• Actualités techniques
• Blockchain
• Business model and startup mistakes
• Devoxx
• Docker and Kubernetes
  • Docker
  • Kubernetes Admin
  • Kubernetes Core
    • Accessing a Kubernetes cluster
    • Acronyms
    • Architecture
    • Configuration
    • Installation
    • Linux Foundation
    • Object types
    • Security and monitoring
      • 1. Authentication
      • 2. Authorization
      • 3. Admission Control
      • Limit and Quota Management
      • Liveness and Readiness Probes
      • Monitoring, Logging, Troubleshooting
      • Network Policies
      • Pod Security Policies
      • Security Context
    • Volumes
  • Kubernetes Ecosystem
• GIT
• GitHub
• Jenkins
• Languages
• Legal aspects
• Management et RH
• Organisation
• Privacy
• RDF
• Reactive and microservices
• Security
• Software Engineering
• Spring
• SQL and NoSQL
• UML
• Web Design

Security Context

Configure a Security Context for a Pod or Container
Security Context documentation

Security Context can be defined

• at pod level
• at container level

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: busybox
    command: [ "sh", "-c", "sleep 1h" ]
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        add: ["NET_ADMIN", "SYS_TIME"]

• CapInh bitmap of inheritable capabilities
• CapPrm bitmap of permitted capabilities
• CapEff bitmap of effective capabilities
• CapBnd bitmap of capabilities bounding set
• CapAmb bitmap of ambient capabilities

Proudly Powered by Zim 0.75.2.

Template by Etienne Gandrille, based on ZeroFiveEight and using JQuery Toc Plugin.