Pod

Jan 1, 0001

Definition

A Pod is the smallest deployable unit in Kubernetes, representing a single instance of a running process in a cluster. It can contain one or more containers that share the same network namespace and storage volumes, allowing them to communicate and share data efficiently. Pods are designed to support co-located, co-scheduled processes that form a cohesive unit of service.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  containers:
  - name: secure-container
    image: nginx:latest
    securityContext:
      runAsNonRoot: true
      capabilities:
        drop:
        - ALL
  volumes:
  - name: secure-volume
    emptyDir: {}
  podSecurityContext:
    fsGroup: 1000

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
  - name: insecure-container
    image: nginx:latest
    securityContext:
      privileged: true
      runAsUser: 0
  volumes:
  - name: insecure-volume
    hostPath:
      path: /var/run/docker.sock

Pod

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter