305-998-7702 | 415-800-2922 info@rx-m.com

Security Contexts

Learn how to put the latest open source technology into practice with hands-on training, delivered by industry experts, aligned to your desired business outcomes

Security contexts define privilege and access control settings for a Pod or Container. A securityContext array in a container spec under a pod enables granular control over the user or group a container runs with, the permissions granted to those users, and other options like filesystem access or the ability to run as root.
 
To specify a securityContext, include the securityContext key inside a pod or container manifest:

apiVersion: v1
kind: Pod
metadata:
  name: cka-security-context
spec:
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    securityContext:
      allowPrivilegeEscalation: false
  securityContext:
    runAsUser: 1000

Security contexts allow adjustment of the pod and container security posture and capability. For example, the pod in the spec above runs as a non-root user, and the container is not allowed to use privilege escalation (mechanisms like sudo).
 
Learn more about configuring pod and container security contexts