Class: Aws::Batch::Types::EksContainerSecurityContext
- Inherits:
-
Struct
- Object
- Struct
- Aws::Batch::Types::EksContainerSecurityContext
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-batch/types.rb
Overview
The security context for a job. For more information, see [Configure a security context for a pod or container] in the *Kubernetes documentation*.
[1]: kubernetes.io/docs/tasks/configure-pod-container/security-context/
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#allow_privilege_escalation ⇒ Boolean
Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process.
-
#privileged ⇒ Boolean
When this parameter is ‘true`, the container is given elevated permissions on the host container instance.
-
#read_only_root_filesystem ⇒ Boolean
When this parameter is ‘true`, the container is given read-only access to its root file system.
-
#run_as_group ⇒ Integer
When this parameter is specified, the container is run as the specified group ID (‘gid`).
-
#run_as_non_root ⇒ Boolean
When this parameter is specified, the container is run as a user with a ‘uid` other than 0.
-
#run_as_user ⇒ Integer
When this parameter is specified, the container is run as the specified user ID (‘uid`).
Instance Attribute Details
#allow_privilege_escalation ⇒ Boolean
Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is ‘false`.
3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 |
# File 'lib/aws-sdk-batch/types.rb', line 3964 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#privileged ⇒ Boolean
When this parameter is ‘true`, the container is given elevated permissions on the host container instance. The level of permissions are similar to the `root` user permissions. The default value is `false`. This parameter maps to `privileged` policy in the
- Privileged pod security policies][1
-
in the *Kubernetes
documentation*.
[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#privileged
3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 |
# File 'lib/aws-sdk-batch/types.rb', line 3964 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#read_only_root_filesystem ⇒ Boolean
When this parameter is ‘true`, the container is given read-only access to its root file system. The default value is `false`. This parameter maps to `ReadOnlyRootFilesystem` policy in the [Volumes and file systems pod security policies] in the *Kubernetes documentation*.
[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems
3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 |
# File 'lib/aws-sdk-batch/types.rb', line 3964 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#run_as_group ⇒ Integer
When this parameter is specified, the container is run as the specified group ID (‘gid`). If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to ‘RunAsGroup` and `MustRunAs` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.
[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups
3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 |
# File 'lib/aws-sdk-batch/types.rb', line 3964 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#run_as_non_root ⇒ Boolean
When this parameter is specified, the container is run as a user with a ‘uid` other than 0. If this parameter isn’t specified, so such rule is enforced. This parameter maps to ‘RunAsUser` and `MustRunAsNonRoot` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.
[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups
3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 |
# File 'lib/aws-sdk-batch/types.rb', line 3964 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#run_as_user ⇒ Integer
When this parameter is specified, the container is run as the specified user ID (‘uid`). If this parameter isn’t specified, the default is the user that’s specified in the image metadata. This parameter maps to ‘RunAsUser` and `MustRanAs` policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.
[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups
3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 |
# File 'lib/aws-sdk-batch/types.rb', line 3964 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |