K
Q

Setup securityContext inside kubernetes deployment

7/30/2019

I'm using a nfs mounted volume in my deployments. I need to give it the fsGroup like below:

securityContext:
  runAsUser: 1000
  runAsGroup: 3000
  fsGroup: 2000

Is there a way to make this on the deployment manifest? As I can see on the documentation I can set the securitycontext in the pod yaml only.

-- Manuel Castro
kubernetes
kubernetes-deployment
kubernetes-pod
kubernetes-security

Similar Questions

Assign variable within kubernetes yaml job
Kubectl how to connect to config file
How to exempt a directory when using readOnlyRootFilesystem in kubernetes?
Is there a way/config where I could change default revisionHistoryLimit from 10 to another limit?
Does Kubernetes POD have namespace and cgroup associated with it?

1 Answer

7/31/2019

You can use the securityContext in Deployment in the same way you use it inside Pod.

Like it was already suggested by placing it under template.spec:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-deployment
  labels:
    app: test
spec:
  replicas: 3
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      securityContext:
          runAsUser: 2000
          runAsGroup: 3000
          fsGroup: 2000
      containers:
      - name: test
        image: busybox
        ports:
        - containerPort: 80
        command: [ "sh", "-c", "sleep 1h" ]

And you can test it:

$ kubectl exec -it test-deployment-54d954d7f-2b582  sh
/ $ ps
PID   USER     TIME  COMMAND
    1 2000      0:00 sleep 1h
    6 2000      0:00 sh
   11 2000      0:00 ps
/ $ whoami
whoami: unknown uid 200
-- Crou
Source: StackOverflow