Package k8s.io.api.core.v1

Class Generated.SecurityContext.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Cloneable, Generated.SecurityContextOrBuilder
    Enclosing class:
    Generated.SecurityContext
    public static final class Generated.SecurityContext.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>
implements Generated.SecurityContextOrBuilder
     SecurityContext holds security configuration that will be applied to a container.
 Some fields are present in both SecurityContext and PodSecurityContext.  When both
 are set, the values in SecurityContext take precedence.
    Protobuf type k8s.io.api.core.v1.SecurityContext

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>

      • getDefaultInstanceForType

        public Generated.SecurityContext getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public Generated.SecurityContext build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public Generated.SecurityContext buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • setRepeatedField

        public Generated.SecurityContext.Builder setRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                          int index,
                                                          Object value)
        Specified by:
        setRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>

      • mergeFrom

        public Generated.SecurityContext.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                                   com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                            throws IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<Generated.SecurityContext.Builder>
        Throws:
        IOException

      • hasCapabilities

        public boolean hasCapabilities()
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;
        Specified by:
        hasCapabilities in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the capabilities field is set.

      • getCapabilities

        public Generated.Capabilities getCapabilities()
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;
        Specified by:
        getCapabilities in interface Generated.SecurityContextOrBuilder
        Returns:
        The capabilities.

      • setCapabilities

        public Generated.SecurityContext.Builder setCapabilities​(Generated.Capabilities value)
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

      • setCapabilities

        public Generated.SecurityContext.Builder setCapabilities​(Generated.Capabilities.Builder builderForValue)
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

      • mergeCapabilities

        public Generated.SecurityContext.Builder mergeCapabilities​(Generated.Capabilities value)
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

      • clearCapabilities

        public Generated.SecurityContext.Builder clearCapabilities()
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

      • getCapabilitiesBuilder

        public Generated.Capabilities.Builder getCapabilitiesBuilder()
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;

      • getCapabilitiesOrBuilder

        public Generated.CapabilitiesOrBuilder getCapabilitiesOrBuilder()
         The capabilities to add/drop when running containers.
 Defaults to the default set of capabilities granted by the container runtime.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.Capabilities capabilities = 1;
        Specified by:
        getCapabilitiesOrBuilder in interface Generated.SecurityContextOrBuilder

      • hasPrivileged

        public boolean hasPrivileged()
         Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool privileged = 2;
        Specified by:
        hasPrivileged in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the privileged field is set.

      • getPrivileged

        public boolean getPrivileged()
         Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool privileged = 2;
        Specified by:
        getPrivileged in interface Generated.SecurityContextOrBuilder
        Returns:
        The privileged.

      • setPrivileged

        public Generated.SecurityContext.Builder setPrivileged​(boolean value)
         Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool privileged = 2;
        Parameters:
        value - The privileged to set.
        Returns:
        This builder for chaining.

      • clearPrivileged

        public Generated.SecurityContext.Builder clearPrivileged()
         Run container in privileged mode.
 Processes in privileged containers are essentially equivalent to root on the host.
 Defaults to false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool privileged = 2;
        Returns:
        This builder for chaining.

      • hasSeLinuxOptions

        public boolean hasSeLinuxOptions()
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;
        Specified by:
        hasSeLinuxOptions in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the seLinuxOptions field is set.

      • getSeLinuxOptions

        public Generated.SELinuxOptions getSeLinuxOptions()
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;
        Specified by:
        getSeLinuxOptions in interface Generated.SecurityContextOrBuilder
        Returns:
        The seLinuxOptions.

