PodSandbox

Jan 1, 0001

Definition

PodSandbox is a concept in Kubernetes that refers to an environment where a pod’s containers are executed. It provides the necessary isolation and resource management for the containers within a pod, ensuring they have a consistent runtime environment. The PodSandbox is responsible for networking, storage, and other infrastructure-level configurations that support the containers’ operation.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  securityContext:
    runAsNonRoot: true
    seccompProfile:
      type: RuntimeDefault
  containers:
  - name: secure-container
    image: nginx:latest
    securityContext:
      capabilities:
        drop:
        - ALL
      readOnlyRootFilesystem: true

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
  - name: insecure-container
    image: nginx:latest
    securityContext:
      privileged: true
      capabilities:
        add:
        - NET_ADMIN

PodSandbox

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter