Security Context
Appears in
.Values.securityContext
Defaults
securityContext: container: PUID: 568 UMASK: "002" runAsNonRoot: true runAsUser: 568 runAsGroup: 568 readOnlyRootFilesystem: true allowPrivilegeEscalation: false privileged: false seccompProfile: type: RuntimeDefault capabilities: add: [] drop: - ALL pod: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [] sysctls: []securityContext.container
Defines the security context for the container. Can be overridden at container level.
See Container Security Context
Default
securityContext: container: PUID: 568 UMASK: "002" runAsNonRoot: true runAsUser: 568 runAsGroup: 568 readOnlyRootFilesystem: true allowPrivilegeEscalation: false privileged: false seccompProfile: type: RuntimeDefault capabilities: add: [] drop: - ALLsecurityContext.container.PUID
Default
securityContext: container: PUID: 568securityContext.container.UMASK
Default
securityContext: container: UMASK: "002"securityContext.container.runAsNonRoot
Default
securityContext: container: runAsNonRoot: truesecurityContext.container.runAsUser
Default
securityContext: container: runAsUser: 568securityContext.container.runAsGroup
Default
securityContext: container: runAsGroup: 568securityContext.container.readOnlyRootFilesystem
See Container Read Only Root Filesystem
Default
securityContext: container: readOnlyRootFilesystem: truesecurityContext.container.allowPrivilegeEscalation
See Container Allow Privilege Escalation
Default
securityContext: container: allowPrivilegeEscalation: falsesecurityContext.container.privileged
Default
securityContext: container: privileged: falsesecurityContext.container.seccompProfile
Default
securityContext: container: seccompProfile: type: RuntimeDefaultsecurityContext.container.seccompProfile.type
See Container Seccomp Profile Type
Default
securityContext: container: seccompProfile: type: RuntimeDefaultsecurityContext.container.seccompProfile.profile
See Container Seccomp Profile Profile
Default
securityContext: container: seccompProfile: profile: ""securityContext.container.capabilities
Default
securityContext: container: capabilities: add: [] drop: - ALLsecurityContext.container.capabilities.add
See Container Capabilities Add
Default
securityContext: container: capabilities: add: []securityContext.container.capabilities.drop
See Container Capabilities Drop
Default
securityContext: container: capabilities: drop: - ALLsecurityContext.pod
Defines the security context for the pod. Can be overridden at pod level.
Default
securityContext: pod: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [] sysctls: []securityContext.pod.fsGroup
See Pod FS Group
Default
securityContext: pod: fsGroup: 568securityContext.pod.fsGroupChangePolicy
See Pod FS Group Change Policy
Default
securityContext: pod: fsGroupChangePolicy: OnRootMismatchsecurityContext.pod.supplementalGroups
Default
securityContext: pod: supplementalGroups: []securityContext.pod.sysctls
See Pod Sysctls
Default
securityContext: pod: sysctls: []Full Examples
securityContext: container: PUID: 568 UMASK: "002" runAsNonRoot: true runAsUser: 568 runAsGroup: 568 readOnlyRootFilesystem: true allowPrivilegeEscalation: false privileged: false seccompProfile: type: RuntimeDefault capabilities: add: - SYS_ADMIN - SYS_PTRACE drop: - ALL pod: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: - 568 - 1000 sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0"