A security context is used in providing operating system level security limitation to pods and containers. A security context is used to control what processes can do within a container. It can be set within a pod specification or container specification. Limitations cans be set based on file-system group, UID and SELINUX roles. Security setting applied to pod can also apply to volumes attached to the pod. Below are sample Security Context examples.
The first example sets a security context that enforces that no container within this pod should run as Root user.
kind: Pod apiVersion: v1 metadata: name: hello spec: securityContext: runAsNonRoot: true containers: - image: busybox name: busybox
In this case, we are using a security context within the container that gives privilege to the container and also uses seLinuxOptions.
apiVersion: v1 kind: Pod metadata: name: hello spec: containers: - image: busybox name: busybox securityContext: privileged: true seLinuxOptions: level: "s0:c123,c456"