Pods and containers should apply a security context¶
A security context controls a variety of settings for access control, Linux capabilities, and privileges. The security context may be set at the pod or the container level. Reference the Kubernetes documentation for specific recommendations for each setting.
Kubernetes Manifest (YAML)¶
Ensure that a Kubernetes.Pod has a
securityContext object set at the pod
apiVersion: v1 kind: Pod metadata: name: hello spec: securityContext: runAsUser: 1001 containers: - name: hello image: busybox command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600'] securityContext: capabilities: drop: ["ALL"] # other required fields here