Package k8s.io.api.core.v1

Class Generated.PodSecurityContext.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Cloneable, Generated.PodSecurityContextOrBuilder
    Enclosing class:
    Generated.PodSecurityContext
    public static final class Generated.PodSecurityContext.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<Generated.PodSecurityContext.Builder>
implements Generated.PodSecurityContextOrBuilder
     PodSecurityContext holds pod-level security attributes and common container settings.
 Some fields are also present in container.securityContext.  Field values of
 container.securityContext take precedence over field values of PodSecurityContext.
    Protobuf type k8s.io.api.core.v1.PodSecurityContext

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.PodSecurityContext.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.PodSecurityContext.Builder>

      • getDefaultInstanceForType

        public Generated.PodSecurityContext getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public Generated.PodSecurityContext build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public Generated.PodSecurityContext buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.PodSecurityContext.Builder>

      • mergeFrom

        public Generated.PodSecurityContext.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                               throws IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<Generated.PodSecurityContext.Builder>
        Throws:
        IOException

      • hasSeLinuxOptions

        public boolean hasSeLinuxOptions()
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;
        Specified by:
        hasSeLinuxOptions in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the seLinuxOptions field is set.

      • getSeLinuxOptions

        public Generated.SELinuxOptions getSeLinuxOptions()
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;
        Specified by:
        getSeLinuxOptions in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The seLinuxOptions.

      • setSeLinuxOptions

        public Generated.PodSecurityContext.Builder setSeLinuxOptions​(Generated.SELinuxOptions value)
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

      • setSeLinuxOptions

        public Generated.PodSecurityContext.Builder setSeLinuxOptions​(Generated.SELinuxOptions.Builder builderForValue)
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

      • mergeSeLinuxOptions

        public Generated.PodSecurityContext.Builder mergeSeLinuxOptions​(Generated.SELinuxOptions value)
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

      • clearSeLinuxOptions

        public Generated.PodSecurityContext.Builder clearSeLinuxOptions()
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

      • getSeLinuxOptionsBuilder

        public Generated.SELinuxOptions.Builder getSeLinuxOptionsBuilder()
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;

      • getSeLinuxOptionsOrBuilder

        public Generated.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()
         The SELinux context to be applied to all containers.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in SecurityContext.  If set in
 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
 takes precedence for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 1;
        Specified by:
        getSeLinuxOptionsOrBuilder in interface Generated.PodSecurityContextOrBuilder

      • hasWindowsOptions

        public boolean hasWindowsOptions()
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;
        Specified by:
        hasWindowsOptions in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the windowsOptions field is set.

      • getWindowsOptions

        public Generated.WindowsSecurityContextOptions getWindowsOptions()
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;
        Specified by:
        getWindowsOptions in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The windowsOptions.

      • setWindowsOptions

        public Generated.PodSecurityContext.Builder setWindowsOptions​(Generated.WindowsSecurityContextOptions value)
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

      • setWindowsOptions

        public Generated.PodSecurityContext.Builder setWindowsOptions​(Generated.WindowsSecurityContextOptions.Builder builderForValue)
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

      • mergeWindowsOptions

        public Generated.PodSecurityContext.Builder mergeWindowsOptions​(Generated.WindowsSecurityContextOptions value)
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

      • clearWindowsOptions

        public Generated.PodSecurityContext.Builder clearWindowsOptions()
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

      • getWindowsOptionsBuilder

        public Generated.WindowsSecurityContextOptions.Builder getWindowsOptionsBuilder()
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;

      • getWindowsOptionsOrBuilder

        public Generated.WindowsSecurityContextOptionsOrBuilder getWindowsOptionsOrBuilder()
         The Windows specific settings applied to all containers.
 If unspecified, the options within a container's SecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 8;
        Specified by:
        getWindowsOptionsOrBuilder in interface Generated.PodSecurityContextOrBuilder

      • hasRunAsUser

        public boolean hasRunAsUser()
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 2;
        Specified by:
        hasRunAsUser in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the runAsUser field is set.

      • getRunAsUser

        public long getRunAsUser()
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 2;
        Specified by:
        getRunAsUser in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The runAsUser.

      • setRunAsUser

        public Generated.PodSecurityContext.Builder setRunAsUser​(long value)
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 2;
        Parameters:
        value - The runAsUser to set.
        Returns:
        This builder for chaining.

      • clearRunAsUser

        public Generated.PodSecurityContext.Builder clearRunAsUser()
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 2;
        Returns:
        This builder for chaining.

      • hasRunAsGroup

        public boolean hasRunAsGroup()
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 6;
        Specified by:
        hasRunAsGroup in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the runAsGroup field is set.

      • getRunAsGroup

        public long getRunAsGroup()
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 6;
        Specified by:
        getRunAsGroup in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The runAsGroup.

      • setRunAsGroup

        public Generated.PodSecurityContext.Builder setRunAsGroup​(long value)
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 6;
        Parameters:
        value - The runAsGroup to set.
        Returns:
        This builder for chaining.

      • clearRunAsGroup

        public Generated.PodSecurityContext.Builder clearRunAsGroup()
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence
 for that container.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 6;
        Returns:
        This builder for chaining.

      • hasRunAsNonRoot

        public boolean hasRunAsNonRoot()
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 3;
        Specified by:
        hasRunAsNonRoot in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the runAsNonRoot field is set.

      • getRunAsNonRoot

        public boolean getRunAsNonRoot()
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 3;
        Specified by:
        getRunAsNonRoot in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The runAsNonRoot.

      • setRunAsNonRoot

        public Generated.PodSecurityContext.Builder setRunAsNonRoot​(boolean value)
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 3;
        Parameters:
        value - The runAsNonRoot to set.
        Returns:
        This builder for chaining.

      • clearRunAsNonRoot

        public Generated.PodSecurityContext.Builder clearRunAsNonRoot()
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in SecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 3;
        Returns:
        This builder for chaining.

      • getSupplementalGroupsList

        public List<Long> getSupplementalGroupsList()
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Specified by:
        getSupplementalGroupsList in interface Generated.PodSecurityContextOrBuilder
        Returns:
        A list containing the supplementalGroups.

      • getSupplementalGroupsCount

        public int getSupplementalGroupsCount()
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Specified by:
        getSupplementalGroupsCount in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The count of supplementalGroups.

      • getSupplementalGroups

        public long getSupplementalGroups​(int index)
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Specified by:
        getSupplementalGroups in interface Generated.PodSecurityContextOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The supplementalGroups at the given index.

      • setSupplementalGroups

        public Generated.PodSecurityContext.Builder setSupplementalGroups​(int index,
                                                                  long value)
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Parameters:
        index - The index to set the value at.
        value - The supplementalGroups to set.
        Returns:
        This builder for chaining.

      • addSupplementalGroups

        public Generated.PodSecurityContext.Builder addSupplementalGroups​(long value)
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Parameters:
        value - The supplementalGroups to add.
        Returns:
        This builder for chaining.

      • addAllSupplementalGroups

        public Generated.PodSecurityContext.Builder addAllSupplementalGroups​(Iterable<? extends Long> values)
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Parameters:
        values - The supplementalGroups to add.
        Returns:
        This builder for chaining.

      • clearSupplementalGroups

        public Generated.PodSecurityContext.Builder clearSupplementalGroups()
         A list of groups applied to the first process run in each container, in
 addition to the container's primary GID and fsGroup (if specified).  If
 the SupplementalGroupsPolicy feature is enabled, the
 supplementalGroupsPolicy field determines whether these are in addition
 to or instead of any group memberships defined in the container image.
 If unspecified, no additional groups are added, though group memberships
 defined in the container image may still be used, depending on the
 supplementalGroupsPolicy field.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated int64 supplementalGroups = 4;
        Returns:
        This builder for chaining.

      • hasSupplementalGroupsPolicy

        public boolean hasSupplementalGroupsPolicy()
         Defines how supplemental groups of the first container processes are calculated.
 Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
 and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 TODO: update the default value to "Merge" when spec.os.name is not windows in v1.34
 +featureGate=SupplementalGroupsPolicy
 +optional
        optional string supplementalGroupsPolicy = 12;
        Specified by:
        hasSupplementalGroupsPolicy in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the supplementalGroupsPolicy field is set.

      • getSupplementalGroupsPolicy

        public String getSupplementalGroupsPolicy()
         Defines how supplemental groups of the first container processes are calculated.
 Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
 and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 TODO: update the default value to "Merge" when spec.os.name is not windows in v1.34
 +featureGate=SupplementalGroupsPolicy
 +optional
        optional string supplementalGroupsPolicy = 12;
        Specified by:
        getSupplementalGroupsPolicy in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The supplementalGroupsPolicy.

      • getSupplementalGroupsPolicyBytes

        public com.google.protobuf.ByteString getSupplementalGroupsPolicyBytes()
         Defines how supplemental groups of the first container processes are calculated.
 Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
 and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 TODO: update the default value to "Merge" when spec.os.name is not windows in v1.34
 +featureGate=SupplementalGroupsPolicy
 +optional
        optional string supplementalGroupsPolicy = 12;
        Specified by:
        getSupplementalGroupsPolicyBytes in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The bytes for supplementalGroupsPolicy.

      • setSupplementalGroupsPolicy

        public Generated.PodSecurityContext.Builder setSupplementalGroupsPolicy​(String value)
         Defines how supplemental groups of the first container processes are calculated.
 Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
 and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 TODO: update the default value to "Merge" when spec.os.name is not windows in v1.34
 +featureGate=SupplementalGroupsPolicy
 +optional
        optional string supplementalGroupsPolicy = 12;
        Parameters:
        value - The supplementalGroupsPolicy to set.
        Returns:
        This builder for chaining.

      • clearSupplementalGroupsPolicy

        public Generated.PodSecurityContext.Builder clearSupplementalGroupsPolicy()
         Defines how supplemental groups of the first container processes are calculated.
 Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
 and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 TODO: update the default value to "Merge" when spec.os.name is not windows in v1.34
 +featureGate=SupplementalGroupsPolicy
 +optional
        optional string supplementalGroupsPolicy = 12;
        Returns:
        This builder for chaining.

      • setSupplementalGroupsPolicyBytes

        public Generated.PodSecurityContext.Builder setSupplementalGroupsPolicyBytes​(com.google.protobuf.ByteString value)
         Defines how supplemental groups of the first container processes are calculated.
 Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
 (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
 and the container runtime must implement support for this feature.
 Note that this field cannot be set when spec.os.name is windows.
 TODO: update the default value to "Merge" when spec.os.name is not windows in v1.34
 +featureGate=SupplementalGroupsPolicy
 +optional
        optional string supplementalGroupsPolicy = 12;
        Parameters:
        value - The bytes for supplementalGroupsPolicy to set.
        Returns:
        This builder for chaining.

      • hasFsGroup

        public boolean hasFsGroup()
         A special supplemental group that applies to all containers in a pod.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:

 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----

 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 fsGroup = 5;
        Specified by:
        hasFsGroup in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the fsGroup field is set.

      • getFsGroup

        public long getFsGroup()
         A special supplemental group that applies to all containers in a pod.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:

 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----

 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 fsGroup = 5;
        Specified by:
        getFsGroup in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The fsGroup.

      • setFsGroup

        public Generated.PodSecurityContext.Builder setFsGroup​(long value)
         A special supplemental group that applies to all containers in a pod.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:

 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----

 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 fsGroup = 5;
        Parameters:
        value - The fsGroup to set.
        Returns:
        This builder for chaining.

      • clearFsGroup

        public Generated.PodSecurityContext.Builder clearFsGroup()
         A special supplemental group that applies to all containers in a pod.
 Some volume types allow the Kubelet to change the ownership of that volume
 to be owned by the pod:

 1. The owning GID will be the FSGroup
 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
 3. The permission bits are OR'd with rw-rw----

 If unset, the Kubelet will not modify the ownership and permissions of any volume.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 fsGroup = 5;
        Returns:
        This builder for chaining.

      • getSysctlsList

        public List<Generated.Sysctl> getSysctlsList()
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;
        Specified by:
        getSysctlsList in interface Generated.PodSecurityContextOrBuilder

      • getSysctlsCount

        public int getSysctlsCount()
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;
        Specified by:
        getSysctlsCount in interface Generated.PodSecurityContextOrBuilder

      • getSysctls

        public Generated.Sysctl getSysctls​(int index)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;
        Specified by:
        getSysctls in interface Generated.PodSecurityContextOrBuilder

      • setSysctls

        public Generated.PodSecurityContext.Builder setSysctls​(int index,
                                                       Generated.Sysctl value)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • setSysctls

        public Generated.PodSecurityContext.Builder setSysctls​(int index,
                                                       Generated.Sysctl.Builder builderForValue)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • addSysctls

        public Generated.PodSecurityContext.Builder addSysctls​(Generated.Sysctl value)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • addSysctls

        public Generated.PodSecurityContext.Builder addSysctls​(int index,
                                                       Generated.Sysctl value)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • addSysctls

        public Generated.PodSecurityContext.Builder addSysctls​(Generated.Sysctl.Builder builderForValue)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • addSysctls

        public Generated.PodSecurityContext.Builder addSysctls​(int index,
                                                       Generated.Sysctl.Builder builderForValue)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • addAllSysctls

        public Generated.PodSecurityContext.Builder addAllSysctls​(Iterable<? extends Generated.Sysctl> values)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • clearSysctls

        public Generated.PodSecurityContext.Builder clearSysctls()
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • removeSysctls

        public Generated.PodSecurityContext.Builder removeSysctls​(int index)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • getSysctlsBuilder

        public Generated.Sysctl.Builder getSysctlsBuilder​(int index)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • getSysctlsOrBuilder

        public Generated.SysctlOrBuilder getSysctlsOrBuilder​(int index)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;
        Specified by:
        getSysctlsOrBuilder in interface Generated.PodSecurityContextOrBuilder

      • getSysctlsOrBuilderList

        public List<? extends Generated.SysctlOrBuilder> getSysctlsOrBuilderList()
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;
        Specified by:
        getSysctlsOrBuilderList in interface Generated.PodSecurityContextOrBuilder

      • addSysctlsBuilder

        public Generated.Sysctl.Builder addSysctlsBuilder()
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • addSysctlsBuilder

        public Generated.Sysctl.Builder addSysctlsBuilder​(int index)
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • getSysctlsBuilderList

        public List<Generated.Sysctl.Builder> getSysctlsBuilderList()
         Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
 sysctls (by the container runtime) might fail to launch.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
 +listType=atomic
        repeated .k8s.io.api.core.v1.Sysctl sysctls = 7;

      • hasFsGroupChangePolicy

        public boolean hasFsGroupChangePolicy()
         fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string fsGroupChangePolicy = 9;
        Specified by:
        hasFsGroupChangePolicy in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the fsGroupChangePolicy field is set.

      • getFsGroupChangePolicy

        public String getFsGroupChangePolicy()
         fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string fsGroupChangePolicy = 9;
        Specified by:
        getFsGroupChangePolicy in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The fsGroupChangePolicy.

      • getFsGroupChangePolicyBytes

        public com.google.protobuf.ByteString getFsGroupChangePolicyBytes()
         fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string fsGroupChangePolicy = 9;
        Specified by:
        getFsGroupChangePolicyBytes in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The bytes for fsGroupChangePolicy.

      • setFsGroupChangePolicy

        public Generated.PodSecurityContext.Builder setFsGroupChangePolicy​(String value)
         fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string fsGroupChangePolicy = 9;
        Parameters:
        value - The fsGroupChangePolicy to set.
        Returns:
        This builder for chaining.

      • clearFsGroupChangePolicy

        public Generated.PodSecurityContext.Builder clearFsGroupChangePolicy()
         fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string fsGroupChangePolicy = 9;
        Returns:
        This builder for chaining.

      • setFsGroupChangePolicyBytes

        public Generated.PodSecurityContext.Builder setFsGroupChangePolicyBytes​(com.google.protobuf.ByteString value)
         fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
 before being exposed inside Pod. This field will only apply to
 volume types which support fsGroup based ownership(and permissions).
 It will have no effect on ephemeral volume types such as: secret, configmaps
 and emptydir.
 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string fsGroupChangePolicy = 9;
        Parameters:
        value - The bytes for fsGroupChangePolicy to set.
        Returns:
        This builder for chaining.

      • hasSeccompProfile

        public boolean hasSeccompProfile()
         The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;
        Specified by:
        hasSeccompProfile in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the seccompProfile field is set.

      • setSeccompProfile

        public Generated.PodSecurityContext.Builder setSeccompProfile​(Generated.SeccompProfile value)
         The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;

      • mergeSeccompProfile

        public Generated.PodSecurityContext.Builder mergeSeccompProfile​(Generated.SeccompProfile value)
         The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;

      • clearSeccompProfile

        public Generated.PodSecurityContext.Builder clearSeccompProfile()
         The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;

      • getSeccompProfileBuilder

        public Generated.SeccompProfile.Builder getSeccompProfileBuilder()
         The seccomp options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 10;

      • hasAppArmorProfile

        public boolean hasAppArmorProfile()
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;
        Specified by:
        hasAppArmorProfile in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the appArmorProfile field is set.

      • getAppArmorProfile

        public Generated.AppArmorProfile getAppArmorProfile()
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;
        Specified by:
        getAppArmorProfile in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The appArmorProfile.

      • setAppArmorProfile

        public Generated.PodSecurityContext.Builder setAppArmorProfile​(Generated.AppArmorProfile value)
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;

      • setAppArmorProfile

        public Generated.PodSecurityContext.Builder setAppArmorProfile​(Generated.AppArmorProfile.Builder builderForValue)
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;

      • mergeAppArmorProfile

        public Generated.PodSecurityContext.Builder mergeAppArmorProfile​(Generated.AppArmorProfile value)
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;

      • clearAppArmorProfile

        public Generated.PodSecurityContext.Builder clearAppArmorProfile()
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;

      • getAppArmorProfileBuilder

        public Generated.AppArmorProfile.Builder getAppArmorProfileBuilder()
         appArmorProfile is the AppArmor options to use by the containers in this pod.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 11;

      • hasSeLinuxChangePolicy

        public boolean hasSeLinuxChangePolicy()
         seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
 It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
 Valid values are "MountOption" and "Recursive".

 "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
 This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

 "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
 This requires all Pods that share the same volume to use the same SELinux label.
 It is not possible to share the same volume among privileged and unprivileged Pods.
 Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
 whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
 CSIDriver instance. Other volumes are always re-labelled recursively.
 "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
 If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
 and "Recursive" for all other volumes.

 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
 Note that this field cannot be set when spec.os.name is windows.
 +featureGate=SELinuxChangePolicy
 +optional
        optional string seLinuxChangePolicy = 13;
        Specified by:
        hasSeLinuxChangePolicy in interface Generated.PodSecurityContextOrBuilder
        Returns:
        Whether the seLinuxChangePolicy field is set.

      • getSeLinuxChangePolicy

        public String getSeLinuxChangePolicy()
         seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
 It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
 Valid values are "MountOption" and "Recursive".

