Kubernetes Pod and Container Security: Difference between revisions
Jump to navigation
Jump to search
| Line 5: | Line 5: | ||
=Overview= | =Overview= | ||
Containers instantiated from container images and running in pods in a Kubernetes cluster are executing by default with container image configuration | Containers instantiated from container images and running in pods in a Kubernetes cluster are executing by default with container image configuration - for example, the user and the group various container processes run under are by default specified with the [[Dockerfile#USER|USER directive]] in the container image -, in [[#Privileged_Mode|non-privileged mode]] and using a pre-defined set of [[#Kernel_Capabilities|kernel capabilities]]. The pod and container security contexts, described below, are a declarative method to modify all these run-time settings and get the containers to run with a different configuration. | ||
=Pod Security Context= | =Pod Security Context= | ||
Revision as of 01:32, 20 February 2021
External
Internal
Overview
Containers instantiated from container images and running in pods in a Kubernetes cluster are executing by default with container image configuration - for example, the user and the group various container processes run under are by default specified with the USER directive in the container image -, in non-privileged mode and using a pre-defined set of kernel capabilities. The pod and container security contexts, described below, are a declarative method to modify all these run-time settings and get the containers to run with a different configuration.
Pod Security Context
Container Security Context
Relationship with Pod Security Policy
For more details see: