K8s for Data Engineers — Security Context
Published in
4 min readMar 16, 2024
setting the boundaries for the privilege of container on the host
Part I | Part II | Part III | Part IV | Part V | Part VI | Part VII | Part VIII | Part IX
When we run a Pod by default it runs as root.
kubectl run busybox1 --image=busybox:1.36 -- sleep 3600
kubectl exec -it busybox1 -c busybox1 -- bash
id
uid=0(root) gid=0(root) groups=0(root)
If a process is running with uid=0, even in the container, it can access resources (filesystem, process, n/w interface, system config) on the…