Class: Aws::Batch::Types::EksContainerSecurityContext
- Inherits:
-
Struct
- Object
- Struct
- Aws::Batch::Types::EksContainerSecurityContext
- Defined in:
- gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb
Overview
The security context for a job. For more information, see Configure a security context for a pod or container in the Kubernetes documentation.
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#allow_privilege_escalation ⇒ Boolean
Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process.
-
#privileged ⇒ Boolean
When this parameter is
true
, the container is given elevated permissions on the host container instance. -
#read_only_root_filesystem ⇒ Boolean
When this parameter is
true
, the container is given read-only access to its root file system. -
#run_as_group ⇒ Integer
When this parameter is specified, the container is run as the specified group ID (
gid
). -
#run_as_non_root ⇒ Boolean
When this parameter is specified, the container is run as a user with a
uid
other than 0. -
#run_as_user ⇒ Integer
When this parameter is specified, the container is run as the specified user ID (
uid
).
Instance Attribute Details
#allow_privilege_escalation ⇒ Boolean
Whether or not a container or a Kubernetes pod is allowed to gain
more privileges than its parent process. The default value is
false
.
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 |
# File 'gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb', line 3943 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#privileged ⇒ Boolean
When this parameter is true
, the container is given elevated
permissions on the host container instance. The level of permissions
are similar to the root
user permissions. The default value is
false
. This parameter maps to privileged
policy in the
Privileged pod security policies in the Kubernetes
documentation.
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 |
# File 'gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb', line 3943 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#read_only_root_filesystem ⇒ Boolean
When this parameter is true
, the container is given read-only
access to its root file system. The default value is false
. This
parameter maps to ReadOnlyRootFilesystem
policy in the Volumes
and file systems pod security policies in the Kubernetes
documentation.
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 |
# File 'gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb', line 3943 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#run_as_group ⇒ Integer
When this parameter is specified, the container is run as the
specified group ID (gid
). If this parameter isn't specified, the
default is the group that's specified in the image metadata. This
parameter maps to RunAsGroup
and MustRunAs
policy in the Users
and groups pod security policies in the Kubernetes
documentation.
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 |
# File 'gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb', line 3943 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#run_as_non_root ⇒ Boolean
When this parameter is specified, the container is run as a user
with a uid
other than 0. If this parameter isn't specified, so
such rule is enforced. This parameter maps to RunAsUser
and
MustRunAsNonRoot
policy in the Users and groups pod security
policies in the Kubernetes documentation.
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 |
# File 'gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb', line 3943 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |
#run_as_user ⇒ Integer
When this parameter is specified, the container is run as the
specified user ID (uid
). If this parameter isn't specified, the
default is the user that's specified in the image metadata. This
parameter maps to RunAsUser
and MustRanAs
policy in the Users
and groups pod security policies in the Kubernetes
documentation.
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 |
# File 'gems/aws-sdk-batch/lib/aws-sdk-batch/types.rb', line 3943 class EksContainerSecurityContext < Struct.new( :run_as_user, :run_as_group, :privileged, :allow_privilege_escalation, :read_only_root_filesystem, :run_as_non_root) SENSITIVE = [] include Aws::Structure end |