Difference between revisions of "Kubernetes securityContext"

Revision as of 14:44, 17 July 2021

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Understand SecurityContext field in the Pod specification.

A security context defines privilege and access control settings for a Pod or Container.

The securityContext field is a PodSecurityContext object.

Example

pods/security/security-context.yaml

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false

Related terms

CKA v1.21: Understand SecurityContexts: securityContext (Pod)
CKA v1.18: Define security contexts
CKA v1.15: Understand SecurityContexts

CKA: v1.28: API, Namespace, Pods, secrets, Services, deployments, nodes, Volumes, Ingress, CKS
Kubernetes: distributions, tools, CKA, CKS, Kubernetes interfaces: CSI, CNI, installation, workloads, networking, kubeadm, Kubernetes API, Kubernetes API Server, kubectl, kubeadm, kubelet, kube-proxy, Cloud services: EKS, GKE, TKE, DKS, Helm, Kubernetes RBAC, Kubernetes deployments, Minikube, Rancher, OpenShift, Charmed Kubernetes, Ingress, Kubernetes scheduler, Kubernetes Finalizers, logging, Kubernetes operator, Orka, kind:, Kubernetes namespaces, Kubernetes dashboard, Kubernetes Metrics Server, Field Selectors, CoreDNS, CRI, Kubernetes Topology Manager, Kubernetes governance: (SIG, KEP), Kustomize, controllers, ReadinessProbe, LivenessProbe, KOPS, K9s, Kui, k3s, ImagePullBackOff, PDB, EndPoints, Kots, metadata, Karpenter, Replicated.com, Kubernetes Authenticating, Kubernetes timeline, Changelog/Versions, service accounts, Kubernetes Pod Lifecycle, Kubernetes Conformance Certified, Kubernetes backup, Kubernetes Pod Security Admission, tEKS, Kubernetes events, Kubernetes ports, Kubernetes policies, Connect, addons, DoKC, Kubernetes control plane, Kubernetes Federation, Kubernetes info, Kubetest2, Sidecar (Kubernetes)

Revision as of 14:42, 17 July 2021 (edit) 86.98.68.109 (talk) (→‎Example) ← Older edit		Revision as of 14:44, 17 July 2021 (edit) (undo) 86.98.68.109 (talk) (→‎See also) Newer edit →
Line 45:		Line 45:

	[[Category:K8s]]		[[Category:K8s]]
		+	[[Category:CKA]]

Difference between revisions of "Kubernetes securityContext"

Revision as of 14:44, 17 July 2021

Example

Related terms

See also

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools