Struct k8s_openapi::v1_7::kubernetes::pkg::api::v1::SecurityContext

source · 
pub struct SecurityContext {
    pub capabilities: Option<Capabilities>,
    pub privileged: Option<bool>,
    pub read_only_root_filesystem: Option<bool>,
    pub run_as_non_root: Option<bool>,
    pub run_as_user: Option<i64>,
    pub se_linux_options: Option<SELinuxOptions>,
}
Expand description

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

Fields§

§capabilities: Option<Capabilities>

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

§privileged: Option<bool>

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

§read_only_root_filesystem: Option<bool>

Whether this container has a read-only root filesystem. Default is false.

§run_as_non_root: Option<bool>

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

§run_as_user: Option<i64>

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

§se_linux_options: Option<SELinuxOptions>

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Trait Implementations§

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more
Deserialize this value from the given Serde deserializer. Read more
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more
Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.