      • setSeLinuxOptions

        public Generated.SecurityContext.Builder setSeLinuxOptions​(Generated.SELinuxOptions value)
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

      • setSeLinuxOptions

        public Generated.SecurityContext.Builder setSeLinuxOptions​(Generated.SELinuxOptions.Builder builderForValue)
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

      • mergeSeLinuxOptions

        public Generated.SecurityContext.Builder mergeSeLinuxOptions​(Generated.SELinuxOptions value)
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

      • clearSeLinuxOptions

        public Generated.SecurityContext.Builder clearSeLinuxOptions()
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

      • getSeLinuxOptionsBuilder

        public Generated.SELinuxOptions.Builder getSeLinuxOptionsBuilder()
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;

      • getSeLinuxOptionsOrBuilder

        public Generated.SELinuxOptionsOrBuilder getSeLinuxOptionsOrBuilder()
         The SELinux context to be applied to the container.
 If unspecified, the container runtime will allocate a random SELinux context for each
 container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 3;
        Specified by:
        getSeLinuxOptionsOrBuilder in interface Generated.SecurityContextOrBuilder

      • hasWindowsOptions

        public boolean hasWindowsOptions()
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;
        Specified by:
        hasWindowsOptions in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the windowsOptions field is set.

      • getWindowsOptions

        public Generated.WindowsSecurityContextOptions getWindowsOptions()
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;
        Specified by:
        getWindowsOptions in interface Generated.SecurityContextOrBuilder
        Returns:
        The windowsOptions.

      • setWindowsOptions

        public Generated.SecurityContext.Builder setWindowsOptions​(Generated.WindowsSecurityContextOptions value)
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;

      • setWindowsOptions

        public Generated.SecurityContext.Builder setWindowsOptions​(Generated.WindowsSecurityContextOptions.Builder builderForValue)
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;

      • mergeWindowsOptions

        public Generated.SecurityContext.Builder mergeWindowsOptions​(Generated.WindowsSecurityContextOptions value)
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;

      • clearWindowsOptions

        public Generated.SecurityContext.Builder clearWindowsOptions()
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;

      • getWindowsOptionsBuilder

        public Generated.WindowsSecurityContextOptions.Builder getWindowsOptionsBuilder()
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;

      • getWindowsOptionsOrBuilder

        public Generated.WindowsSecurityContextOptionsOrBuilder getWindowsOptionsOrBuilder()
         The Windows specific settings applied to all containers.
 If unspecified, the options from the PodSecurityContext will be used.
 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is linux.
 +optional
        optional .k8s.io.api.core.v1.WindowsSecurityContextOptions windowsOptions = 10;
        Specified by:
        getWindowsOptionsOrBuilder in interface Generated.SecurityContextOrBuilder

      • hasRunAsUser

        public boolean hasRunAsUser()
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 4;
        Specified by:
        hasRunAsUser in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the runAsUser field is set.

      • getRunAsUser

        public long getRunAsUser()
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 4;
        Specified by:
        getRunAsUser in interface Generated.SecurityContextOrBuilder
        Returns:
        The runAsUser.

      • setRunAsUser

        public Generated.SecurityContext.Builder setRunAsUser​(long value)
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 4;
        Parameters:
        value - The runAsUser to set.
        Returns:
        This builder for chaining.

      • clearRunAsUser

        public Generated.SecurityContext.Builder clearRunAsUser()
         The UID to run the entrypoint of the container process.
 Defaults to user specified in image metadata if unspecified.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsUser = 4;
        Returns:
        This builder for chaining.

      • hasRunAsGroup

        public boolean hasRunAsGroup()
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 8;
        Specified by:
        hasRunAsGroup in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the runAsGroup field is set.

      • getRunAsGroup

        public long getRunAsGroup()
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 8;
        Specified by:
        getRunAsGroup in interface Generated.SecurityContextOrBuilder
        Returns:
        The runAsGroup.

      • setRunAsGroup

        public Generated.SecurityContext.Builder setRunAsGroup​(long value)
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 8;
        Parameters:
        value - The runAsGroup to set.
        Returns:
        This builder for chaining.

      • clearRunAsGroup

        public Generated.SecurityContext.Builder clearRunAsGroup()
         The GID to run the entrypoint of the container process.
 Uses runtime default if unset.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional int64 runAsGroup = 8;
        Returns:
        This builder for chaining.

      • hasRunAsNonRoot

        public boolean hasRunAsNonRoot()
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 5;
        Specified by:
        hasRunAsNonRoot in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the runAsNonRoot field is set.

      • getRunAsNonRoot

        public boolean getRunAsNonRoot()
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 5;
        Specified by:
        getRunAsNonRoot in interface Generated.SecurityContextOrBuilder
        Returns:
        The runAsNonRoot.

