Security Context — Kubernetes

A security context defines privilege and access control settings for a Pod or Container.

Pod Security Standards

Pod Security Standards are a set of standards that cover the security spectrum at a high level. The three primary standards are:

1. Privileged → Open and unrestricted
2. Baseline → Minimally restrictive policy, allowing the default pod configuration.
3. Restricted → Highly restricted, covering best practices. May cause compatibility issues

Each of these policies defines which fields are restricted within a Pod specification and the allowed values.

• spec.containers[*].ports
• spec.volumes[*].hostPath
• spec.securityContext
• spec.containers[*].securityContext

More https://kubernetes.io/docs/concepts/security/pod-security-standards/

Policy Modes

Policies are applied using modes

• enforce — Any Pods that violate the policy will be rejected
• audit — Pods with violations will be allowed and an audit annotation will be added
• warn — Pods that violate the policy will be allowed and a warning message will be…