Kubernetes securityContext
Jump to navigation
Jump to search
A security context defines privilege and access control settings for a Pod or Container.
The securityContext field is a PodSecurityContext object.
- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- https://jamesdefabia.github.io/docs/user-guide/security-context/
- https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context
kind: Pod kind: Deployment
Contents
Example[edit]
pods/security/security-context.yaml
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
Related terms[edit]
- CKA v1.21: Understand SecurityContexts:
securityContext(Pod) - CKA v1.18: Define security contexts
- CKA v1.15: Understand SecurityContexts
RunAsUser:
Activities[edit]
- Understand
SecurityContextfield in the Pod specification.
See also[edit]
- CKA: v1.28: API, Namespace, Pods, secrets, Services, deployments, nodes, Volumes, Ingress, CKS
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets, Auditing
Advertising:
