Podsecuritycontext

TypeTrait

Parameters

Parameter	Type	Required	Default	Description
runAsNonRoot	boolean	Yes	`true`	Specify if the container runs as a non-root user
appArmorProfile	object	No		Specify the AppArmor profile for the pod
fsGroup	integer	No
runAsGroup	integer	No
runAsUser	integer	No		Specify the UID to run the entrypoint of the container process
seccompProfile	object	No		Specify the seccomp profile for the pod

Template

The following tabs display the definition's Cue template and the rendered YAML. The rendered YAML is the output of the Cue template when the definition is applied to a cluster.

podsecuritycontext: { type: "trait" annotations: {} labels: { "definition.spectrocloud.com/category": "Security" } description: "Adds security context to the pod spec in path 'spec.template.spec.securityContext'." attributes: {} } template: { patch: spec: template: spec: { securityContext: { if parameter.appArmorProfile != _|_ { appArmorProfile: parameter.appArmorProfile } if parameter.fsGroup != _|_ { fsGroup: parameter.fsGroup } if parameter.runAsGroup != _|_ { runAsGroup: parameter.runAsGroup } if parameter.runAsUser != _|_ { runAsUser: parameter.runAsUser } if parameter.seccompProfile != _|_ { seccompProfile: parameter.seccompProfile } runAsNonRoot: parameter.runAsNonRoot } } parameter: { // +usage=Specify the AppArmor profile for the pod appArmorProfile?: { type: "RuntimeDefault" | "Unconfined" | "Localhost" // +usage: localhostProfile is required when type is 'Localhost' localhostProfile?: string } fsGroup?: int runAsGroup?: int // +usage=Specify the UID to run the entrypoint of the container process runAsUser?: int // +usage=Specify if the container runs as a non-root user runAsNonRoot: *true | bool // +usage=Specify the seccomp profile for the pod seccompProfile?: { type: "RuntimeDefault" | "Unconfined" | "Localhost" // +usage: localhostProfile is required when type is 'Localhost' localhostProfile?: string } } }

Parameters​

Template​

Parameters

Template