Security Context
Understand how to use security context in Kubernetes.
Concept and Usage of Security Context
Security context defines privilege and access control settings for a Pod or Container. So, we can choose to configure the security context at the Pod level or at the Container level.
-
Remember, the security context defined at the Container level will override the Pod level security context.
-
capabilities
field is used to add or drop capabilities for a container, it is only supported at the container level, not at the pod level.- capabilities are a fine-grained way to control the privileges of processes. By adding specific capabilities, you can grant a container additional privileges without giving it full root access.
-
For
runAsUser
, you need to tied it with the user in the Dockerfile when you create a username with uid in the Dockerfile. For example, you have a Dockerfile like this, then in the security context you can userunAsUser: 1000
to run the container with the usermyuser
with, so the container will refer to the usermyuser
with uid1000
in the Dockerfile.Dockerfile