Difference between revisions of "Spec.securityContext"

securityContext:

spec:
 securityContext:
   runAsNonRoot: true

runAsNonRoot
runAsUser
runAsGroup

Errors

• Error: container's runAsUser breaks non-root policy

Related

• Kubernetes changelog: AppArmor profiles can now be configured through fields on the PodSecurityContext and container SecurityContext

See also

• containerSecurityContext, spec.securityContext, spec.securityContext.runAsUser, spec.securityContext.fsGroup
• CKA: v1.28: API, Namespace, Pods, secrets, Services, deployments, nodes, Volumes, Ingress, CKS
• Kubernetes security, OPA, EKS security, PSA, PSS, CKS, SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllers admissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes), kubernetes.io/enforce-mountable-secrets, Auditing