github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2026-02-21 23:53:16 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
client-go/applyconfigurations/core/v1/securitycontext.go
Henrik Schmidt 422ded29ea ./hack/update-codegen.sh 
Kubernetes-commit: 5e66bb69720189d83099e850e21cbedc667cdec7
2025-09-10 21:57:45 +02:00

201 lines
11 KiB
Go
Raw Permalink Blame History

/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by applyconfiguration-gen. DO NOT EDIT.
package v1
import (
corev1 "k8s.io/api/core/v1"
)
// SecurityContextApplyConfiguration represents a declarative configuration of the SecurityContext type for use
// with apply.
//
// SecurityContext holds security configuration that will be applied to a container.
// Some fields are present in both SecurityContext and PodSecurityContext. When both
// are set, the values in SecurityContext take precedence.
type SecurityContextApplyConfiguration struct {
// The capabilities to add/drop when running containers.
// Defaults to the default set of capabilities granted by the container runtime.
// Note that this field cannot be set when spec.os.name is windows.
Capabilities *CapabilitiesApplyConfiguration `json:"capabilities,omitempty"`
// Run container in privileged mode.
// Processes in privileged containers are essentially equivalent to root on the host.
// Defaults to false.
// Note that this field cannot be set when spec.os.name is windows.
Privileged *bool `json:"privileged,omitempty"`
// The SELinux context to be applied to the container.
// If unspecified, the container runtime will allocate a random SELinux context for each
// container. May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions *SELinuxOptionsApplyConfiguration `json:"seLinuxOptions,omitempty"`
// The Windows specific settings applied to all containers.
// If unspecified, the options from the PodSecurityContext will be used.
// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is linux.
WindowsOptions *WindowsSecurityContextOptionsApplyConfiguration `json:"windowsOptions,omitempty"`
// The UID to run the entrypoint of the container process.
// Defaults to user specified in image metadata if unspecified.
// May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is windows.
RunAsUser *int64 `json:"runAsUser,omitempty"`
// The GID to run the entrypoint of the container process.
// Uses runtime default if unset.
// May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is windows.
RunAsGroup *int64 `json:"runAsGroup,omitempty"`
// Indicates that the container must run as a non-root user.
// If true, the Kubelet will validate the image at runtime to ensure that it
// does not run as UID 0 (root) and fail to start the container if it does.
// If unset or false, no such validation will be performed.
// May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"`
// Whether this container has a read-only root filesystem.
// Default is false.
// Note that this field cannot be set when spec.os.name is windows.
ReadOnlyRootFilesystem *bool `json:"readOnlyRootFilesystem,omitempty"`
// AllowPrivilegeEscalation controls whether a process can gain more
// privileges than its parent process. This bool directly controls if
// the no_new_privs flag will be set on the container process.
// AllowPrivilegeEscalation is true always when the container is:
// 1) run as Privileged
// 2) has CAP_SYS_ADMIN
// Note that this field cannot be set when spec.os.name is windows.
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty"`
// procMount denotes the type of proc mount to use for the containers.
// The default value is Default which uses the container runtime defaults for
// readonly paths and masked paths.
// This requires the ProcMountType feature flag to be enabled.
// Note that this field cannot be set when spec.os.name is windows.
ProcMount *corev1.ProcMountType `json:"procMount,omitempty"`
// The seccomp options to use by this container. If seccomp options are
// provided at both the pod & container level, the container options
// override the pod options.
// Note that this field cannot be set when spec.os.name is windows.
SeccompProfile *SeccompProfileApplyConfiguration `json:"seccompProfile,omitempty"`
// appArmorProfile is the AppArmor options to use by this container. If set, this profile
// overrides the pod's appArmorProfile.
// Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile *AppArmorProfileApplyConfiguration `json:"appArmorProfile,omitempty"`
}
// SecurityContextApplyConfiguration constructs a declarative configuration of the SecurityContext type for use with
// apply.
func SecurityContext() *SecurityContextApplyConfiguration {
return &SecurityContextApplyConfiguration{}
}
// WithCapabilities sets the Capabilities field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Capabilities field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithCapabilities(value *CapabilitiesApplyConfiguration) *SecurityContextApplyConfiguration {
b.Capabilities = value
return b
}
// WithPrivileged sets the Privileged field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Privileged field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithPrivileged(value bool) *SecurityContextApplyConfiguration {
b.Privileged = &value
return b
}
// WithSELinuxOptions sets the SELinuxOptions field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SELinuxOptions field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithSELinuxOptions(value *SELinuxOptionsApplyConfiguration) *SecurityContextApplyConfiguration {
b.SELinuxOptions = value
return b
}
// WithWindowsOptions sets the WindowsOptions field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the WindowsOptions field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithWindowsOptions(value *WindowsSecurityContextOptionsApplyConfiguration) *SecurityContextApplyConfiguration {
b.WindowsOptions = value
return b
}
// WithRunAsUser sets the RunAsUser field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RunAsUser field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithRunAsUser(value int64) *SecurityContextApplyConfiguration {
b.RunAsUser = &value
return b
}
// WithRunAsGroup sets the RunAsGroup field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RunAsGroup field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithRunAsGroup(value int64) *SecurityContextApplyConfiguration {
b.RunAsGroup = &value
return b
}
// WithRunAsNonRoot sets the RunAsNonRoot field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the RunAsNonRoot field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithRunAsNonRoot(value bool) *SecurityContextApplyConfiguration {
b.RunAsNonRoot = &value
return b
}
// WithReadOnlyRootFilesystem sets the ReadOnlyRootFilesystem field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ReadOnlyRootFilesystem field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithReadOnlyRootFilesystem(value bool) *SecurityContextApplyConfiguration {
b.ReadOnlyRootFilesystem = &value
return b
}
// WithAllowPrivilegeEscalation sets the AllowPrivilegeEscalation field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the AllowPrivilegeEscalation field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithAllowPrivilegeEscalation(value bool) *SecurityContextApplyConfiguration {
b.AllowPrivilegeEscalation = &value
return b
}
// WithProcMount sets the ProcMount field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ProcMount field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithProcMount(value corev1.ProcMountType) *SecurityContextApplyConfiguration {
b.ProcMount = &value
return b
}
// WithSeccompProfile sets the SeccompProfile field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the SeccompProfile field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithSeccompProfile(value *SeccompProfileApplyConfiguration) *SecurityContextApplyConfiguration {
b.SeccompProfile = value
return b
}
// WithAppArmorProfile sets the AppArmorProfile field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the AppArmorProfile field is set to the value of the last call.
func (b *SecurityContextApplyConfiguration) WithAppArmorProfile(value *AppArmorProfileApplyConfiguration) *SecurityContextApplyConfiguration {
b.AppArmorProfile = value
return b
}
Reference in New Issue View Git Blame Copy Permalink