Difference between revisions of "Kubernetes securityContext"

A security context defines privilege and access control settings for a Pod or Container.

The securityContext field is a PodSecurityContext object.

• https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
• https://jamesdefabia.github.io/docs/user-guide/security-context/
• https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context

kind: Pod
kind: Deployment

Example

• pods/security/security-context.yaml

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
       allowPrivilegeEscalation: false

Related terms

• CKA v1.21: Understand SecurityContexts: securityContext (Pod)
• CKA v1.18: Define security contexts
• CKA v1.15: Understand SecurityContexts

Activities

• Understand SecurityContext field in the Pod specification.

See also

• CKA: v1.28: API, Namespace, Pods, secrets, Services, deployments, nodes, Volumes, Ingress, CKS
• Kubernetes security, OPA, EKS security, PSA, PSS, CKS, SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllers admissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes), kubernetes.io/enforce-mountable-secrets, Auditing