SecurityContext in Kubernetes

A security context defines privilege and access control settings for a Pod or Container.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

When you run a docker container you have the option to define a set of security standards such as the id of the user to run the container.

Kubernetes containers are encapsulated in pods. You may choose to configure the security settings at a container level or at a pod level.

  • If you configure it at a pod level the settings will carry over to all the containers within the pod.
  • If you configure it at both a pod and a container the settings on the container will override.

Pod Level

apiVersion: v1
kind: Pod
metadata:
  name: sample-ubuntu-pod
spec:
  securityContext:
    runAsUser: 1000
  containers:
    - name: ubuntu
      image: ubuntu
      command: ["sleep", "3600"]
$ kubectl create -f sample-ubuntu-pod.yaml 
pod/sample-ubuntu-pod created
apiVersion: v1
kind: Pod
metadata:
  name: sample-ubuntu-pod
spec:

  containers:
    - name: ubuntu
      image: ubuntu
      command: ["sleep", "3600"]
      securityContext:
        runAsUser: 1000
      # capabilities:
      #   add: ["Admin"]
          # Capabilities are only supported at the container level and not at the pod level

Leave a Reply

Your email address will not be published.

ANOTE.DEV