Skip to content

securityContext is not applied to pods and containers

Description

securityContext defines privilege and access control settings for your pod or container, and holds security configurations that will be applied to a container. Some fields are present in both securityContext and PodSecurityContext, when both are set, securityContext takes precedence.

Well-defined privilege and access control settings will enhance assurance that your pod is running with the properties it requires to function.

Fix - Buildtime

Kubernetes

  • Resource: Container / Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
  • Argument: securityContext (Optional)
    A field that defines privilege and access control settings for your Pod or Container.

```yaml Container apiVersion: v1 kind: Pod metadata: name: spec: containers: - name: image: + securityContext:

```yaml Pod
apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
+  securityContext:

```yaml CronJob apiVersion: batch/v1beta1 kind: CronJob metadata: name: spec: schedule: <> jobTemplate: spec: template: spec: + securityContext:

```yaml Other
apiVersion: <>
kind: <kind>
metadata:
  name: <name>
spec:
  template:
    spec:
+       securityContext: