Class: Aws::Batch::Types::EksContainerSecurityContext

Inherits:

Struct

• Object
• Struct
• Aws::Batch::Types::EksContainerSecurityContext

Includes:

Structure

Defined in:

lib/aws-sdk-batch/types.rb

Overview

The security context for a job. For more information, see [Configure a security context for a pod or container] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/tasks/configure-pod-container/security-context/

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #allow_privilege_escalation ⇒ Boolean

  Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process.

• #privileged ⇒ Boolean

  When this parameter is ‘true`, the container is given elevated permissions on the host container instance.

• #read_only_root_filesystem ⇒ Boolean

  When this parameter is ‘true`, the container is given read-only access to its root file system.

• #run_as_group ⇒ Integer

  When this parameter is specified, the container is run as the specified group ID (‘gid`).

• #run_as_non_root ⇒ Boolean

  When this parameter is specified, the container is run as a user with a ‘uid` other than 0.

• #run_as_user ⇒ Integer

  When this parameter is specified, the container is run as the specified user ID (‘uid`).

Instance Attribute Details

#allow_privilege_escalation ⇒ Boolean

Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is ‘false`.

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 3943

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#privileged ⇒ Boolean

When this parameter is ‘true`, the container is given elevated permissions on the host container instance. The level of permissions are similar to the `root` user permissions. The default value is `false`. This parameter maps to `privileged` policy in the

Privileged pod security policies][1

in the *Kubernetes

documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#privileged

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 3943

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#read_only_root_filesystem ⇒ Boolean

When this parameter is ‘true`, the container is given read-only access to its root file system. The default value is `false`. This parameter maps to `ReadOnlyRootFilesystem` policy in the [Volumes and file systems pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 3943

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_group ⇒ Integer

When this parameter is specified, the container is run as the specified group ID (‘gid`). If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to ‘RunAsGroup` and `MustRunAs` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

• (Integer)

# File 'lib/aws-sdk-batch/types.rb', line 3943

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_non_root ⇒ Boolean

When this parameter is specified, the container is run as a user with a ‘uid` other than 0. If this parameter isn’t specified, so such rule is enforced. This parameter maps to ‘RunAsUser` and `MustRunAsNonRoot` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 3943

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_user ⇒ Integer

When this parameter is specified, the container is run as the specified user ID (‘uid`). If this parameter isn’t specified, the default is the user that’s specified in the image metadata. This parameter maps to ‘RunAsUser` and `MustRanAs` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

• (Integer)

# File 'lib/aws-sdk-batch/types.rb', line 3943

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end