SecurityContextV1 Class

Gets or sets a value that determines whether the container is allowed to gain additional privileges. If set to true, the container is allowed to elevate its privileges. If false, the container cannot escalate privileges even if it tries, providing additional security to the container.

Specifies the AppArmor profile configuration for a Kubernetes resource. AppArmor is a Linux security module that provides mandatory access control and can restrict programs capabilities with a profile-based policy. This property defines the details of the AppArmor profile to be applied to the container.

Gets or sets the capabilities configuration for a container. This property is used to define the kernel-level privileges that can be added or removed for the container, allowing fine-grained control over security and functionality.

Indicates whether a container should be run with privileged permissions. This grants the container elevated access to the host system, which can bypass certain security restrictions. Use with caution as it presents increased security risks.

Defines the type of /proc mount to be used for a container in a Kubernetes Pod. This property allows specifying additional visibility or security constraints on the /proc filesystem, which can help manage access to system-level operations or information from within the container.

Indicates whether the container's filesystem should be configured as read-only. If true, the root filesystem of the container will be mounted as read-only, enhancing security by preventing modifications to the filesystem resources.

Specifies the group ID to run the container's process as. This property helps define the primary group for file system ownership and permissions inside the container. If set, the container's process will run as this group ID. If not set, the group's default ID will be used.

Specifies whether the container must run as a non-root user. Setting this property to true ensures that the container does not run with root privileges, enforcing an additional layer of security. If this property is set to true, the Kubernetes scheduler will validate that the container does not run as root at runtime.

Specifies the user ID to run the container process as. Setting this property provides a security mechanism to ensure that the container process runs with the specified user privileges rather than the default root user. A null value or unset property indicates that the default user ID defined in the container image or configuration will be used.

Specifies the seccomp profile to be applied within the security context of a Kubernetes resource. Seccomp (Secure Computing Mode) profiles are used to restrict system calls that applications can make, improving the security posture of containers. The specified profile determines the system call filtering behavior, helping enforce least privilege and reduce attack surface.

Specifies the SELinux options to be applied to a container. SELinux options provide fine-grained access control for processes within the container, ensuring adherence to mandatory access control (MAC) policies.

Gets or sets the Windows-specific security context options for the container or pod.