Class: Aws::Batch::Types::EksContainerSecurityContext

Inherits:

Struct

• Object
• Struct
• Aws::Batch::Types::EksContainerSecurityContext

Includes:

Structure

Defined in:

lib/aws-sdk-batch/types.rb

Overview

The security context for a job. For more information, see [Configure a security context for a pod or container] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/tasks/configure-pod-container/security-context/

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #allow_privilege_escalation ⇒ Boolean

  Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process.

• #privileged ⇒ Boolean

  When this parameter is true, the container is given elevated permissions on the host container instance.

• #read_only_root_filesystem ⇒ Boolean

  When this parameter is true, the container is given read-only access to its root file system.

• #run_as_group ⇒ Integer

  When this parameter is specified, the container is run as the specified group ID (gid).

• #run_as_non_root ⇒ Boolean

  When this parameter is specified, the container is run as a user with a uid other than 0.

• #run_as_user ⇒ Integer

  When this parameter is specified, the container is run as the specified user ID (uid).

Instance Attribute Details

#allow_privilege_escalation ⇒ Boolean

Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is false.

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 4752

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#privileged ⇒ Boolean

When this parameter is true, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is false. This parameter maps to privileged policy in the

Privileged pod security policies][1

in the *Kubernetes

documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#privileged

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 4752

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#read_only_root_filesystem ⇒ Boolean

When this parameter is true, the container is given read-only access to its root file system. The default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the [Volumes and file systems pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 4752

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_group ⇒ Integer

When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

• (Integer)

# File 'lib/aws-sdk-batch/types.rb', line 4752

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_non_root ⇒ Boolean

When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn’t specified, so such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

• (Boolean)

# File 'lib/aws-sdk-batch/types.rb', line 4752

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end

#run_as_user ⇒ Integer

When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn’t specified, the default is the user that’s specified in the image metadata. This parameter maps to RunAsUser and MustRanAs policy in the [Users and groups pod security policies] in the *Kubernetes documentation*.

[1]: kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

Returns:

• (Integer)

# File 'lib/aws-sdk-batch/types.rb', line 4752

class EksContainerSecurityContext < Struct.new(
  :run_as_user,
  :run_as_group,
  :privileged,
  :allow_privilege_escalation,
  :read_only_root_filesystem,
  :run_as_non_root)
  SENSITIVE = []
  include Aws::Structure
end