Skip to content

kdb products

Image Security Context

kdb products

Home
Home
- About
- KX Community
- KX Academy
- Support
- About KX
kdb+ and q
kdb Insights
kdb Insights
- About
- Free Trial
- Core
  Core
  - About
  - Release notes
    Release notes
    
    4.0.1 (Latest)
    
    Previous Releases
    Previous Releases
    
    4.0.0
    
    3.2.6
    
    3.2.5
    
    3.2.4
    
    3.2.3
    
    3.2.2
    
    3.2.1
    
    3.2.0
    
    3.1.1
    
    3.1.0
    
    3.0.1
    
    3.0.0
    
    2.1.0
    
    2.0.10
    
    2.0.9
    
    2.0.8
    
    2.0.7
    
    2.0.6
    
    2.0.5
    
    2.0.4
    
    2.0.3
    
    2.0.2
    
    2.0.1
    
    2.0.0
    
    1.0.6
    
    1.0.5
    
    1.0.4
    
    1.0.3
    
    1.0.2
    
    1.0.1
    
    1.0.0
  - Prerequisites
  - Contents
  - Quick start
    Quick start
    
    Overview
    
    REST
    REST
    
    Client
    
    Server
    
    Logging
    
    Object storage
    
    Google Cloud Platform
    Google Cloud Platform
    
    Big Query
  - REST API
    REST API
    
    Client
    Client
    
    About
    
    Workflows
    
    Examples
    Examples
    
    Async
    
    Follow redirects
    
    Response headers
    
    Timeouts
    
    Azure API Management
    
    GCP Identity Aware Proxy
    
    Server
    Server
    
    About
    
    API reference
    
    Examples
    Examples
    
    customers
    
    queryclient
    
    queryserver
    
    queryworker
    
    OpenAPI Sample
  - Logging
    Logging
    
    About
    
    API reference
  - Object storage
    Object storage
    
    About
    
    Caching
    
    Examples
  - Packaging
    Packaging
    
    About
    
    Examples
    Examples
    
    About the examples
    
    Basic Tick
    
    Hello C
    
    Labelling
  - pgwire
  - SQL
    SQL
    
    About
    
    SQL Reference
    SQL Reference
    
    Operators
    
    Functions
    
    Data and Literals
    
    Select Statements
    
    Table Creation
    
    ANSI SQL Compliance
  - Google Cloud Platform
    Google Cloud Platform
    
    BigQuery
    BigQuery
    
    About
    
    Main
    
    Discovery
    
    Query
    
    Projects
    
    Datasets
    
    Tables
    
    Tabledata
    
    Helpers
    
    Configuration
    
    API
    
    Troubleshooting
- Microservices
  Microservices
  - About
  - Release notes
    Release notes
    
    1.3.6 (Latest)
    
    Previous Releases
    Previous Releases
    
    1.3.5
    
    1.3.4
    
    1.3.3
    
    1.3.2
    
    1.3.1
    
    1.3.0
    
    1.2.1
    
    1.2.0
    
    1.1.3
    
    1.1.2
    
    1.0.0
    
    0.10.0
    
    0.9.2
    
    0.9.1
    
    0.9.0
    
    0.8.0
  - Prerequisites
  - Quickstart
    Quickstart
    
    Service Discovery
    
    Stream Processor
    Stream Processor
    
    Docker
    
    Kubernetes
    
    Dashboards
  - Configuration
    Configuration
    
    Assembly Configuration
  - Downloads
    Downloads
    
    Artifacts
    
    Docker registry
  - Service Discovery
    Service Discovery
    
    About
    
    Prerequisites
    
    Running
    
    Configuration
    
    OpenAPI
  - Data Access
    Data Access
    
    About
    
    Service Gateway
    Service Gateway
    
    About
    
    Querying
    
    Configuration
    
    Interface
    
    OpenAPI
    
    Data Access Process
    Data Access Process
    
    About
    
    Configuration
    
    Monitoring
    
    Interface
    
    OpenAPI
    
    Interface
    
    Header
    
    Codes
    
    Metadata
    
    APIs
    APIs
    
    GetMeta
    
    GetData
    
    QSQL
    
    Ping
    
    SQL
    
    OpenAPI
    
    Deployment Example
    
    Examples
    Examples
    
    S3 Historical Data
    
    Troubleshooting
  - Storage Manager
    Storage Manager
    
    About
    
    Configuration
    
    Initial import
    
    Running
    
    Monitoring
    
    Interface
    
    OpenAPI
  - Stream Processor
    Stream Processor
    
    About Streaming Data
    
    Quickstart
    Quickstart
    
    Docker
    
    Kubernetes
    
    Writing
    
    Running
    
    Configuration
    
    Examples
    Examples
    
    Static file
    
    Batch S3 ingestion
    
    Streaming Kafka ingestion
    
    Kafka with TLS
    
    PostgreSQL Querying
    
    Stateful operators
    
    Enriching streams
    
    Windowing on event time
    
    Windowing on processing time
    
    kdb+ tick (callback)
    
