Kubernetes 安全上下文 runAsUser
Kubernetes security context runAsUser
我有多个容器,想 运行 所有容器作为非 root 用户,我知道添加 securityContext 会帮助我,但我需要在所有容器中添加 securityContext 还是在规格等级会有帮助吗?
spec:
template:
metadata: Test image
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
-name: container-1
securityContext:
allowPrivilegeEscalation: false
-name: container-2
securityContext:
allowPrivilegeEscalation: false
问题是,runAsUser 适用于所有容器,即所有容器(container-1、container-2)都将 运行 作为用户 1000,或者我需要在中指定 securityContext所有容器?
The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?
是的。它适用于所有容器,所以如果你想在特定 pod 的所有容器中使用它,你只需要将它添加到 pod spec 中。根据 docs:
The security settings that you specify for a Pod apply to all Containers in the Pod.
我有多个容器,想 运行 所有容器作为非 root 用户,我知道添加 securityContext 会帮助我,但我需要在所有容器中添加 securityContext 还是在规格等级会有帮助吗?
spec:
template:
metadata: Test image
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
-name: container-1
securityContext:
allowPrivilegeEscalation: false
-name: container-2
securityContext:
allowPrivilegeEscalation: false
问题是,runAsUser 适用于所有容器,即所有容器(container-1、container-2)都将 运行 作为用户 1000,或者我需要在中指定 securityContext所有容器?
The question is, runAsUser is applicable to all the container i.e., all the containers (container-1, container-2) will run as user 1000 or I need to specify securityContext in all the container?
是的。它适用于所有容器,所以如果你想在特定 pod 的所有容器中使用它,你只需要将它添加到 pod spec 中。根据 docs:
The security settings that you specify for a Pod apply to all Containers in the Pod.