 "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
 This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

 "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
 This requires all Pods that share the same volume to use the same SELinux label.
 It is not possible to share the same volume among privileged and unprivileged Pods.
 Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
 whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
 CSIDriver instance. Other volumes are always re-labelled recursively.
 "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
 If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
 and "Recursive" for all other volumes.

 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
 Note that this field cannot be set when spec.os.name is windows.
 +featureGate=SELinuxChangePolicy
 +optional
        optional string seLinuxChangePolicy = 13;
        Specified by:
        getSeLinuxChangePolicy in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The seLinuxChangePolicy.

      • getSeLinuxChangePolicyBytes

        public com.google.protobuf.ByteString getSeLinuxChangePolicyBytes()
         seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
 It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
 Valid values are "MountOption" and "Recursive".

 "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
 This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

 "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
 This requires all Pods that share the same volume to use the same SELinux label.
 It is not possible to share the same volume among privileged and unprivileged Pods.
 Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
 whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
 CSIDriver instance. Other volumes are always re-labelled recursively.
 "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
 If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
 and "Recursive" for all other volumes.

 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
 Note that this field cannot be set when spec.os.name is windows.
 +featureGate=SELinuxChangePolicy
 +optional
        optional string seLinuxChangePolicy = 13;
        Specified by:
        getSeLinuxChangePolicyBytes in interface Generated.PodSecurityContextOrBuilder
        Returns:
        The bytes for seLinuxChangePolicy.

      • setSeLinuxChangePolicy

        public Generated.PodSecurityContext.Builder setSeLinuxChangePolicy​(String value)
         seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
 It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
 Valid values are "MountOption" and "Recursive".

 "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
 This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

 "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
 This requires all Pods that share the same volume to use the same SELinux label.
 It is not possible to share the same volume among privileged and unprivileged Pods.
 Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
 whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
 CSIDriver instance. Other volumes are always re-labelled recursively.
 "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
 If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
 and "Recursive" for all other volumes.

 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
 Note that this field cannot be set when spec.os.name is windows.
 +featureGate=SELinuxChangePolicy
 +optional
        optional string seLinuxChangePolicy = 13;
        Parameters:
        value - The seLinuxChangePolicy to set.
        Returns:
        This builder for chaining.

      • clearSeLinuxChangePolicy

        public Generated.PodSecurityContext.Builder clearSeLinuxChangePolicy()
         seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
 It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
 Valid values are "MountOption" and "Recursive".

 "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
 This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

 "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
 This requires all Pods that share the same volume to use the same SELinux label.
 It is not possible to share the same volume among privileged and unprivileged Pods.
 Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
 whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
 CSIDriver instance. Other volumes are always re-labelled recursively.
 "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
 If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
 and "Recursive" for all other volumes.

 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
 Note that this field cannot be set when spec.os.name is windows.
 +featureGate=SELinuxChangePolicy
 +optional
        optional string seLinuxChangePolicy = 13;
        Returns:
        This builder for chaining.

      • setSeLinuxChangePolicyBytes

        public Generated.PodSecurityContext.Builder setSeLinuxChangePolicyBytes​(com.google.protobuf.ByteString value)
         seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
 It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
 Valid values are "MountOption" and "Recursive".

 "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
 This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.

 "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
 This requires all Pods that share the same volume to use the same SELinux label.
 It is not possible to share the same volume among privileged and unprivileged Pods.
 Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
 whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
 CSIDriver instance. Other volumes are always re-labelled recursively.
 "MountOption" value is allowed only when SELinuxMount feature gate is enabled.

 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
 If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
 and "Recursive" for all other volumes.

 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.

 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
 Note that this field cannot be set when spec.os.name is windows.
 +featureGate=SELinuxChangePolicy
 +optional
        optional string seLinuxChangePolicy = 13;
        Parameters:
        value - The bytes for seLinuxChangePolicy to set.
        Returns:
        This builder for chaining.