Difference between revisions of "SecurityContext"
Jump to navigation
Jump to search
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
[[spec:]] | [[spec:]] | ||
securityContext: | securityContext: | ||
Line 12: | Line 8: | ||
[[runAsNonRoot]] | [[runAsNonRoot]] | ||
[[runAsUser]] | [[runAsUser]] | ||
+ | runAsUser: 0 | ||
+ | runAsUser: 1000 | ||
+ | |||
[[runAsGroup]] | [[runAsGroup]] | ||
+ | |||
+ | == Examples == | ||
+ | {{kind_pod_securitycontext}} | ||
+ | |||
== Errors == | == Errors == | ||
Line 19: | Line 22: | ||
== Related == | == Related == | ||
* [[Kubernetes changelog]]: [[AppArmor]] profiles can now be configured through fields on the <code>[[PodSecurityContext]]</code> and container <code>[[SecurityContext]]</code> | * [[Kubernetes changelog]]: [[AppArmor]] profiles can now be configured through fields on the <code>[[PodSecurityContext]]</code> and container <code>[[SecurityContext]]</code> | ||
− | * [[Configure a Security Context for a Pod or Container]] | + | * [[Configure a Security Context for a Pod or Container]]: <code>[[kind: Pod]]</code> |
== See also == | == See also == | ||
* {{SecurityContext}} | * {{SecurityContext}} | ||
− | |||
* {{K8s security}} | * {{K8s security}} | ||
[[Category:K8s]] | [[Category:K8s]] | ||
− |
Latest revision as of 14:55, 22 May 2024
spec: securityContext: runAsNonRoot: true
runAsNonRoot runAsUser runAsUser: 0 runAsUser: 1000
runAsGroup
Contents
Examples[edit]
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
Errors[edit]
Related[edit]
- Kubernetes changelog: AppArmor profiles can now be configured through fields on the
PodSecurityContext
and containerSecurityContext
- Configure a Security Context for a Pod or Container:
kind: Pod
See also[edit]
Advertising: