] if args.key?(:run_as_non_root)
  @run_as_user = args[:run_as_user] if args.key?(:run_as_user)
  @se_linux_options = args[:se_linux_options] if args.key?(:se_linux_options)
end