INPUT_OBJECT
KubernetesKindStatefulSetSpecTemplateSpecContainersSecurityContextInput
Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
link GraphQL Schema definition
- input KubernetesKindStatefulSetSpecTemplateSpecContainersSecurityContextInput {
- # AllowPrivilegeEscalation controls whether a process can gain more privileges
- # than its parent process. This bool directly controls if the no_new_privs flag
- # will be set on the container process. AllowPrivilegeEscalation is true always
- # when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN
- Boolean :
- # The capabilities to add/drop when running containers. Defaults to the default
- # set of capabilities granted by the container runtime.
- KubernetesKindStatefulSetSpecTemplateSpecContainersSecurityContextCapabilitiesInput :
- # Run container in privileged mode. Processes in privileged containers are
- # essentially equivalent to root on the host. Defaults to false.
- Boolean :
- # procMount denotes the type of proc mount to use for the containers. The default
- # is DefaultProcMount which uses the container runtime defaults for readonly paths
- # and masked paths. This requires the ProcMountType feature flag to be enabled.
- String :
- # Whether this container has a read-only root filesystem. Default is false.
- Boolean :
- # The GID to run the entrypoint of the container process. Uses runtime default if
- # unset. May also be set in PodSecurityContext. If set in both SecurityContext
- # and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Int :
- # Indicates that the container must run as a non-root user. If true, the Kubelet
- # will validate the image at runtime to ensure that it does not run as UID 0
- # (root) and fail to start the container if it does. If unset or false, no such
- # validation will be performed. May also be set in PodSecurityContext. If set in
- # both SecurityContext and PodSecurityContext, the value specified in
- # SecurityContext takes precedence.
- Boolean :
- # The UID to run the entrypoint of the container process. Defaults to user
- # specified in image metadata if unspecified. May also be set in
- # PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the
- # value specified in SecurityContext takes precedence.
- Int :
- # The SELinux context to be applied to the container. If unspecified, the
- # container runtime will allocate a random SELinux context for each container.
- # May also be set in PodSecurityContext. If set in both SecurityContext and
- # PodSecurityContext, the value specified in SecurityContext takes precedence.
- KubernetesKindStatefulSetSpecTemplateSpecContainersSecurityContextSeLinuxOptionsInput :
- # The Windows specific settings applied to all containers. If unspecified, the
- # options from the PodSecurityContext will be used. If set in both SecurityContext
- # and PodSecurityContext, the value specified in SecurityContext takes precedence.
- KubernetesKindStatefulSetSpecTemplateSpecContainersSecurityContextWindowsOptionsInput :
- }