PodSecurityContextV1
Class sealed net10.0
Represents the security context settings for a Kubernetes Pod.
namespace Aspire.Hosting.Kubernetes.Resources;
public sealed class PodSecurityContextV1{ // ...} 13 members
Remarks
Section titled Remarks The
PodSecurityContextV1 class provides configuration options for controlling security-related attributes of a Kubernetes Pod. These settings include user and group ID management, AppArmor profiles, seccomp profiles, SELinux options, sysctl settings, Windows-specific security options, and more. Constructors1
Section titled ConstructorsProperties12
Section titled PropertiesAppArmorProfileget; set Represents the AppArmor profile configuration associated with the pod security context. This property defines the AppArmor settings that are applied to the containers in the pod, such as profile type and/or specific profiles applied for runtime security.
FsGroupget; setlong? Gets or sets the file system group ID (fsGroup) to be applied to all volumes mounted in the pod if the volume's security policy supports it. The ownership of the volumes and permissions may be modified based on this ID to ensure the designated fsGroup has the required access.
FsGroupChangePolicyget; setstring Gets or sets the policy that determines when to change the group ownership of files within the volume mounted in a pod. It specifies how and when Kubernetes manages the ownership change for the specified `fsGroup`. Possible values are typically "Always" or "OnRootMismatch".
RunAsGroupget; setlong? Specifies the primary group ID for processes that will run in the container or pod. This property allows you to control the group ownership for files and processes within the pod, ensuring consistent group-level permissions during runtime.
RunAsNonRootget; setbool? Specifies whether the container should run as a non-root user. If set to true, it enforces that the container does not run as a root user. A value of null indicates no explicit preference.
RunAsUserget; setlong? Specifies the user ID to run the container or pod processes as. If set, this overrides the user ID specified in the container image or runtime default.
SeccompProfileget; set Specifies the Seccomp (Secure Computing Mode) profile configuration for a pod or container in Kubernetes to restrict system calls made by workloads to enhance security.
SeLinuxOptionsget; set Defines the SELinux options that control the security labeling applied to the pod or container. SELinuxOptions are part of the SELinux security mechanism in Linux, allowing fine-grained access control and isolation.
SupplementalGroupsgetList<long> Gets the list of supplementary group IDs that are applied to the container's process. Supplemental groups provide additional Unix group IDs that the container's main process should run as, in addition to the primary group. This property is typically used to grant access permissions to resources shared by multiple Unix groups.
SupplementalGroupsPolicyget; setstring Specifies the policy for handling supplemental groups in the security context of a Kubernetes pod. This property determines how the system assigns or enforces supplemental groups for the containers within the pod. It allows for the control of additional group memberships that the container processes can utilize beyond the primary group.
Sysctlsget Represents a collection of kernel parameters (sysctls) for a pod in Kubernetes. Sysctls are used to configure the kernel parameters at runtime, affecting the behavior of the operating system for the container.
WindowsOptionsget; set Represents Windows-specific security context options for a Kubernetes pod or container. Provides customization settings for Windows-based environments.