Difference between revisions of "Kubernetes securityContext"

From wikieduonline
Jump to navigation Jump to search
 
(10 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
The <code>[[securityContext]]</code> field is a <code>[[PodSecurityContext]]</code> [[object]].
 
The <code>[[securityContext]]</code> field is a <code>[[PodSecurityContext]]</code> [[object]].
  
*https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+
* https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 +
* https://jamesdefabia.github.io/docs/user-guide/security-context/
 +
* https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
  
==Example==
+
[[kind: Pod]]
 +
[[kind: Deployment]]
 +
 
 +
== Example ==
 
* <code>pods/security/security-context.yaml</code>
 
* <code>pods/security/security-context.yaml</code>
  
Line 13: Line 18:
 
   name: security-context-demo
 
   name: security-context-demo
 
  [[spec:]]
 
  [[spec:]]
   securityContext:
+
   [[securityContext:]]
     runAsUser: 1000
+
     [[runAsUser:]] 1000
     runAsGroup: 3000
+
     [[runAsGroup:]] 3000
 
     fsGroup: 2000
 
     fsGroup: 2000
 
   volumes:
 
   volumes:
Line 34: Line 39:
 
* [[CKA v1.18]]: [[Define security contexts]]
 
* [[CKA v1.18]]: [[Define security contexts]]
 
* [[CKA v1.15]]: Understand SecurityContexts
 
* [[CKA v1.15]]: Understand SecurityContexts
 +
* <code>[[RunAsUser:]]</code>
  
 
== Activities ==
 
== Activities ==
 
* Understand <code>SecurityContext</code> field in the [[Pod specification]].
 
* Understand <code>SecurityContext</code> field in the [[Pod specification]].
 
  
 
== See also ==
 
== See also ==
 
* {{CKA}}
 
* {{CKA}}
* {{K8s}}
+
* {{K8s security}}
 
 
  
 
[[Category:K8s]]
 
[[Category:K8s]]
 
[[Category:CKA]]
 
[[Category:CKA]]

Latest revision as of 14:23, 27 November 2023

A security context defines privilege and access control settings for a Pod or Container.

The securityContext field is a PodSecurityContext object. 

kind: Pod
kind: Deployment

Example[edit]

  • pods/security/security-context.yaml
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
       allowPrivilegeEscalation: false

Related terms[edit]

Activities[edit]

See also[edit]

Retrieved from "https://www.wikieduonline.com/index.php?title=Kubernetes_securityContext&oldid=276588"

Advertising: