Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.Batch.Types.EksContainerSecurityContext

Description

Documentation

data EksContainerSecurityContext Source #

The security context for a job. For more information, see Configure a security context for a pod or container in the Kubernetes documentation.

See: newEksContainerSecurityContext smart constructor.

Constructors

EksContainerSecurityContext'

Fields

privileged :: Maybe Bool
When this parameter is true, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is false. This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation.
readOnlyRootFilesystem :: Maybe Bool
When this parameter is true, the container is given read-only access to its root file system. The default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation.
runAsGroup :: Maybe Integer
When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation.
runAsNonRoot :: Maybe Bool
When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation.
runAsUser :: Maybe Integer
When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to RunAsUser and MustRanAs policy in the Users and groups pod security policies in the Kubernetes documentation.

Instances

Instances details

FromJSON EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods parseJSON :: Value -> Parser EksContainerSecurityContext # parseJSONList :: Value -> Parser [EksContainerSecurityContext] #
ToJSON EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods toJSON :: EksContainerSecurityContext -> Value # toEncoding :: EksContainerSecurityContext -> Encoding # toJSONList :: [EksContainerSecurityContext] -> Value # toEncodingList :: [EksContainerSecurityContext] -> Encoding #
Generic EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Associated Types type Rep EksContainerSecurityContext :: Type -> Type # Methods from :: EksContainerSecurityContext -> Rep EksContainerSecurityContext x # to :: Rep EksContainerSecurityContext x -> EksContainerSecurityContext #
Read EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods readsPrec :: Int -> ReadS EksContainerSecurityContext # readList :: ReadS [EksContainerSecurityContext] # readPrec :: ReadPrec EksContainerSecurityContext # readListPrec :: ReadPrec [EksContainerSecurityContext] #
Show EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods showsPrec :: Int -> EksContainerSecurityContext -> ShowS # show :: EksContainerSecurityContext -> String # showList :: [EksContainerSecurityContext] -> ShowS #
NFData EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods rnf :: EksContainerSecurityContext -> () #
Eq EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods (==) :: EksContainerSecurityContext -> EksContainerSecurityContext -> Bool # (/=) :: EksContainerSecurityContext -> EksContainerSecurityContext -> Bool #
Hashable EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext Methods hashWithSalt :: Int -> EksContainerSecurityContext -> Int # hash :: EksContainerSecurityContext -> Int #
type Rep EksContainerSecurityContext Source #
Instance details Defined in Amazonka.Batch.Types.EksContainerSecurityContext type Rep EksContainerSecurityContext = D1 ('MetaData "EksContainerSecurityContext" "Amazonka.Batch.Types.EksContainerSecurityContext" "amazonka-batch-2.0-Ey2VZ5obnq65VwmlrJ2r2K" 'False) (C1 ('MetaCons "EksContainerSecurityContext'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "privileged") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :: S1 ('MetaSel ('Just "readOnlyRootFilesystem") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool))) :: (S1 ('MetaSel ('Just "runAsGroup") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Integer)) :: (S1 ('MetaSel ('Just "runAsNonRoot") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :: S1 ('MetaSel ('Just "runAsUser") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Integer))))))

newEksContainerSecurityContext :: EksContainerSecurityContext Source #

Create a value of EksContainerSecurityContext with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:privileged:EksContainerSecurityContext', eksContainerSecurityContext_privileged - When this parameter is true, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is false. This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation.

$sel:readOnlyRootFilesystem:EksContainerSecurityContext', eksContainerSecurityContext_readOnlyRootFilesystem - When this parameter is true, the container is given read-only access to its root file system. The default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation.

$sel:runAsGroup:EksContainerSecurityContext', eksContainerSecurityContext_runAsGroup - When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation.

$sel:runAsNonRoot:EksContainerSecurityContext', eksContainerSecurityContext_runAsNonRoot - When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation.

$sel:runAsUser:EksContainerSecurityContext', eksContainerSecurityContext_runAsUser - When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to RunAsUser and MustRanAs policy in the Users and groups pod security policies in the Kubernetes documentation.

eksContainerSecurityContext_privileged :: Lens' EksContainerSecurityContext (Maybe Bool) Source #

When this parameter is true, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is false. This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation.

eksContainerSecurityContext_readOnlyRootFilesystem :: Lens' EksContainerSecurityContext (Maybe Bool) Source #

When this parameter is true, the container is given read-only access to its root file system. The default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation.

eksContainerSecurityContext_runAsGroup :: Lens' EksContainerSecurityContext (Maybe Integer) Source #

When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation.

eksContainerSecurityContext_runAsNonRoot :: Lens' EksContainerSecurityContext (Maybe Bool) Source #

When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation.

eksContainerSecurityContext_runAsUser :: Lens' EksContainerSecurityContext (Maybe Integer) Source #

When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to RunAsUser and MustRanAs policy in the Users and groups pod security policies in the Kubernetes documentation.