Skip to content

Security Context configuration

Setting the fsGroup at a global level ensures that all resources such as PVC and configMaps are mounted with the same Owner and prevents access errors at run-time

See Configure a Security Context for a Pod or Container

global:
  podSecurityContext: 
    fsGroup: 65534

  securityContext:
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    runAsUser: 65534

podSecurityContext

podSecurityContext is used to set pod wide privilege and access levels.

Where a local podSecurityContext is present, it will be merged with the global

securityContext

securityContext is used to set privilege and access levels at a container level.

Where a local securityContext is present, it will be merged with the global