Security Context configuration
Setting the fsGroup
at a global level ensures that all resources such as PVC
and configMaps
are mounted with the same Owner and prevents access errors at run-time
See Configure a Security Context for a Pod or Container
global:
podSecurityContext:
fsGroup: 65534
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
podSecurityContext
podSecurityContext
is used to set pod wide privilege and access levels.
Where a local podSecurityContext
is present, it will be merged with the global
securityContext
securityContext
is used to set privilege and access levels at a container level.
Where a local securityContext
is present, it will be merged with the global