io.kubernetes.client.proto

Class V1.SecurityContext.Builder

java.lang.Object

com.google.protobuf.AbstractMessageLite.Builder

com.google.protobuf.AbstractMessage.Builder<BuilderType>

com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

io.kubernetes.client.proto.V1.SecurityContext.Builder

All Implemented Interfaces:

com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, V1.SecurityContextOrBuilder, Cloneable

Enclosing class:

V1.SecurityContext

public static final class V1.SecurityContext.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>
implements V1.SecurityContextOrBuilder

 SecurityContext holds security configuration that will be applied to a container.
 Some fields are present in both SecurityContext and PodSecurityContext.  When both
 are set, the values in SecurityContext take precedence.
 

Protobuf type k8s.io.api.core.v1.SecurityContext

Method Summary

Modifier and Type	Method and Description
V1.SecurityContext.Builder	addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
V1.SecurityContext	build()
V1.SecurityContext	buildPartial()
V1.SecurityContext.Builder	clear()
V1.SecurityContext.Builder	clearAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
V1.SecurityContext.Builder	clearCapabilities() The capabilities to add/drop when running containers.
V1.SecurityContext.Builder	clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
V1.SecurityContext.Builder	clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
V1.SecurityContext.Builder	clearPrivileged() Run container in privileged mode.
V1.SecurityContext.Builder	clearProcMount() procMount denotes the type of proc mount to use for the containers.
V1.SecurityContext.Builder	clearReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
V1.SecurityContext.Builder	clearRunAsGroup() The GID to run the entrypoint of the container process.
V1.SecurityContext.Builder	clearRunAsNonRoot() Indicates that the container must run as a non-root user.
V1.SecurityContext.Builder	clearRunAsUser() The UID to run the entrypoint of the container process.
V1.SecurityContext.Builder	clearSeLinuxOptions() The SELinux context to be applied to the container.
V1.SecurityContext.Builder	clone()
boolean	getAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
V1.Capabilities	getCapabilities() The capabilities to add/drop when running containers.
V1.Capabilities.Builder	getCapabilitiesBuilder() The capabilities to add/drop when running containers.
V1.CapabilitiesOrBuilder	getCapabilitiesOrBuilder() The capabilities to add/drop when running containers.
V1.SecurityContext	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
com.google.protobuf.Descriptors.Descriptor	getDescriptorForType()
boolean	getPrivileged() Run container in privileged mode.
String	getProcMount() procMount denotes the type of proc mount to use for the containers.
com.google.protobuf.ByteString	getProcMountBytes() procMount denotes the type of proc mount to use for the containers.
boolean	getReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
long	getRunAsGroup() The GID to run the entrypoint of the container process.
boolean	getRunAsNonRoot() Indicates that the container must run as a non-root user.
long	getRunAsUser() The UID to run the entrypoint of the container process.
V1.SELinuxOptions	getSeLinuxOptions() The SELinux context to be applied to the container.
V1.SELinuxOptions.Builder	getSeLinuxOptionsBuilder() The SELinux context to be applied to the container.
V1.SELinuxOptionsOrBuilder	getSeLinuxOptionsOrBuilder() The SELinux context to be applied to the container.
boolean	hasAllowPrivilegeEscalation() AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
boolean	hasCapabilities() The capabilities to add/drop when running containers.
boolean	hasPrivileged() Run container in privileged mode.
boolean	hasProcMount() procMount denotes the type of proc mount to use for the containers.
boolean	hasReadOnlyRootFilesystem() Whether this container has a read-only root filesystem.
boolean	hasRunAsGroup() The GID to run the entrypoint of the container process.
boolean	hasRunAsNonRoot() Indicates that the container must run as a non-root user.
boolean	hasRunAsUser() The UID to run the entrypoint of the container process.
boolean	hasSeLinuxOptions() The SELinux context to be applied to the container.
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
boolean	isInitialized()
V1.SecurityContext.Builder	mergeCapabilities(V1.Capabilities value) The capabilities to add/drop when running containers.
V1.SecurityContext.Builder	mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
V1.SecurityContext.Builder	mergeFrom(com.google.protobuf.Message other)
V1.SecurityContext.Builder	mergeFrom(V1.SecurityContext other)
V1.SecurityContext.Builder	mergeSeLinuxOptions(V1.SELinuxOptions value) The SELinux context to be applied to the container.
V1.SecurityContext.Builder	mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
V1.SecurityContext.Builder	setAllowPrivilegeEscalation(boolean value) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process.
V1.SecurityContext.Builder	setCapabilities(V1.Capabilities.Builder builderForValue) The capabilities to add/drop when running containers.
V1.SecurityContext.Builder	setCapabilities(V1.Capabilities value) The capabilities to add/drop when running containers.
V1.SecurityContext.Builder	setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
V1.SecurityContext.Builder	setPrivileged(boolean value) Run container in privileged mode.
V1.SecurityContext.Builder	setProcMount(String value) procMount denotes the type of proc mount to use for the containers.
V1.SecurityContext.Builder	setProcMountBytes(com.google.protobuf.ByteString value) procMount denotes the type of proc mount to use for the containers.
V1.SecurityContext.Builder	setReadOnlyRootFilesystem(boolean value) Whether this container has a read-only root filesystem.
V1.SecurityContext.Builder	setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
V1.SecurityContext.Builder	setRunAsGroup(long value) The GID to run the entrypoint of the container process.
V1.SecurityContext.Builder	setRunAsNonRoot(boolean value) Indicates that the container must run as a non-root user.
V1.SecurityContext.Builder	setRunAsUser(long value) The UID to run the entrypoint of the container process.
V1.SecurityContext.Builder	setSeLinuxOptions(V1.SELinuxOptions.Builder builderForValue) The SELinux context to be applied to the container.
V1.SecurityContext.Builder	setSeLinuxOptions(V1.SELinuxOptions value) The SELinux context to be applied to the container.
V1.SecurityContext.Builder	setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Methods inherited from class com.google.protobuf.GeneratedMessageV3.Builder

getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, newBuilderForField, onBuilt, onChanged, setUnknownFieldsProto3

Methods inherited from class com.google.protobuf.AbstractMessage.Builder

findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder

addAll, addAll, mergeFrom, newUninitializedMessageException

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite.Builder

mergeFrom

Method Detail

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

clear

public V1.SecurityContext.Builder clear()

Specified by:

clear in interface com.google.protobuf.Message.Builder

Specified by:

clear in interface com.google.protobuf.MessageLite.Builder

Overrides:

clear in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

getDescriptorForType

public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()

Specified by:

getDescriptorForType in interface com.google.protobuf.Message.Builder

Specified by:

getDescriptorForType in interface com.google.protobuf.MessageOrBuilder

Overrides:

getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

getDefaultInstanceForType

public V1.SecurityContext getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

build

public V1.SecurityContext build()

Specified by:

build in interface com.google.protobuf.Message.Builder

Specified by:

build in interface com.google.protobuf.MessageLite.Builder

buildPartial

public V1.SecurityContext buildPartial()

Specified by:

buildPartial in interface com.google.protobuf.Message.Builder

Specified by:

buildPartial in interface com.google.protobuf.MessageLite.Builder

clone

public V1.SecurityContext.Builder clone()

Specified by:

clone in interface com.google.protobuf.Message.Builder

Specified by:

clone in interface com.google.protobuf.MessageLite.Builder

Overrides:

clone in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

setField

public V1.SecurityContext.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                           Object value)

Specified by:

setField in interface com.google.protobuf.Message.Builder

Overrides:

setField in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

clearField

public V1.SecurityContext.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)

Specified by:

clearField in interface com.google.protobuf.Message.Builder

Overrides:

clearField in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

clearOneof

public V1.SecurityContext.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)

Specified by:

clearOneof in interface com.google.protobuf.Message.Builder

Overrides:

clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

setRepeatedField

public V1.SecurityContext.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                   int index,
                                                   Object value)

Specified by:

setRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

addRepeatedField

public V1.SecurityContext.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                   Object value)

Specified by:

addRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

mergeFrom

public V1.SecurityContext.Builder mergeFrom(com.google.protobuf.Message other)

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<V1.SecurityContext.Builder>

mergeFrom

public V1.SecurityContext.Builder mergeFrom(V1.SecurityContext other)

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

mergeFrom

public V1.SecurityContext.Builder mergeFrom(com.google.protobuf.CodedInputStream input,
                                            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                     throws IOException

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Specified by:

mergeFrom in interface com.google.protobuf.MessageLite.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<V1.SecurityContext.Builder>

Throws:

IOException

hasCapabilities

public boolean hasCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

Specified by:

hasCapabilities in interface V1.SecurityContextOrBuilder

getCapabilities

public V1.Capabilities getCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

Specified by:

getCapabilities in interface V1.SecurityContextOrBuilder

setCapabilities

public V1.SecurityContext.Builder setCapabilities(V1.Capabilities value)

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

setCapabilities

public V1.SecurityContext.Builder setCapabilities(V1.Capabilities.Builder builderForValue)

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

mergeCapabilities

public V1.SecurityContext.Builder mergeCapabilities(V1.Capabilities value)

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

clearCapabilities

public V1.SecurityContext.Builder clearCapabilities()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

getCapabilitiesBuilder

public V1.Capabilities.Builder getCapabilitiesBuilder()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

getCapabilitiesOrBuilder

public V1.CapabilitiesOrBuilder getCapabilitiesOrBuilder()

 The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 +optional
 

optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

Specified by:

getCapabilitiesOrBuilder in interface V1.SecurityContextOrBuilder

hasPrivileged

public boolean hasPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

Specified by:

hasPrivileged in interface V1.SecurityContextOrBuilder

getPrivileged

public boolean getPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

Specified by:

getPrivileged in interface V1.SecurityContextOrBuilder

setPrivileged

public V1.SecurityContext.Builder setPrivileged(boolean value)

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

clearPrivileged

public V1.SecurityContext.Builder clearPrivileged()

 Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 +optional
 

optional bool privileged = 2;

hasSeLinuxOptions

public boolean hasSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

Specified by:

hasSeLinuxOptions in interface V1.SecurityContextOrBuilder

getSeLinuxOptions

public V1.SELinuxOptions getSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

Specified by:

getSeLinuxOptions in interface V1.SecurityContextOrBuilder

setSeLinuxOptions

public V1.SecurityContext.Builder setSeLinuxOptions(V1.SELinuxOptions value)

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

setSeLinuxOptions

public V1.SecurityContext.Builder setSeLinuxOptions(V1.SELinuxOptions.Builder builderForValue)

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

mergeSeLinuxOptions

public V1.SecurityContext.Builder mergeSeLinuxOptions(V1.SELinuxOptions value)

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

clearSeLinuxOptions

public V1.SecurityContext.Builder clearSeLinuxOptions()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

getSeLinuxOptionsBuilder

public V1.SELinuxOptions.Builder getSeLinuxOptionsBuilder()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

getSeLinuxOptionsOrBuilder

public V1.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()

 The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

Specified by:

getSeLinuxOptionsOrBuilder in interface V1.SecurityContextOrBuilder

hasRunAsUser

public boolean hasRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

Specified by:

hasRunAsUser in interface V1.SecurityContextOrBuilder

getRunAsUser

public long getRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

Specified by:

getRunAsUser in interface V1.SecurityContextOrBuilder

setRunAsUser

public V1.SecurityContext.Builder setRunAsUser(long value)

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

clearRunAsUser

public V1.SecurityContext.Builder clearRunAsUser()

 The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsUser = 4;

hasRunAsGroup

public boolean hasRunAsGroup()

 The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsGroup = 8;

Specified by:

hasRunAsGroup in interface V1.SecurityContextOrBuilder

getRunAsGroup

public long getRunAsGroup()

 The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsGroup = 8;

Specified by:

getRunAsGroup in interface V1.SecurityContextOrBuilder

setRunAsGroup

public V1.SecurityContext.Builder setRunAsGroup(long value)

 The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsGroup = 8;

clearRunAsGroup

public V1.SecurityContext.Builder clearRunAsGroup()

 The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional int64 runAsGroup = 8;

hasRunAsNonRoot

public boolean hasRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

Specified by:

hasRunAsNonRoot in interface V1.SecurityContextOrBuilder

getRunAsNonRoot

public boolean getRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

Specified by:

getRunAsNonRoot in interface V1.SecurityContextOrBuilder

setRunAsNonRoot

public V1.SecurityContext.Builder setRunAsNonRoot(boolean value)

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

clearRunAsNonRoot

public V1.SecurityContext.Builder clearRunAsNonRoot()

 Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
 

optional bool runAsNonRoot = 5;

hasReadOnlyRootFilesystem

public boolean hasReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

Specified by:

hasReadOnlyRootFilesystem in interface V1.SecurityContextOrBuilder

getReadOnlyRootFilesystem

public boolean getReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

Specified by:

getReadOnlyRootFilesystem in interface V1.SecurityContextOrBuilder

setReadOnlyRootFilesystem

public V1.SecurityContext.Builder setReadOnlyRootFilesystem(boolean value)

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

clearReadOnlyRootFilesystem

public V1.SecurityContext.Builder clearReadOnlyRootFilesystem()

 Whether this container has a read-only root filesystem.
 Default is false.
 +optional
 

optional bool readOnlyRootFilesystem = 6;

hasAllowPrivilegeEscalation

public boolean hasAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

Specified by:

hasAllowPrivilegeEscalation in interface V1.SecurityContextOrBuilder

getAllowPrivilegeEscalation

public boolean getAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

Specified by:

getAllowPrivilegeEscalation in interface V1.SecurityContextOrBuilder

setAllowPrivilegeEscalation

public V1.SecurityContext.Builder setAllowPrivilegeEscalation(boolean value)

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

clearAllowPrivilegeEscalation

public V1.SecurityContext.Builder clearAllowPrivilegeEscalation()

 AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 +optional
 

optional bool allowPrivilegeEscalation = 7;

hasProcMount

public boolean hasProcMount()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

Specified by:

hasProcMount in interface V1.SecurityContextOrBuilder

getProcMount

public String getProcMount()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

Specified by:

getProcMount in interface V1.SecurityContextOrBuilder

getProcMountBytes

public com.google.protobuf.ByteString getProcMountBytes()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

Specified by:

getProcMountBytes in interface V1.SecurityContextOrBuilder

setProcMount

public V1.SecurityContext.Builder setProcMount(String value)

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

clearProcMount

public V1.SecurityContext.Builder clearProcMount()

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

setProcMountBytes

public V1.SecurityContext.Builder setProcMountBytes(com.google.protobuf.ByteString value)

 procMount denotes the type of proc mount to use for the containers.
 The default is DefaultProcMount which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 +optional
 

optional string procMount = 9;

setUnknownFields

public final V1.SecurityContext.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

setUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>

mergeUnknownFields

public final V1.SecurityContext.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

mergeUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<V1.SecurityContext.Builder>