Security Context - Sandeep-K-Khandelwal/CKAD GitHub Wiki

We may choose to configure the security settings at a container level or at a POD level. If you configure it at a POD level, the settings will carry over to all the containers within the POD. If you configure it at both the POD and the Container, the settings on the container will override the settings on the POD.

• Security features defined at POD level

apiVersion: v1 
kind: Pod 
metadata:
  name: web-pod 
spec:
  securityContext: 
    runAsUser: 1000
  containers:
  - name: ubuntu
    image: ubuntu
    command: ["sleep", "3600"]

• Security features defined at Container level. Capabilities are defined at the container level only.

apiVersion: v1 
kind: Pod 
metadata:
  name: web-pod 
spec:
  containers:
  - name: ubuntu
    image: ubuntu
    command: ["sleep", "3600"]
    securityContext: 
      runAsUser: 1000
      capabilities:
        add: ["MAC_ADMIN"]