Hello a question … in which cases should I apply the properties of:
runAsUser & fsGroup in the PODs ?, I have come across them, it was applied but I DO NOT know in which scenarios it should be done.
Thank you.
Hello a question … in which cases should I apply the properties of:
runAsUser & fsGroup in the PODs ?, I have come across them, it was applied but I DO NOT know in which scenarios it should be done.
Thank you.
It’s a kind of security context applied at the pod level and at the container level.
runAsUser: the file’s ownership ID
fsGroup: the group ID for all containers in the pod
Hello, thank you for answering, that if I knew about it, my question is more about in which cases I should apply each one in reality.
Thank you.
Hello @maktup,
The most direct way to apply security-relevant configurations in Kubernetes is the security context.
Under the respective “securityContext”, there are multiple container configurations to choose from, and there are more options.
From a security perspective, you can check and use the following options in the securityContext for each container in Kubernetes:
Here’s an example:
apiVersion: v1
kind: Pod
# ...
metadata:
name: <pod-name>
spec:
containers:
- name: restricted
securityContext:
runAsNonRoot: true
runAsUser: 100000
runAsGroup: 100000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL