-
Notifications
You must be signed in to change notification settings - Fork 1
/
PodSecurityContextProps.go
39 lines (36 loc) · 1.64 KB
/
PodSecurityContextProps.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
package cdk8splus29
// Properties for `PodSecurityContext`.
type PodSecurityContextProps struct {
// Indicates that the container must run as a non-root user.
//
// If true, the Kubelet will validate the image at runtime to ensure that it does
// not run as UID 0 (root) and fail to start the container if it does.
// Default: true.
//
EnsureNonRoot *bool `field:"optional" json:"ensureNonRoot" yaml:"ensureNonRoot"`
// Modify the ownership and permissions of pod volumes to this GID.
// Default: - Volume ownership is not changed.
//
FsGroup *float64 `field:"optional" json:"fsGroup" yaml:"fsGroup"`
// Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.
//
// This field will only apply to volume types which support fsGroup based ownership(and permissions).
// It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
// Default: FsGroupChangePolicy.ALWAYS
//
FsGroupChangePolicy FsGroupChangePolicy `field:"optional" json:"fsGroupChangePolicy" yaml:"fsGroupChangePolicy"`
// The GID to run the entrypoint of the container process.
// Default: - Group configured by container runtime.
//
Group *float64 `field:"optional" json:"group" yaml:"group"`
// Sysctls hold a list of namespaced sysctls used for the pod.
//
// Pods with unsupported sysctls (by the container runtime) might fail to launch.
// Default: - No sysctls.
//
Sysctls *[]*Sysctl `field:"optional" json:"sysctls" yaml:"sysctls"`
// The UID to run the entrypoint of the container process.
// Default: - User specified in image metadata.
//
User *float64 `field:"optional" json:"user" yaml:"user"`
}