/// <summary>
/// Initializes a new instance of the V1PodSecurityContext class.
/// </summary>
/// <param name="fsGroup">A special supplemental group that applies to
/// all containers in a pod. Some volume types allow the Kubelet to
/// change the ownership of that volume to be owned by the pod:
///
/// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new
/// files created in the volume will be owned by FSGroup) 3. The
/// permission bits are OR'd with rw-rw----
///
/// If unset, the Kubelet will not modify the ownership and permissions
/// of any volume.</param>
/// <param name="runAsNonRoot">Indicates that the container must run as
/// a non-root user. If true, the Kubelet will validate the image at
/// runtime to ensure that it does not run as UID 0 (root) and fail to
/// start the container if it does. If unset or false, no such
/// validation will be performed. May also be set in SecurityContext.
/// If set in both SecurityContext and PodSecurityContext, the value
/// specified in SecurityContext takes precedence.</param>
/// <param name="runAsUser">The UID to run the entrypoint of the
/// container process. Defaults to user specified in image metadata if
/// unspecified. May also be set in SecurityContext. If set in both
/// SecurityContext and PodSecurityContext, the value specified in
/// SecurityContext takes precedence for that container.</param>
/// <param name="seLinuxOptions">The SELinux context to be applied to
/// all containers. If unspecified, the container runtime will allocate
/// a random SELinux context for each container. May also be set in
/// SecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence for that container.</param>
/// <param name="supplementalGroups">A list of groups applied to the
/// first process run in each container, in addition to the container's
/// primary GID. If unspecified, no groups will be added to any
/// container.</param>
public V1PodSecurityContext(long?fsGroup = default(long?), bool?runAsNonRoot = default(bool?), long?runAsUser = default(long?), V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions), IList <long?> supplementalGroups = default(IList <long?>))
{
FsGroup = fsGroup;
RunAsNonRoot = runAsNonRoot;
RunAsUser = runAsUser;
SeLinuxOptions = seLinuxOptions;
SupplementalGroups = supplementalGroups;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the V1SecurityContext class.
/// </summary>
/// <param name="allowPrivilegeEscalation">AllowPrivilegeEscalation
/// controls whether a process can gain more privileges than its parent
/// process. This bool directly controls if the no_new_privs flag will
/// be set on the container process. AllowPrivilegeEscalation is true
/// always when the container is: 1) run as Privileged 2) has
/// CAP_SYS_ADMIN</param>
/// <param name="capabilities">The capabilities to add/drop when
/// running containers. Defaults to the default set of capabilities
/// granted by the container runtime.</param>
/// <param name="privileged">Run container in privileged mode.
/// Processes in privileged containers are essentially equivalent to
/// root on the host. Defaults to false.</param>
/// <param name="readOnlyRootFilesystem">Whether this container has a
/// read-only root filesystem. Default is false.</param>
/// <param name="runAsNonRoot">Indicates that the container must run as
/// a non-root user. If true, the Kubelet will validate the image at
/// runtime to ensure that it does not run as UID 0 (root) and fail to
/// start the container if it does. If unset or false, no such
/// validation will be performed. May also be set in
/// PodSecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence.</param>
/// <param name="runAsUser">The UID to run the entrypoint of the
/// container process. Defaults to user specified in image metadata if
/// unspecified. May also be set in PodSecurityContext. If set in both
/// SecurityContext and PodSecurityContext, the value specified in
/// SecurityContext takes precedence.</param>
/// <param name="seLinuxOptions">The SELinux context to be applied to
/// the container. If unspecified, the container runtime will allocate
/// a random SELinux context for each container. May also be set in
/// PodSecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence.</param>
public V1SecurityContext(bool?allowPrivilegeEscalation = default(bool?), V1Capabilities capabilities = default(V1Capabilities), bool?privileged = default(bool?), bool?readOnlyRootFilesystem = default(bool?), bool?runAsNonRoot = default(bool?), long?runAsUser = default(long?), V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions))
{
AllowPrivilegeEscalation = allowPrivilegeEscalation;
Capabilities = capabilities;
Privileged = privileged;
ReadOnlyRootFilesystem = readOnlyRootFilesystem;
RunAsNonRoot = runAsNonRoot;
RunAsUser = runAsUser;
SeLinuxOptions = seLinuxOptions;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the V1PodSecurityContext class.
/// </summary>
/// <param name="fsGroup">A special supplemental group that applies to
/// all containers in a pod. Some volume types allow the Kubelet to
/// change the ownership of that volume to be owned by the pod:
///
/// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new
/// files created in the volume will be owned by FSGroup) 3. The
/// permission bits are OR'd with rw-rw----
///
/// If unset, the Kubelet will not modify the ownership and permissions
/// of any volume.</param>
/// <param name="fsGroupChangePolicy">fsGroupChangePolicy defines
/// behavior of changing ownership and permission of the volume before
/// being exposed inside Pod. This field will only apply to volume
/// types which support fsGroup based ownership(and permissions). It
/// will have no effect on ephemeral volume types such as: secret,
/// configmaps and emptydir. Valid values are "OnRootMismatch" and
/// "Always". If not specified defaults to "Always".</param>
/// <param name="runAsGroup">The GID to run the entrypoint of the
/// container process. Uses runtime default if unset. May also be set
/// in SecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence for that container.</param>
/// <param name="runAsNonRoot">Indicates that the container must run as
/// a non-root user. If true, the Kubelet will validate the image at
/// runtime to ensure that it does not run as UID 0 (root) and fail to
/// start the container if it does. If unset or false, no such
/// validation will be performed. May also be set in SecurityContext.
/// If set in both SecurityContext and PodSecurityContext, the value
/// specified in SecurityContext takes precedence.</param>
/// <param name="runAsUser">The UID to run the entrypoint of the
/// container process. Defaults to user specified in image metadata if
/// unspecified. May also be set in SecurityContext. If set in both
/// SecurityContext and PodSecurityContext, the value specified in
/// SecurityContext takes precedence for that container.</param>
/// <param name="seLinuxOptions">The SELinux context to be applied to
/// all containers. If unspecified, the container runtime will allocate
/// a random SELinux context for each container. May also be set in
/// SecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence for that container.</param>
/// <param name="supplementalGroups">A list of groups applied to the
/// first process run in each container, in addition to the container's
/// primary GID. If unspecified, no groups will be added to any
/// container.</param>
/// <param name="sysctls">Sysctls hold a list of namespaced sysctls
/// used for the pod. Pods with unsupported sysctls (by the container
/// runtime) might fail to launch.</param>
/// <param name="windowsOptions">The Windows specific settings applied
/// to all containers. If unspecified, the options within a container's
/// SecurityContext will be used. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence.</param>
public V1PodSecurityContext(long?fsGroup = default(long?), string fsGroupChangePolicy = default(string), long?runAsGroup = default(long?), bool?runAsNonRoot = default(bool?), long?runAsUser = default(long?), V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions), IList <long?> supplementalGroups = default(IList <long?>), IList <V1Sysctl> sysctls = default(IList <V1Sysctl>), V1WindowsSecurityContextOptions windowsOptions = default(V1WindowsSecurityContextOptions))
{
FsGroup = fsGroup;
FsGroupChangePolicy = fsGroupChangePolicy;
RunAsGroup = runAsGroup;
RunAsNonRoot = runAsNonRoot;
RunAsUser = runAsUser;
SeLinuxOptions = seLinuxOptions;
SupplementalGroups = supplementalGroups;
Sysctls = sysctls;
WindowsOptions = windowsOptions;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the V1SecurityContext class.
/// </summary>
/// <param name="allowPrivilegeEscalation">AllowPrivilegeEscalation
/// controls whether a process can gain more privileges than its parent
/// process. This bool directly controls if the no_new_privs flag will
/// be set on the container process. AllowPrivilegeEscalation is true
/// always when the container is: 1) run as Privileged 2) has
/// CAP_SYS_ADMIN</param>
/// <param name="capabilities">The capabilities to add/drop when
/// running containers. Defaults to the default set of capabilities
/// granted by the container runtime.</param>
/// <param name="privileged">Run container in privileged mode.
/// Processes in privileged containers are essentially equivalent to
/// root on the host. Defaults to false.</param>
/// <param name="procMount">procMount denotes the type of proc mount to
/// use for the containers. The default is DefaultProcMount which uses
/// the container runtime defaults for readonly paths and masked paths.
/// This requires the ProcMountType feature flag to be enabled.</param>
/// <param name="readOnlyRootFilesystem">Whether this container has a
/// read-only root filesystem. Default is false.</param>
/// <param name="runAsGroup">The GID to run the entrypoint of the
/// container process. Uses runtime default if unset. May also be set
/// in PodSecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence.</param>
/// <param name="runAsNonRoot">Indicates that the container must run as
/// a non-root user. If true, the Kubelet will validate the image at
/// runtime to ensure that it does not run as UID 0 (root) and fail to
/// start the container if it does. If unset or false, no such
/// validation will be performed. May also be set in
/// PodSecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence.</param>
/// <param name="runAsUser">The UID to run the entrypoint of the
/// container process. Defaults to user specified in image metadata if
/// unspecified. May also be set in PodSecurityContext. If set in both
/// SecurityContext and PodSecurityContext, the value specified in
/// SecurityContext takes precedence.</param>
/// <param name="seLinuxOptions">The SELinux context to be applied to
/// the container. If unspecified, the container runtime will allocate
/// a random SELinux context for each container. May also be set in
/// PodSecurityContext. If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes
/// precedence.</param>
/// <param name="windowsOptions">Windows security options.</param>
public V1SecurityContext(bool?allowPrivilegeEscalation = default(bool?), V1Capabilities capabilities = default(V1Capabilities), bool?privileged = default(bool?), string procMount = default(string), bool?readOnlyRootFilesystem = default(bool?), long?runAsGroup = default(long?), bool?runAsNonRoot = default(bool?), long?runAsUser = default(long?), V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions), V1WindowsSecurityContextOptions windowsOptions = default(V1WindowsSecurityContextOptions))
{
AllowPrivilegeEscalation = allowPrivilegeEscalation;
Capabilities = capabilities;
Privileged = privileged;
ProcMount = procMount;
ReadOnlyRootFilesystem = readOnlyRootFilesystem;
RunAsGroup = runAsGroup;
RunAsNonRoot = runAsNonRoot;
RunAsUser = runAsUser;
SeLinuxOptions = seLinuxOptions;
WindowsOptions = windowsOptions;
CustomInit();
}
/// <summary>
/// Initializes a new instance of the
/// Extensionsv1beta1SELinuxStrategyOptions class.
/// </summary>
/// <param name="rule">type is the strategy that will dictate the
/// allowable labels that may be set.</param>
/// <param name="seLinuxOptions">seLinuxOptions required to run as;
/// required for MustRunAs More info:
/// https://kubernetes.io/docs/tasks/configure-pod-container/security-context/</param>
public Extensionsv1beta1SELinuxStrategyOptions(string rule, V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions))
{
Rule = rule;
SeLinuxOptions = seLinuxOptions;
CustomInit();
}
