Class: Aws::Batch::Types::EksContainerSecurityContext

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-batch/types.rb

Overview

The security context for a job. For more information, see [Configure a security context for a pod or container] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/tasks/configure-pod-container/security-context/

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#allow_privilege_escalationBoolean

Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is ‘false`.

Returns:

  • (Boolean)


3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
# File 'lib/aws-sdk-batch/types.rb', line 3964

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#privilegedBoolean

When this parameter is ‘true`, the container is given elevated permissions on the host container instance. The level of permissions are similar to the `root` user permissions. The default value is `false`. This parameter maps to `privileged` policy in the

Privileged pod security policies][1

in the *Kubernetes

documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#privileged

Returns:

  • (Boolean)


3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
# File 'lib/aws-sdk-batch/types.rb', line 3964

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#read_only_root_filesystemBoolean

When this parameter is ‘true`, the container is given read-only access to its root file system. The default value is `false`. This parameter maps to `ReadOnlyRootFilesystem` policy in the [Volumes and file systems pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems

Returns:

  • (Boolean)


3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
# File 'lib/aws-sdk-batch/types.rb', line 3964

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_groupInteger

When this parameter is specified, the container is run as the specified group ID (‘gid`). If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to ‘RunAsGroup` and `MustRunAs` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

  • (Integer)


3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
# File 'lib/aws-sdk-batch/types.rb', line 3964

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_non_rootBoolean

When this parameter is specified, the container is run as a user with a ‘uid` other than 0. If this parameter isn’t specified, so such rule is enforced. This parameter maps to ‘RunAsUser` and `MustRunAsNonRoot` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

  • (Boolean)


3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
# File 'lib/aws-sdk-batch/types.rb', line 3964

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_userInteger

When this parameter is specified, the container is run as the specified user ID (‘uid`). If this parameter isn’t specified, the default is the user that’s specified in the image metadata. This parameter maps to ‘RunAsUser` and `MustRanAs` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

  • (Integer)


3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
# File 'lib/aws-sdk-batch/types.rb', line 3964

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end