K8s for Data Engineers — Security Context

setting the boundaries for the privilege of container on the host

Part I | Part II | Part III | Part IV | Part V | Part VI | Part VII | Part VIII | Part IX

When we run a Pod by default it runs as root.

kubectl run busybox1 --image=busybox:1.36 -- sleep 3600
kubectl exec -it busybox1 -c busybox1 -- bash
id
uid=0(root) gid=0(root) groups=0(root)

If a process is running with uid=0, even in the container, it can access resources (filesystem, process, n/w interface, system config) on the…