Security Context

Take me to Video Tutorial

In this section, we will take a look at security context

Container Security

$ docker run --user=1001 ubuntu sleep 3600
$ docker run -cap-add MAC_ADMIN ubuntu

csec

Kubernetes Security

You may choose to configure the security settings at a container level or at a pod level.

ksec

Security Context

To add security context on the container and a field called securityContext under the spec section.

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: ubuntu
    image: ubuntu
    command: ["sleep", "3600"]

sxc1

To set the same context at the container level, then move the whole section under container section.

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
spec:
  containers:
  - name: ubuntu
    image: ubuntu
    command: ["sleep", "3600"]
    securityContext:
      runAsUser: 1000

sxc2

To add capabilities use the capabilities option

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
spec:
  containers:
  - name: ubuntu
    image: ubuntu
    command: ["sleep", "3600"]
    securityContext:
      runAsUser: 1000
      capabilities: 
        add: ["MAC_ADMIN"]

cap

K8s Reference Docs

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Mayur BN

Explorer

25-Security-Context

Security Context

Container Security

Kubernetes Security

Security Context

K8s Reference Docs

Graph View

Table of Contents

Backlinks

Explorer

Recent Notes

Cilium Clustermesh Deployment on Helm or ArgoCD on AKS

01-Course-Introduction

02-Certification

04-ETCD-For-Beginners

12-Resource-Limits