Security Context

Concept and Usage of Security Context

Security context defines privilege and access control settings for a Pod or Container. So, we can choose to configure the security context at the Pod level or at the Container level.

security-context.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
spec:
  securityContext:
    runAsUser: 1000 # Run as user with UID 1000
  containers:
    - name: ubuntu
      image: ubuntu
      command: ["sleep", "3600"]
      securityContext:
        runAsUser: 2000 # This will override the Pod level security context
        capabilities:
          add: ["NET_ADMIN", "SYS_TIME", "MAC_ADMIN"]

Remember, the security context defined at the Container level will override the Pod level security context.
capabilities field is used to add or drop capabilities for a container, it is only supported at the container level, not at the pod level.
- capabilities are a fine-grained way to control the privileges of processes. By adding specific capabilities, you can grant a container additional privileges without giving it full root access.

Pull image with secret Service Account