Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- data EksContainerSecurityContext = EksContainerSecurityContext' {}
- newEksContainerSecurityContext :: EksContainerSecurityContext
- eksContainerSecurityContext_privileged :: Lens' EksContainerSecurityContext (Maybe Bool)
- eksContainerSecurityContext_readOnlyRootFilesystem :: Lens' EksContainerSecurityContext (Maybe Bool)
- eksContainerSecurityContext_runAsGroup :: Lens' EksContainerSecurityContext (Maybe Integer)
- eksContainerSecurityContext_runAsNonRoot :: Lens' EksContainerSecurityContext (Maybe Bool)
- eksContainerSecurityContext_runAsUser :: Lens' EksContainerSecurityContext (Maybe Integer)
Documentation
data EksContainerSecurityContext Source #
The security context for a job. For more information, see Configure a security context for a pod or container in the Kubernetes documentation.
See: newEksContainerSecurityContext
smart constructor.
EksContainerSecurityContext' | |
|
Instances
newEksContainerSecurityContext :: EksContainerSecurityContext Source #
Create a value of EksContainerSecurityContext
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:privileged:EksContainerSecurityContext'
, eksContainerSecurityContext_privileged
- When this parameter is true
, the container is given elevated
permissions on the host container instance. The level of permissions are
similar to the root
user permissions. The default value is false
.
This parameter maps to privileged
policy in the
Privileged pod security policies
in the Kubernetes documentation.
$sel:readOnlyRootFilesystem:EksContainerSecurityContext'
, eksContainerSecurityContext_readOnlyRootFilesystem
- When this parameter is true
, the container is given read-only access
to its root file system. The default value is false
. This parameter
maps to ReadOnlyRootFilesystem
policy in the
Volumes and file systems pod security policies
in the Kubernetes documentation.
$sel:runAsGroup:EksContainerSecurityContext'
, eksContainerSecurityContext_runAsGroup
- When this parameter is specified, the container is run as the specified
group ID (gid
). If this parameter isn't specified, the default is the
group that's specified in the image metadata. This parameter maps to
RunAsGroup
and MustRunAs
policy in the
Users and groups pod security policies
in the Kubernetes documentation.
$sel:runAsNonRoot:EksContainerSecurityContext'
, eksContainerSecurityContext_runAsNonRoot
- When this parameter is specified, the container is run as a user with a
uid
other than 0. If this parameter isn't specified, so such rule is
enforced. This parameter maps to RunAsUser
and MustRunAsNonRoot
policy in the
Users and groups pod security policies
in the Kubernetes documentation.
$sel:runAsUser:EksContainerSecurityContext'
, eksContainerSecurityContext_runAsUser
- When this parameter is specified, the container is run as the specified
user ID (uid
). If this parameter isn't specified, the default is the
user that's specified in the image metadata. This parameter maps to
RunAsUser
and MustRanAs
policy in the
Users and groups pod security policies
in the Kubernetes documentation.
eksContainerSecurityContext_privileged :: Lens' EksContainerSecurityContext (Maybe Bool) Source #
When this parameter is true
, the container is given elevated
permissions on the host container instance. The level of permissions are
similar to the root
user permissions. The default value is false
.
This parameter maps to privileged
policy in the
Privileged pod security policies
in the Kubernetes documentation.
eksContainerSecurityContext_readOnlyRootFilesystem :: Lens' EksContainerSecurityContext (Maybe Bool) Source #
When this parameter is true
, the container is given read-only access
to its root file system. The default value is false
. This parameter
maps to ReadOnlyRootFilesystem
policy in the
Volumes and file systems pod security policies
in the Kubernetes documentation.
eksContainerSecurityContext_runAsGroup :: Lens' EksContainerSecurityContext (Maybe Integer) Source #
When this parameter is specified, the container is run as the specified
group ID (gid
). If this parameter isn't specified, the default is the
group that's specified in the image metadata. This parameter maps to
RunAsGroup
and MustRunAs
policy in the
Users and groups pod security policies
in the Kubernetes documentation.
eksContainerSecurityContext_runAsNonRoot :: Lens' EksContainerSecurityContext (Maybe Bool) Source #
When this parameter is specified, the container is run as a user with a
uid
other than 0. If this parameter isn't specified, so such rule is
enforced. This parameter maps to RunAsUser
and MustRunAsNonRoot
policy in the
Users and groups pod security policies
in the Kubernetes documentation.
eksContainerSecurityContext_runAsUser :: Lens' EksContainerSecurityContext (Maybe Integer) Source #
When this parameter is specified, the container is run as the specified
user ID (uid
). If this parameter isn't specified, the default is the
user that's specified in the image metadata. This parameter maps to
RunAsUser
and MustRanAs
policy in the
Users and groups pod security policies
in the Kubernetes documentation.