A security context defines privilege and access control settings for a Pod or Container.
When you run a docker container you have the option to define a set of security standards such as the id of the user to run the container.
Kubernetes containers are encapsulated in pods. You may choose to configure the security settings at a container level or at a pod level.
- If you configure it at a pod level the settings will carry over to all the containers within the pod.
- If you configure it at both a pod and a container the settings on the container will override.
apiVersion: v1 kind: Pod metadata: name: sample-ubuntu-pod spec: securityContext: runAsUser: 1000 containers: - name: ubuntu image: ubuntu command: ["sleep", "3600"]
$ kubectl create -f sample-ubuntu-pod.yaml pod/sample-ubuntu-pod created
apiVersion: v1 kind: Pod metadata: name: sample-ubuntu-pod spec: containers: - name: ubuntu image: ubuntu command: ["sleep", "3600"] securityContext: runAsUser: 1000 # capabilities: # add: ["Admin"] # Capabilities are only supported at the container level and not at the pod level