bookmark_borderSecurity Contexts

kubectl exec ubuntu-sleeper -- whoami

Edit the pod ‘ubuntu-sleeper’ to run the sleep process with user ID 1010.

Note: Only make the necessary changes. Do not modify the name or image of the pod.

  • Pod Name: ubuntu-sleeper
  • Image Name: ubuntu
  • SecurityContext: User 1010
apiVersion: v1
kind: Pod
metadata:
  name: ubuntu-sleeper
  namespace: default
spec:
  securityContext:
    runAsUser: 1010
  containers:
  - command:
    - sleep
    - "4800"
    image: ubuntu
    name: ubuntu-sleeper

  • The User ID defined in the securityContext of the container overrides the User ID in the POD.
apiVersion: v1
kind: Pod
metadata:
  name: multi-pod
spec:
  securityContext:
    runAsUser: 1001
  containers:
  -  image: ubuntu
     name: web
     command: ["sleep", "5000"]
     securityContext:
      runAsUser: 1002

  -  image: ubuntu
     name: sidecar
     command: ["sleep", "5000"]
kubectl exec -it ubuntu-sleeper -- date -s '19 APR 2012 11:14:00'

Update pod ‘ubuntu-sleeper‘ to run as Root user and with the ‘SYS_TIME’ capability.

apiVersion: v1
kind: Pod
metadata:
  name: ubuntu-sleeper
  namespace: default
spec:
  containers:
  - command:
    - sleep
    - "4800"
    image: ubuntu
    name: ubuntu-sleeper
    securityContext:
      capabilities:
        add: ["SYS_TIME"]

Note: Only make the necessary changes. Do not modify the name of the pod.Check

ANOTE.DEV