Difference between revisions of "Spec.securityContext"
Jump to navigation
Jump to search
(One intermediate revision by the same user not shown) | |||
Line 5: | Line 5: | ||
[[runAsUser]]: 1000 | [[runAsUser]]: 1000 | ||
[[runAsGroup]]: 3000 | [[runAsGroup]]: 3000 | ||
− | fsGroup: 2000 | + | [[fsGroup]]: 2000 |
[[spec:]] | [[spec:]] | ||
Line 23: | Line 23: | ||
* [[Kubernetes changelog]]: [[AppArmor]] profiles can now be configured through fields on the <code>[[PodSecurityContext]]</code> and container <code>[[SecurityContext]]</code> | * [[Kubernetes changelog]]: [[AppArmor]] profiles can now be configured through fields on the <code>[[PodSecurityContext]]</code> and container <code>[[SecurityContext]]</code> | ||
* [[Configure a Security Context for a Pod or Container]]: <code>[[kind: Pod]]</code> | * [[Configure a Security Context for a Pod or Container]]: <code>[[kind: Pod]]</code> | ||
− | * <code>[[USER | + | * <code>[[USER]]</code> |
== See also == | == See also == |
Latest revision as of 18:59, 27 October 2024
spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000
spec: securityContext: runAsNonRoot: true
Contents
Examples[edit]
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
Errors[edit]
Related[edit]
- Kubernetes changelog: AppArmor profiles can now be configured through fields on the
PodSecurityContext
and containerSecurityContext
- Configure a Security Context for a Pod or Container:
kind: Pod
USER
See also[edit]
spec.securityContext, spec.securityContext.runAsUser, spec.securityContext.fsGroup
kind: Pod: spec.containers, spec.initContainers, spec.volumes, spec.securityContext
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing
Advertising: