Setup securityContext inside kubernetes deployment
You can use the securityContext
in Deployment
in the same way you use it inside Pod
.
Like it was already suggested by placing it under template.spec
:
apiVersion: apps/v1kind: Deploymentmetadata: name: test-deployment labels: app: testspec: replicas: 3 selector: matchLabels: app: test template: metadata: labels: app: test spec: securityContext: runAsUser: 2000 runAsGroup: 3000 fsGroup: 2000 containers: - name: test image: busybox ports: - containerPort: 80 command: [ "sh", "-c", "sleep 1h" ]
And you can test it:
$ kubectl exec -it test-deployment-54d954d7f-2b582 sh/ $ psPID USER TIME COMMAND 1 2000 0:00 sleep 1h 6 2000 0:00 sh 11 2000 0:00 ps/ $ whoamiwhoami: unknown uid 200