Difference between revisions of "Kubernetes securityContext"
Jump to navigation
Jump to search
Line 28: | Line 28: | ||
mountPath: /data/demo | mountPath: /data/demo | ||
securityContext: | securityContext: | ||
− | + | allowPrivilegeEscalation: false | |
== Related terms == | == Related terms == |
Revision as of 12:40, 25 May 2022
A security context defines privilege and access control settings for a Pod or Container.
The securityContext
field is a PodSecurityContext
object.
Contents
Example
pods/security/security-context.yaml
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
Related terms
- CKA v1.21: Understand SecurityContexts:
securityContext
(Pod) - CKA v1.18: Define security contexts
- CKA v1.15: Understand SecurityContexts
Activities
- Understand
SecurityContext
field in the Pod specification.
See also
- CKA: v1.28: API, Namespace, Pods, secrets, Services, deployments, nodes, Volumes, Ingress, CKS
- Kubernetes: distributions, tools, CKA, CKS, Kubernetes interfaces: CSI, CNI, installation, workloads, networking,
kubeadm
,Kubernetes API
, Kubernetes API Server,kubectl, kubeadm, kubelet, kube-proxy
, Cloud services: EKS, GKE, TKE, DKS, Helm, Kubernetes RBAC, Kubernetes deployments, Minikube, Rancher, OpenShift, Charmed Kubernetes, Ingress, Kubernetes scheduler, Kubernetes Finalizers, logging, Kubernetes operator, Orka,kind:
, Kubernetes namespaces, Kubernetes dashboard, Kubernetes Metrics Server, Field Selectors, CoreDNS, CRI, Kubernetes Topology Manager, Kubernetes governance: (SIG, KEP), Kustomize, controllers,ReadinessProbe, LivenessProbe
, KOPS, K9s, Kui, k3s, ImagePullBackOff, PDB, EndPoints, Kots, metadata, Karpenter, Replicated.com, Kubernetes Authenticating, Kubernetes timeline, Changelog/Versions, service accounts, Kubernetes Pod Lifecycle, Kubernetes Conformance Certified, Kubernetes backup, Kubernetes Pod Security Admission, tEKS, Kubernetes events, Kubernetes ports, Kubernetes policies, Connect, addons, DoKC, Kubernetes control plane, Kubernetes Federation, Kubernetes info, Kubetest2, Sidecar (Kubernetes)
Advertising: