Package org.cdk8s.plus25
Interface ContainerSecurityContextProps
-
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
ContainerSecurityContextProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.88.0 (build eaabd08)", date="2023-09-11T06:17:58.218Z") @Stability(Stable) public interface ContainerSecurityContextProps extends software.amazon.jsii.JsiiSerializable
Properties forContainerSecurityContext.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static classContainerSecurityContextProps.BuilderA builder forContainerSecurityContextPropsstatic classContainerSecurityContextProps.Jsii$ProxyAn implementation forContainerSecurityContextProps
-
Method Summary
All Methods Static Methods Instance Methods Default Methods Modifier and Type Method Description static ContainerSecurityContextProps.Builderbuilder()default BooleangetAllowPrivilegeEscalation()Whether a process can gain more privileges than its parent process.default BooleangetEnsureNonRoot()Indicates that the container must run as a non-root user.default NumbergetGroup()The GID to run the entrypoint of the container process.default BooleangetPrivileged()Run container in privileged mode.default BooleangetReadOnlyRootFilesystem()Whether this container has a read-only root filesystem.default NumbergetUser()The UID to run the entrypoint of the container process.
-
-
-
Method Detail
-
getAllowPrivilegeEscalation
@Stability(Stable) @Nullable default Boolean getAllowPrivilegeEscalation()
Whether a process can gain more privileges than its parent process.Default: false
-
getEnsureNonRoot
@Stability(Stable) @Nullable default Boolean getEnsureNonRoot()
Indicates that the container must run as a non-root user.If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Default: true
-
getGroup
@Stability(Stable) @Nullable default Number getGroup()
The GID to run the entrypoint of the container process.Default: - 26000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.
-
getPrivileged
@Stability(Stable) @Nullable default Boolean getPrivileged()
Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.
Default: false
-
getReadOnlyRootFilesystem
@Stability(Stable) @Nullable default Boolean getReadOnlyRootFilesystem()
Whether this container has a read-only root filesystem.Default: true
-
getUser
@Stability(Stable) @Nullable default Number getUser()
The UID to run the entrypoint of the container process.Default: - 25000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.
-
builder
@Stability(Stable) static ContainerSecurityContextProps.Builder builder()
-
-