      • setRunAsNonRoot

        public Generated.SecurityContext.Builder setRunAsNonRoot​(boolean value)
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 5;
        Parameters:
        value - The runAsNonRoot to set.
        Returns:
        This builder for chaining.

      • clearRunAsNonRoot

        public Generated.SecurityContext.Builder clearRunAsNonRoot()
         Indicates that the container must run as a non-root user.
 If true, the Kubelet will validate the image at runtime to ensure that it
 does not run as UID 0 (root) and fail to start the container if it does.
 If unset or false, no such validation will be performed.
 May also be set in PodSecurityContext.  If set in both SecurityContext and
 PodSecurityContext, the value specified in SecurityContext takes precedence.
 +optional
        optional bool runAsNonRoot = 5;
        Returns:
        This builder for chaining.

      • hasReadOnlyRootFilesystem

        public boolean hasReadOnlyRootFilesystem()
         Whether this container has a read-only root filesystem.
 Default is false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool readOnlyRootFilesystem = 6;
        Specified by:
        hasReadOnlyRootFilesystem in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the readOnlyRootFilesystem field is set.

      • getReadOnlyRootFilesystem

        public boolean getReadOnlyRootFilesystem()
         Whether this container has a read-only root filesystem.
 Default is false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool readOnlyRootFilesystem = 6;
        Specified by:
        getReadOnlyRootFilesystem in interface Generated.SecurityContextOrBuilder
        Returns:
        The readOnlyRootFilesystem.

      • setReadOnlyRootFilesystem

        public Generated.SecurityContext.Builder setReadOnlyRootFilesystem​(boolean value)
         Whether this container has a read-only root filesystem.
 Default is false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool readOnlyRootFilesystem = 6;
        Parameters:
        value - The readOnlyRootFilesystem to set.
        Returns:
        This builder for chaining.

      • clearReadOnlyRootFilesystem

        public Generated.SecurityContext.Builder clearReadOnlyRootFilesystem()
         Whether this container has a read-only root filesystem.
 Default is false.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool readOnlyRootFilesystem = 6;
        Returns:
        This builder for chaining.

      • hasAllowPrivilegeEscalation

        public boolean hasAllowPrivilegeEscalation()
         AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool allowPrivilegeEscalation = 7;
        Specified by:
        hasAllowPrivilegeEscalation in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the allowPrivilegeEscalation field is set.

      • getAllowPrivilegeEscalation

        public boolean getAllowPrivilegeEscalation()
         AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool allowPrivilegeEscalation = 7;
        Specified by:
        getAllowPrivilegeEscalation in interface Generated.SecurityContextOrBuilder
        Returns:
        The allowPrivilegeEscalation.

      • setAllowPrivilegeEscalation

        public Generated.SecurityContext.Builder setAllowPrivilegeEscalation​(boolean value)
         AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool allowPrivilegeEscalation = 7;
        Parameters:
        value - The allowPrivilegeEscalation to set.
        Returns:
        This builder for chaining.

      • clearAllowPrivilegeEscalation

        public Generated.SecurityContext.Builder clearAllowPrivilegeEscalation()
         AllowPrivilegeEscalation controls whether a process can gain more
 privileges than its parent process. This bool directly controls if
 the no_new_privs flag will be set on the container process.
 AllowPrivilegeEscalation is true always when the container is:
 1) run as Privileged
 2) has CAP_SYS_ADMIN
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional bool allowPrivilegeEscalation = 7;
        Returns:
        This builder for chaining.

      • hasProcMount

        public boolean hasProcMount()
         procMount denotes the type of proc mount to use for the containers.
 The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string procMount = 9;
        Specified by:
        hasProcMount in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the procMount field is set.

      • getProcMount

        public String getProcMount()
         procMount denotes the type of proc mount to use for the containers.
 The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string procMount = 9;
        Specified by:
        getProcMount in interface Generated.SecurityContextOrBuilder
        Returns:
        The procMount.

      • getProcMountBytes

        public com.google.protobuf.ByteString getProcMountBytes()
         procMount denotes the type of proc mount to use for the containers.
 The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string procMount = 9;
        Specified by:
        getProcMountBytes in interface Generated.SecurityContextOrBuilder
        Returns:
        The bytes for procMount.

      • setProcMount

        public Generated.SecurityContext.Builder setProcMount​(String value)
         procMount denotes the type of proc mount to use for the containers.
 The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string procMount = 9;
        Parameters:
        value - The procMount to set.
        Returns:
        This builder for chaining.

      • clearProcMount

        public Generated.SecurityContext.Builder clearProcMount()
         procMount denotes the type of proc mount to use for the containers.
 The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string procMount = 9;
        Returns:
        This builder for chaining.

      • setProcMountBytes

        public Generated.SecurityContext.Builder setProcMountBytes​(com.google.protobuf.ByteString value)
         procMount denotes the type of proc mount to use for the containers.
 The default value is Default which uses the container runtime defaults for
 readonly paths and masked paths.
 This requires the ProcMountType feature flag to be enabled.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional string procMount = 9;
        Parameters:
        value - The bytes for procMount to set.
        Returns:
        This builder for chaining.

      • hasSeccompProfile

        public boolean hasSeccompProfile()
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;
        Specified by:
        hasSeccompProfile in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the seccompProfile field is set.

      • getSeccompProfile

        public Generated.SeccompProfile getSeccompProfile()
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;
        Specified by:
        getSeccompProfile in interface Generated.SecurityContextOrBuilder
        Returns:
        The seccompProfile.

      • setSeccompProfile

        public Generated.SecurityContext.Builder setSeccompProfile​(Generated.SeccompProfile value)
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;

      • setSeccompProfile

        public Generated.SecurityContext.Builder setSeccompProfile​(Generated.SeccompProfile.Builder builderForValue)
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;

      • mergeSeccompProfile

        public Generated.SecurityContext.Builder mergeSeccompProfile​(Generated.SeccompProfile value)
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;

      • clearSeccompProfile

        public Generated.SecurityContext.Builder clearSeccompProfile()
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;

      • getSeccompProfileBuilder

        public Generated.SeccompProfile.Builder getSeccompProfileBuilder()
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;

      • getSeccompProfileOrBuilder

        public Generated.SeccompProfileOrBuilder getSeccompProfileOrBuilder()
         The seccomp options to use by this container. If seccomp options are
 provided at both the pod & container level, the container options
 override the pod options.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.SeccompProfile seccompProfile = 11;
        Specified by:
        getSeccompProfileOrBuilder in interface Generated.SecurityContextOrBuilder

      • hasAppArmorProfile

        public boolean hasAppArmorProfile()
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;
        Specified by:
        hasAppArmorProfile in interface Generated.SecurityContextOrBuilder
        Returns:
        Whether the appArmorProfile field is set.

      • getAppArmorProfile

        public Generated.AppArmorProfile getAppArmorProfile()
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;
        Specified by:
        getAppArmorProfile in interface Generated.SecurityContextOrBuilder
        Returns:
        The appArmorProfile.

      • setAppArmorProfile

        public Generated.SecurityContext.Builder setAppArmorProfile​(Generated.AppArmorProfile value)
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;

      • setAppArmorProfile

        public Generated.SecurityContext.Builder setAppArmorProfile​(Generated.AppArmorProfile.Builder builderForValue)
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;

      • mergeAppArmorProfile

        public Generated.SecurityContext.Builder mergeAppArmorProfile​(Generated.AppArmorProfile value)
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;

      • clearAppArmorProfile

        public Generated.SecurityContext.Builder clearAppArmorProfile()
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;

      • getAppArmorProfileBuilder

        public Generated.AppArmorProfile.Builder getAppArmorProfileBuilder()
         appArmorProfile is the AppArmor options to use by this container. If set, this profile
 overrides the pod's appArmorProfile.
 Note that this field cannot be set when spec.os.name is windows.
 +optional
        optional .k8s.io.api.core.v1.AppArmorProfile appArmorProfile = 12;

      • setUnknownFields

        public final Generated.SecurityContext.Builder setUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        setUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>

      • mergeUnknownFields

        public final Generated.SecurityContext.Builder mergeUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        mergeUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Generated.SecurityContext.Builder>