/// <summary> /// Initializes a new instance of the V1PodSecurityContext class. /// </summary> /// <param name="fsGroup">A special supplemental group that applies to /// all containers in a pod. Some volume types allow the Kubelet to /// change the ownership of that volume to be owned by the pod: /// /// 1. The owning GID will be the FSGroup 2. The setgid bit is set (new /// files created in the volume will be owned by FSGroup) 3. The /// permission bits are OR'd with rw-rw---- /// /// If unset, the Kubelet will not modify the ownership and permissions /// of any volume.</param> /// <param name="runAsGroup">The GID to run the entrypoint of the /// container process. Uses runtime default if unset. May also be set /// in SecurityContext. If set in both SecurityContext and /// PodSecurityContext, the value specified in SecurityContext takes /// precedence for that container.</param> /// <param name="runAsNonRoot">Indicates that the container must run as /// a non-root user. If true, the Kubelet will validate the image at /// runtime to ensure that it does not run as UID 0 (root) and fail to /// start the container if it does. If unset or false, no such /// validation will be performed. May also be set in SecurityContext. /// If set in both SecurityContext and PodSecurityContext, the value /// specified in SecurityContext takes precedence.</param> /// <param name="runAsUser">The UID to run the entrypoint of the /// container process. Defaults to user specified in image metadata if /// unspecified. May also be set in SecurityContext. If set in both /// SecurityContext and PodSecurityContext, the value specified in /// SecurityContext takes precedence for that container.</param> /// <param name="seLinuxOptions">The SELinux context to be applied to /// all containers. If unspecified, the container runtime will allocate /// a random SELinux context for each container. May also be set in /// SecurityContext. If set in both SecurityContext and /// PodSecurityContext, the value specified in SecurityContext takes /// precedence for that container.</param> /// <param name="supplementalGroups">A list of groups applied to the /// first process run in each container, in addition to the container's /// primary GID. If unspecified, no groups will be added to any /// container.</param> /// <param name="sysctls">Sysctls hold a list of namespaced sysctls /// used for the pod. Pods with unsupported sysctls (by the container /// runtime) might fail to launch.</param> /// <param name="windowsOptions">The Windows specific settings applied /// to all containers. If unspecified, the options within a container's /// SecurityContext will be used. If set in both SecurityContext and /// PodSecurityContext, the value specified in SecurityContext takes /// precedence.</param> public V1PodSecurityContext(long?fsGroup = default(long?), long?runAsGroup = default(long?), bool?runAsNonRoot = default(bool?), long?runAsUser = default(long?), V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions), IList <long?> supplementalGroups = default(IList <long?>), IList <V1Sysctl> sysctls = default(IList <V1Sysctl>), V1WindowsSecurityContextOptions windowsOptions = default(V1WindowsSecurityContextOptions)) { FsGroup = fsGroup; RunAsGroup = runAsGroup; RunAsNonRoot = runAsNonRoot; RunAsUser = runAsUser; SeLinuxOptions = seLinuxOptions; SupplementalGroups = supplementalGroups; Sysctls = sysctls; WindowsOptions = windowsOptions; CustomInit(); }
/// <summary> /// Initializes a new instance of the V1SecurityContext class. /// </summary> /// <param name="allowPrivilegeEscalation">AllowPrivilegeEscalation /// controls whether a process can gain more privileges than its parent /// process. This bool directly controls if the no_new_privs flag will /// be set on the container process. AllowPrivilegeEscalation is true /// always when the container is: 1) run as Privileged 2) has /// CAP_SYS_ADMIN</param> /// <param name="capabilities">The capabilities to add/drop when /// running containers. Defaults to the default set of capabilities /// granted by the container runtime.</param> /// <param name="privileged">Run container in privileged mode. /// Processes in privileged containers are essentially equivalent to /// root on the host. Defaults to false.</param> /// <param name="procMount">procMount denotes the type of proc mount to /// use for the containers. The default is DefaultProcMount which uses /// the container runtime defaults for readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled.</param> /// <param name="readOnlyRootFilesystem">Whether this container has a /// read-only root filesystem. Default is false.</param> /// <param name="runAsGroup">The GID to run the entrypoint of the /// container process. Uses runtime default if unset. May also be set /// in PodSecurityContext. If set in both SecurityContext and /// PodSecurityContext, the value specified in SecurityContext takes /// precedence.</param> /// <param name="runAsNonRoot">Indicates that the container must run as /// a non-root user. If true, the Kubelet will validate the image at /// runtime to ensure that it does not run as UID 0 (root) and fail to /// start the container if it does. If unset or false, no such /// validation will be performed. May also be set in /// PodSecurityContext. If set in both SecurityContext and /// PodSecurityContext, the value specified in SecurityContext takes /// precedence.</param> /// <param name="runAsUser">The UID to run the entrypoint of the /// container process. Defaults to user specified in image metadata if /// unspecified. May also be set in PodSecurityContext. If set in both /// SecurityContext and PodSecurityContext, the value specified in /// SecurityContext takes precedence.</param> /// <param name="seLinuxOptions">The SELinux context to be applied to /// the container. If unspecified, the container runtime will allocate /// a random SELinux context for each container. May also be set in /// PodSecurityContext. If set in both SecurityContext and /// PodSecurityContext, the value specified in SecurityContext takes /// precedence.</param> /// <param name="windowsOptions">Windows security options.</param> public V1SecurityContext(bool?allowPrivilegeEscalation = default(bool?), V1Capabilities capabilities = default(V1Capabilities), bool?privileged = default(bool?), string procMount = default(string), bool?readOnlyRootFilesystem = default(bool?), long?runAsGroup = default(long?), bool?runAsNonRoot = default(bool?), long?runAsUser = default(long?), V1SELinuxOptions seLinuxOptions = default(V1SELinuxOptions), V1WindowsSecurityContextOptions windowsOptions = default(V1WindowsSecurityContextOptions)) { AllowPrivilegeEscalation = allowPrivilegeEscalation; Capabilities = capabilities; Privileged = privileged; ProcMount = procMount; ReadOnlyRootFilesystem = readOnlyRootFilesystem; RunAsGroup = runAsGroup; RunAsNonRoot = runAsNonRoot; RunAsUser = runAsUser; SeLinuxOptions = seLinuxOptions; WindowsOptions = windowsOptions; CustomInit(); }