Security Context — Kubernetes
3 min readNov 27, 2023
A security context defines privilege and access control settings for a Pod or Container.
Pod Security Standards
Pod Security Standards are a set of standards that cover the security spectrum at a high level. The three primary standards are:
- Privileged → Open and unrestricted
- Baseline → Minimally restrictive policy, allowing the default pod configuration.
- Restricted → Highly restricted, covering best practices. May cause compatibility issues
Each of these policies defines which fields are restricted within a Pod specification and the allowed values.
- spec.containers[*].ports
- spec.volumes[*].hostPath
- spec.securityContext
- spec.containers[*].securityContext
More https://kubernetes.io/docs/concepts/security/pod-security-standards/
Policy Modes
Policies are applied using modes
- enforce — Any Pods that violate the policy will be rejected
- audit — Pods with violations will be allowed and an audit annotation will be added
- warn — Pods that violate the policy will be allowed and a warning message will be…