Difference between revisions of "Spec.securityContext"

From wikieduonline
Jump to navigation Jump to search
Tag: New redirect
 
 
(29 intermediate revisions by the same user not shown)
Line 1: Line 1:
#REDIRECT [[Kubernetes SecurityContext]]
+
{{lc}}
 +
 
 +
spec:
 +
  securityContext:
 +
    [[runAsUser]]: 1000
 +
    [[runAsGroup]]: 3000
 +
    [[fsGroup]]: 2000
 +
 
 +
[[spec:]]
 +
  securityContext:
 +
    [[runAsNonRoot]]: true
 +
 
 +
 
 +
 
 +
== Examples ==
 +
{{kind_pod_securitycontext}}
 +
 
 +
 
 +
== Errors ==
 +
* <code>[[Error: container's runAsUser breaks non-root policy]]</code>
 +
 
 +
== Related ==
 +
* [[Kubernetes changelog]]:  [[AppArmor]] profiles can now be configured through fields on the <code>[[PodSecurityContext]]</code> and container <code>[[SecurityContext]]</code>
 +
* [[Configure a Security Context for a Pod or Container]]: <code>[[kind: Pod]]</code>
 +
* <code>[[USER]]</code>
 +
 
 +
== See also ==
 +
* {{SecurityContext}}
 +
* {{kind: Pod}}
 +
* {{K8s security}}
 +
 
 +
[[Category:K8s]]

Latest revision as of 18:59, 27 October 2024

spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
spec:
 securityContext:
   runAsNonRoot: true


Examples[edit]

 apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox:1.28
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false


Errors[edit]

Related[edit]

See also[edit]

Advertising: