@@ -3403,6 +3403,200 @@ spec:
34033403 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
34043404 type: object
34053405 type: object
3406+ defaultInitContainerSecurityContext:
3407+ description: DefaultInitContainerSecurityContext is the security
3408+ context for the default init container(s) created by the
3409+ Solr Operator, if any are created.
3410+ properties:
3411+ allowPrivilegeEscalation:
3412+ description: |-
3413+ AllowPrivilegeEscalation controls whether a process can gain more
3414+ privileges than its parent process. This bool directly controls if
3415+ the no_new_privs flag will be set on the container process.
3416+ AllowPrivilegeEscalation is true always when the container is:
3417+ 1) run as Privileged
3418+ 2) has CAP_SYS_ADMIN
3419+ Note that this field cannot be set when spec.os.name is windows.
3420+ type: boolean
3421+ appArmorProfile:
3422+ description: |-
3423+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
3424+ overrides the pod's appArmorProfile.
3425+ Note that this field cannot be set when spec.os.name is windows.
3426+ properties:
3427+ localhostProfile:
3428+ description: |-
3429+ localhostProfile indicates a profile loaded on the node that should be used.
3430+ The profile must be preconfigured on the node to work.
3431+ Must match the loaded name of the profile.
3432+ Must be set if and only if type is "Localhost".
3433+ type: string
3434+ type:
3435+ description: |-
3436+ type indicates which kind of AppArmor profile will be applied.
3437+ Valid options are:
3438+ Localhost - a profile pre-loaded on the node.
3439+ RuntimeDefault - the container runtime's default profile.
3440+ Unconfined - no AppArmor enforcement.
3441+ type: string
3442+ required:
3443+ - type
3444+ type: object
3445+ capabilities:
3446+ description: |-
3447+ The capabilities to add/drop when running containers.
3448+ Defaults to the default set of capabilities granted by the container runtime.
3449+ Note that this field cannot be set when spec.os.name is windows.
3450+ properties:
3451+ add:
3452+ description: Added capabilities
3453+ items:
3454+ description: Capability represent POSIX capabilities
3455+ type
3456+ type: string
3457+ type: array
3458+ x-kubernetes-list-type: atomic
3459+ drop:
3460+ description: Removed capabilities
3461+ items:
3462+ description: Capability represent POSIX capabilities
3463+ type
3464+ type: string
3465+ type: array
3466+ x-kubernetes-list-type: atomic
3467+ type: object
3468+ privileged:
3469+ description: |-
3470+ Run container in privileged mode.
3471+ Processes in privileged containers are essentially equivalent to root on the host.
3472+ Defaults to false.
3473+ Note that this field cannot be set when spec.os.name is windows.
3474+ type: boolean
3475+ procMount:
3476+ description: |-
3477+ procMount denotes the type of proc mount to use for the containers.
3478+ The default value is Default which uses the container runtime defaults for
3479+ readonly paths and masked paths.
3480+ This requires the ProcMountType feature flag to be enabled.
3481+ Note that this field cannot be set when spec.os.name is windows.
3482+ type: string
3483+ readOnlyRootFilesystem:
3484+ description: |-
3485+ Whether this container has a read-only root filesystem.
3486+ Default is false.
3487+ Note that this field cannot be set when spec.os.name is windows.
3488+ type: boolean
3489+ runAsGroup:
3490+ description: |-
3491+ The GID to run the entrypoint of the container process.
3492+ Uses runtime default if unset.
3493+ May also be set in PodSecurityContext. If set in both SecurityContext and
3494+ PodSecurityContext, the value specified in SecurityContext takes precedence.
3495+ Note that this field cannot be set when spec.os.name is windows.
3496+ format: int64
3497+ type: integer
3498+ runAsNonRoot:
3499+ description: |-
3500+ Indicates that the container must run as a non-root user.
3501+ If true, the Kubelet will validate the image at runtime to ensure that it
3502+ does not run as UID 0 (root) and fail to start the container if it does.
