Package org.cdk8s.plus22
Class ContainerSecurityContext.Builder
- java.lang.Object
-
- org.cdk8s.plus22.ContainerSecurityContext.Builder
-
- All Implemented Interfaces:
software.amazon.jsii.Builder<ContainerSecurityContext>
- Enclosing class:
- ContainerSecurityContext
@Stability(Stable) public static final class ContainerSecurityContext.Builder extends Object implements software.amazon.jsii.Builder<ContainerSecurityContext>
A fluent builder forContainerSecurityContext.
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description ContainerSecurityContextbuild()static ContainerSecurityContext.Buildercreate()ContainerSecurityContext.BuilderensureNonRoot(Boolean ensureNonRoot)Indicates that the container must run as a non-root user.ContainerSecurityContext.Buildergroup(Number group)The GID to run the entrypoint of the container process.ContainerSecurityContext.Builderprivileged(Boolean privileged)Run container in privileged mode.ContainerSecurityContext.BuilderreadOnlyRootFilesystem(Boolean readOnlyRootFilesystem)Whether this container has a read-only root filesystem.ContainerSecurityContext.Builderuser(Number user)The UID to run the entrypoint of the container process.
-
-
-
Method Detail
-
create
@Stability(Stable) public static ContainerSecurityContext.Builder create()
- Returns:
- a new instance of
ContainerSecurityContext.Builder.
-
ensureNonRoot
@Stability(Stable) public ContainerSecurityContext.Builder ensureNonRoot(Boolean ensureNonRoot)
Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Default: false
- Parameters:
ensureNonRoot- Indicates that the container must run as a non-root user. This parameter is required.- Returns:
this
-
group
@Stability(Stable) public ContainerSecurityContext.Builder group(Number group)
The GID to run the entrypoint of the container process.Default: - 26000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.
- Parameters:
group- The GID to run the entrypoint of the container process. This parameter is required.- Returns:
this
-
privileged
@Stability(Stable) public ContainerSecurityContext.Builder privileged(Boolean privileged)
Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.
Default: false
- Parameters:
privileged- Run container in privileged mode. This parameter is required.- Returns:
this
-
readOnlyRootFilesystem
@Stability(Stable) public ContainerSecurityContext.Builder readOnlyRootFilesystem(Boolean readOnlyRootFilesystem)
Whether this container has a read-only root filesystem.Default: false
- Parameters:
readOnlyRootFilesystem- Whether this container has a read-only root filesystem. This parameter is required.- Returns:
this
-
user
@Stability(Stable) public ContainerSecurityContext.Builder user(Number user)
The UID to run the entrypoint of the container process.Default: - 25000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.
- Parameters:
user- The UID to run the entrypoint of the container process. This parameter is required.- Returns:
this
-
build
@Stability(Stable) public ContainerSecurityContext build()
- Specified by:
buildin interfacesoftware.amazon.jsii.Builder<ContainerSecurityContext>
-
-