https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Configure a Security Context for a Pod or Container
A security context defines privilege and access control settings for a Pod or Container. Security context settings include, but are not limited to: Discretionary Access Control: Permission to access an object, like a file, is based on user ID (UID) and gro
kubernetes.io
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
volumes:
- name: sec-ctx-vol
emptyDir: {}
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
securityContext:
runAsUser: 1000
capabilities:
add: ["NET_ADMIN", "SYS_TIME"]- 아래의 Pod manifest는 sidecar container는 1001번 user로, web container는 1002번 user로 실행된다.
apiVersion: v1
kind: Pod
metadata:
name: multi-pod
spec:
securityContext:
runAsUser: 1001
containers:
- image: ubuntu
name: web
command: ["sleep", "5000"]
securityContext:
runAsUser: 1002
- image: ubuntu
name: sidecar
command: ["sleep", "5000"]'CKA' 카테고리의 다른 글
| CoreDNS in Kubernetes (0) | 2022.02.15 |
|---|---|
| Networking (0) | 2022.02.14 |
| Image Security (0) | 2022.02.10 |
| Service Accounts (0) | 2021.10.16 |
| Authentication (0) | 2021.10.16 |