PodSecurityContextV1 Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents the security context settings for a Kubernetes Pod.
[YamlDotNet.Serialization.YamlSerializable]
public sealed class PodSecurityContextV1[<YamlDotNet.Serialization.YamlSerializable>]
type PodSecurityContextV1 = classPublic NotInheritable Class PodSecurityContextV1- Inheritance
-
PodSecurityContextV1
- Attributes
-
YamlDotNet.Serialization.YamlSerializableAttribute
Remarks
The PodSecurityContextV1 class provides configuration options for controlling security-related attributes of a Kubernetes Pod. These settings include user and group ID management, AppArmor profiles, seccomp profiles, SELinux options, sysctl settings, Windows-specific security options, and more.
Constructors
| PodSecurityContextV1() |
Properties
| AppArmorProfile |
Represents the AppArmor profile configuration associated with the pod security context. This property defines the AppArmor settings that are applied to the containers in the pod, such as profile type and/or specific profiles applied for runtime security. |
| FsGroup |
Gets or sets the file system group ID (fsGroup) to be applied to all volumes mounted in the pod if the volume's security policy supports it. The ownership of the volumes and permissions may be modified based on this ID to ensure the designated fsGroup has the required access. |
| FsGroupChangePolicy |
Gets or sets the policy that determines when to change the group ownership
of files within the volume mounted in a pod. It specifies how and when
Kubernetes manages the ownership change for the specified |
| RunAsGroup |
Specifies the primary group ID for processes that will run in the container or pod. This property allows you to control the group ownership for files and processes within the pod, ensuring consistent group-level permissions during runtime. |
| RunAsNonRoot |
Specifies whether the container should run as a non-root user. If set to true, it enforces that the container does not run as a root user. A value of null indicates no explicit preference. |
| RunAsUser |
Specifies the user ID to run the container or pod processes as. If set, this overrides the user ID specified in the container image or runtime default. |
| SeccompProfile |
Specifies the Seccomp (Secure Computing Mode) profile configuration for a pod or container in Kubernetes to restrict system calls made by workloads to enhance security. |
| SeLinuxOptions |
Defines the SELinux options that control the security labeling applied to the pod or container. SELinuxOptions are part of the SELinux security mechanism in Linux, allowing fine-grained access control and isolation. |
| SupplementalGroups |
Gets the list of supplementary group IDs that are applied to the container's process. Supplemental groups provide additional Unix group IDs that the container's main process should run as, in addition to the primary group. This property is typically used to grant access permissions to resources shared by multiple Unix groups. |
| SupplementalGroupsPolicy |
Specifies the policy for handling supplemental groups in the security context of a Kubernetes pod. This property determines how the system assigns or enforces supplemental groups for the containers within the pod. It allows for the control of additional group memberships that the container processes can utilize beyond the primary group. |
| Sysctls |
Represents a collection of kernel parameters (sysctls) for a pod in Kubernetes. Sysctls are used to configure the kernel parameters at runtime, affecting the behavior of the operating system for the container. |
| WindowsOptions |
Represents Windows-specific security context options for a Kubernetes pod or container. Provides customization settings for Windows-based environments. |