3503+ If unset or false, no such validation will be performed.
3504+ May also be set in PodSecurityContext. If set in both SecurityContext and
3505+ PodSecurityContext, the value specified in SecurityContext takes precedence.
3506+ type: boolean
3507+ runAsUser:
3508+ description: |-
3509+ The UID to run the entrypoint of the container process.
3510+ Defaults to user specified in image metadata if unspecified.
3511+ May also be set in PodSecurityContext. If set in both SecurityContext and
3512+ PodSecurityContext, the value specified in SecurityContext takes precedence.
3513+ Note that this field cannot be set when spec.os.name is windows.
3514+ format: int64
3515+ type: integer
3516+ seLinuxOptions:
3517+ description: |-
3518+ The SELinux context to be applied to the container.
3519+ If unspecified, the container runtime will allocate a random SELinux context for each
3520+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
3521+ PodSecurityContext, the value specified in SecurityContext takes precedence.
3522+ Note that this field cannot be set when spec.os.name is windows.
3523+ properties:
3524+ level:
3525+ description: Level is SELinux level label that applies
3526+ to the container.
3527+ type: string
3528+ role:
3529+ description: Role is a SELinux role label that applies
3530+ to the container.
3531+ type: string
3532+ type:
3533+ description: Type is a SELinux type label that applies
3534+ to the container.
3535+ type: string
3536+ user:
3537+ description: User is a SELinux user label that applies
3538+ to the container.
3539+ type: string
3540+ type: object
3541+ seccompProfile:
3542+ description: |-
3543+ The seccomp options to use by this container. If seccomp options are
3544+ provided at both the pod & container level, the container options
3545+ override the pod options.
3546+ Note that this field cannot be set when spec.os.name is windows.
3547+ properties:
3548+ localhostProfile:
3549+ description: |-
3550+ localhostProfile indicates a profile defined in a file on the node should be used.
3551+ The profile must be preconfigured on the node to work.
3552+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
3553+ Must be set if type is "Localhost". Must NOT be set for any other type.
3554+ type: string
3555+ type:
3556+ description: |-
3557+ type indicates which kind of seccomp profile will be applied.
3558+ Valid options are:
3559+
3560+ Localhost - a profile defined in a file on the node should be used.
3561+ RuntimeDefault - the container runtime default profile should be used.
3562+ Unconfined - no profile should be applied.
3563+ type: string
3564+ required:
3565+ - type
3566+ type: object
3567+ windowsOptions:
3568+ description: |-
3569+ The Windows specific settings applied to all containers.
3570+ If unspecified, the options from the PodSecurityContext will be used.
3571+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
3572+ Note that this field cannot be set when spec.os.name is linux.
3573+ properties:
3574+ gmsaCredentialSpec:
3575+ description: |-
3576+ GMSACredentialSpec is where the GMSA admission webhook
3577+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
3578+ GMSA credential spec named by the GMSACredentialSpecName field.
3579+ type: string
3580+ gmsaCredentialSpecName:
3581+ description: GMSACredentialSpecName is the name of
3582+ the GMSA credential spec to use.
3583+ type: string
3584+ hostProcess:
3585+ description: |-
3586+ HostProcess determines if a container should be run as a 'Host Process' container.
3587+ All of a Pod's containers must have the same effective HostProcess value
3588+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
3589+ In addition, if HostProcess is true then HostNetwork must also be set to true.
3590+ type: boolean
3591+ runAsUserName:
3592+ description: |-
3593+ The UserName in Windows to run the entrypoint of the container process.
3594+ Defaults to the user specified in image metadata if unspecified.
3595+ May also be set in PodSecurityContext. If set in both SecurityContext and
3596+ PodSecurityContext, the value specified in SecurityContext takes precedence.
3597+ type: string
3598+ type: object
3599+ type: object
34063600 enableServiceLinks:
34073601 description: Should service environment variables be created
34083602 on containers
0 commit comments