CozyFex
Posts Tags Categories English
CozyFex

Contents

Kubernetes Security Context

CozyFex included in kubernetes k8s orchestration
   117 words   One minute 

Container Security Context

1

docker run --user=1001 ubunut sleep

1

docker run --cap-add MAC_ADMIN ubunut

Kubernetes Security Context

securityContext
In YAML, focus on securityContext.

POD Context

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
sepc:
  securityContext:
    runAsUser: 1000
  containers:
    - name: ubuntu
      image: ubunut
      command: [ "sleep", "3600" ]

Containers Security Context

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
sepc:
containers:
  - name: ubuntu
    image: ubunut
    command: [ "sleep", "3600" ]
    securityContext:
      runAsUser: 1000
      capabilities:
        add: [ "MAC_ADMIN" ]
capabilities
Capabilities are only supported at the container level and not at the POD level.
Updated on 2021-05-28
Read Markdown
 kubernetessecuritycontext
Back | Home