Difference between revisions of "Spec.securityContext"
Jump to navigation
Jump to search
Line 8: | Line 8: | ||
[[runAsNonRoot]] | [[runAsNonRoot]] | ||
[[runAsUser]] | [[runAsUser]] | ||
+ | runAsUser: 0 | ||
+ | runAsUser: 1000 | ||
+ | |||
[[runAsGroup]] | [[runAsGroup]] | ||
Revision as of 14:55, 22 May 2024
spec: securityContext: runAsNonRoot: true
runAsNonRoot runAsUser runAsUser: 0 runAsUser: 1000
runAsGroup
Contents
Examples
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
Errors
Related
- Kubernetes changelog: AppArmor profiles can now be configured through fields on the
PodSecurityContext
and containerSecurityContext
- Configure a Security Context for a Pod or Container:
kind: Pod
See also
containerSecurityContext, spec.securityContext, spec.securityContext.runAsUser, spec.securityContext.fsGroup
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing
Advertising: