SecurityContext
Definition
A SecurityContext in the context of container orchestration platforms like Kubernetes is a set of configurations that define security-related attributes for a container or pod. These attributes can include user and group IDs, capabilities, privilege escalation settings, and more. The SecurityContext helps enforce security policies and ensure that containers run with the least privilege necessary, reducing the risk of exploitation.
Secure Settings Example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
containers:
- name: secure-container
image: nginx:latest
securityContext:
runAsUser: 1000
runAsGroup: 3000
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
Insecure Settings Example
apiVersion: v1
kind: Pod
metadata:
name: insecure-pod
spec:
containers:
- name: insecure-container
image: nginx:latest
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true
capabilities:
add:
- NET_ADMIN
- SYS_TIME