Security Contexts

Security Options in Docker
Applying Security Contexts in Kubernetes
Example: Pod Definition with Container-Level Security Context
Next Steps
Additional Resources

Welcome to this comprehensive lesson on security contexts in Kubernetes. In this tutorial, Mumshad Mannambeth explains how to enhance container security by configuring user IDs and Linux capabilities.

When running Docker containers, you can specify security standards such as the user ID and Linux capabilities. This concept extends to Kubernetes, where you configure security both at the pod level and for individual containers.

Security Options in Docker

Before diving into Kubernetes, here are two examples of how to run Docker containers with specific security settings:

docker run --user=1001 ubuntu sleep 3600
docker run --cap-add MAC_ADMIN ubuntu

These commands illustrate how to set the user ID and modify Linux capabilities when running a container.

Applying Security Contexts in Kubernetes

Kubernetes encapsulates containers within pods, offering flexibility in security configurations. You can apply a security context at the pod level to affect all containers or at the container level, where container settings override the pod defaults if both are specified.

Example: Pod Definition with Container-Level Security Context

The following YAML file defines a pod where an Ubuntu container runs the sleep command. Notice how the security context is set to run the container as user 1000 and includes the added capability MAC_ADMIN.

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
spec:
  containers:
    - name: ubuntu
      image: ubuntu
      command: ["sleep", "3600"]
      securityContext:
        runAsUser: 1000
        capabilities:
          add: ["MAC_ADMIN"]

When both pod-level and container-level security contexts are defined, the container-level settings take precedence.

Next Steps

That’s the end of this lesson on security contexts in Kubernetes. Practice viewing, configuring, and troubleshooting these contexts within your clusters using the coding exercises provided. For more detailed guidance on Kubernetes security, be sure to explore related documentation and resources. Happy coding, and see you in the next lesson!

Additional Resources

Watch Video

Image Security

Network Policies

⌘I

Introduction

Kubernetes Fundamentals

Kubernetes Resources

Scheduling

Container Orchestration Security

Container Orchestration Networking

Container Orchestration Storage

Cloud Native Architecture

Cloud Native Observability

Cloud Native Application Delivery

Conclusion

Container Orchestration Servvice Mesh

Security Options in Docker

Applying Security Contexts in Kubernetes

Example: Pod Definition with Container-Level Security Context

Next Steps

Additional Resources

Watch Video

Introduction

Kubernetes Fundamentals

Kubernetes Resources

Scheduling

Container Orchestration Security

Container Orchestration Networking

Container Orchestration Storage

Cloud Native Architecture

Cloud Native Observability

Cloud Native Application Delivery

Conclusion

Container Orchestration Servvice Mesh

​Security Options in Docker

​Applying Security Contexts in Kubernetes

​Example: Pod Definition with Container-Level Security Context

​Next Steps

​Additional Resources

Watch Video

Security Options in Docker

Applying Security Contexts in Kubernetes

Example: Pod Definition with Container-Level Security Context

Next Steps

Additional Resources