Package io.strimzi.plugin.security.profiles

Interface PodSecurityProvider

All Known Implementing Classes:
BaselinePodSecurityProvider, RestrictedPodSecurityProvider
public interface PodSecurityProvider
Interface describing the Pod Security Provider. It contains the methods called to get security context for all the different pods and containers used by Strimzi.

  • Method Details

    • configure

      void configure(PlatformFeatures platformFeatures)
      A method called first to initiate the provider. It is always called before any of the other methods for providing security context are called. This method can be used to preconfigure the provider based on the platform it is running on. But it can also configure the provider based on information from additional sources (for example environment variables).
      Parameters:
      platformFeatures - Describes the platform we are running on and the features it provides

    • zooKeeperPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext zooKeeperPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the ZooKeeper pods. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the ZooKeeper pods

    • zooKeeperContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext zooKeeperContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the ZooKeeper containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the ZooKeeper containers

    • kafkaPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext kafkaPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Kafka pods. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Kafka pods

    • kafkaContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka containers

    • kafkaInitContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaInitContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka init containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka init containers

    • entityOperatorPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext entityOperatorPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Entity Operator pod. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Entity Operator pod

    • entityTopicOperatorContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext entityTopicOperatorContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Topic Operator container. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Topic Operator container

    • entityUserOperatorContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext entityUserOperatorContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the User Operator container. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the User Operator container

    • entityOperatorTlsSidecarContainerSecurityContext

      @Deprecated default io.fabric8.kubernetes.api.model.SecurityContext entityOperatorTlsSidecarContainerSecurityContext(ContainerSecurityProviderContext context)
      Deprecated.
      Provides the (container) security context for the TLS sidecar container. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the TLS sidecar container

    • kafkaExporterPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext kafkaExporterPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Kafka Exporter pod. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Kafka Exporter pod

    • kafkaExporterContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaExporterContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka Exporter container. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka Exporter container

    • cruiseControlPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext cruiseControlPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Cruise Control pod. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Cruise Control pod

    • cruiseControlContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext cruiseControlContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Cruise Control container. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Cruise Control container

    • jmxTransPodSecurityContext

      @Deprecated default io.fabric8.kubernetes.api.model.PodSecurityContext jmxTransPodSecurityContext(PodSecurityProviderContext context)
      Deprecated.
      Previously, this method was responsible for providing PodSecurityContext for the JMXTrans deployment in Strimzi. However, since JMXTrans is no longer supported, this method has been deprecated and always returns null.
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the JMXTrans pod

    • jmxTransContainerSecurityContext

      @Deprecated default io.fabric8.kubernetes.api.model.SecurityContext jmxTransContainerSecurityContext(ContainerSecurityProviderContext context)
      Deprecated.
      Previously, this method was responsible for providing SecurityContext for the JMXTrans container in Strimzi. However, since JMXTrans is no longer supported, this method has been deprecated and always returns null.
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the JMXTrans container

    • kafkaConnectPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext kafkaConnectPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Kafka Connect pods. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Kafka Connect pods

    • kafkaConnectContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaConnectContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka Connect containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka Connect containers

    • kafkaConnectInitContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaConnectInitContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka Connect init containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka Connect init containers

    • kafkaConnectBuildPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext kafkaConnectBuildPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Kafka Connect Build (Kaniko) pod. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Kafka Connect Build (Kaniko) pod

    • kafkaConnectBuildContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaConnectBuildContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka Connect Build container. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka Connect Build container

    • kafkaMirrorMakerPodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext kafkaMirrorMakerPodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Kafka Mirror Maker 1 pods. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Kafka Mirror Maker 1 pods

    • kafkaMirrorMakerContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext kafkaMirrorMakerContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka Mirror Maker 1 containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka Mirror Maker 1 containers

    • bridgePodSecurityContext

      default io.fabric8.kubernetes.api.model.PodSecurityContext bridgePodSecurityContext(PodSecurityProviderContext context)
      Provides the Pod security context for the Strimzi Bridge pods. The default implementation just returns the security context configured by the user in the template section or null (no Pod security context).
      Parameters:
      context - Provides the context which can be used to generate the Pod security context
      Returns:
      Pod security context which will be set for the Strimzi Bridge pods

    • bridgeContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext bridgeContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Strimzi Bridge containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Strimzi Bridge containers

    • bridgeInitContainerSecurityContext

      default io.fabric8.kubernetes.api.model.SecurityContext bridgeInitContainerSecurityContext(ContainerSecurityProviderContext context)
      Provides the (container) security context for the Kafka Bridge init containers. The default implementation just returns the security context configured by the user in the template section or null (no security context).
      Parameters:
      context - Provides the context which can be used to generate the security context
      Returns:
      Security context which will be set for the Kafka Bridge init containers