    Concepts
    Concepts
    
    Checkpoints and recovery
    
    Scaling
    
    State
    
    Release Notes
  - OpenAPI
    OpenAPI
    
    About
    
    Walkthrough
    
    q-client
  - Dashboards
    Dashboards
    
    Overview
    
    Introduction
    
    Get started
    
    Workspace
    
    Components
    Components
    
    3D Chart
    
    Accordion
    
    Analyst Visual
    
    Bipartite Chart
    
    Bitmap
    
    Blob
    
    Breadcrumbs
    
    Button
    
    Canvas Chart
    
    ChartGL
    
    Code Editor
    
    Contour
    
    Data Filter
    
    Data Form
    
    Data Grid
    
    Date Picker
    
    Drop Down List
    
    Editable List
    
    External Content
    
    Financial Chart
    
    Flex Panel
    
    Form Builder
    
    Graph
    
    Layout
    
    Luna
    
    Map
    
    Mapbox
    
    Pie Chart
    
    Pivot Grid
    
    Playback
    
    Radar Chart
    
    Selection Controls
    
    Range Slider
    
    Scatter
    
    Sunburst
    
    Tab Control
    
    Text
    
    Text Input
    
    Trade
    
    Tree Map
    
    TreeView
    
    Vega Chart
    
    Video
    
    Visual Query Builder
    
    Data sources
    
    View States
    
    Actions
    
    Highlight Rules
    
    Publishing
    
    Templates
    Templates
    
    Overview
    
    Arrays
    
    Comparison
    
    Dates
    
    Math
    
    Misc
    
    Numbers
    
    Strings
    
    Utils
    
    SDK
    SDK
    
    Introduction
    
    Basics
    
    Data Sources
    
    View States
    
    Messages
    
    API Reference
    API Reference
    
    ChangeSetInterface
    
    ComponentInterface
    
    DataModelInterface
    
    ErrorInterface
    
    PagingInfoInterface
    
    ViewModelInterface
    
    Theme
    Theme
    
    Style
    
    Custom logo
    
    Support
    Support
    
    Release notes
    
    Bug Reporting
  - Assembly
    Assembly
    
    Assembly configuration
    
    Tick based example
  - Machine Learning
    Machine Learning
    
    About
    
    Quickstart
    Quickstart
    
    Docker
    
    Kubernetes
    
    Examples
    Examples
    
    Model Generation & Deployment
- PyKX
kdb Insights Enterprise
kdb Insights Enterprise
- About
- Release notes
  Release notes
  - 1.3.4 (Latest)
  - Previous Releases
    Previous Releases
    
    1.3.3
    
    1.3.2
    
    1.3.1
    
    1.3.0
    
    1.2.1
    
    1.2.0
    
    1.1.2
    
    1.1.1
    
    1.1.0
    
    1.0.0
    
    0.10.0
    
    0.9.0
    
    0.8.0
- Architecture
- Infrastructure
  Infrastructure
  - Overview
  - Cloud Provider
    Cloud Provider
    
    GCP
    
    AWS
    
    Azure
- Install Enterprise
  Install Enterprise
  - Interacting with Kubernetes
  - DNS setup
  - Installing the CLI
  - Installing Insights
  - Upgrading Insights
  - Backup and Restore
  - Advanced
    Advanced
    
    Manual Install
  - Appendix
    Appendix
    
    Cluster Overprovisioning
    
    Shared Keycloak Instance
    
    Keycloak 18 Upgrade
- Security & authorization
  Security & authorization
  - Authentication
  - Client Registration
- Building Workloads
  Building Workloads
- Building Workloads (UI)
  Building Workloads (UI)
- Ingesting data
  Ingesting data
  - Overview
  - Import from UI
  - Creating Pipelines in UI
    Creating Pipelines in UI
    
    Overview
    
    Readers
    
    Writers
    
    Functions
    
    Encoders
    
    Decoders
    
    Transform
    
    Windows
    
    Machine Learning
  - Using KX SDKs
  - Batch S3 ingestion
  - Kafka
  - Kafka with TLS
  - PostgreSQL query
  - Diagnostics in UI
- Persisting data
  Persisting data
  - Reference Data
  - Object Storage
- Querying data
  Querying data
- Analyzing data
  Analyzing data
  - Batch S3 ingestion and preprocessing
  - Machine Learning Clustering on Kafka ingest
- Visualize data
  Visualize data
  - Designing Views
- Monitor
  Monitor
- Configuration
  Configuration
  - Overview
  - Global Configuration
    Global Configuration
    
    Configuring license secrets
    
    Providing custom image values
    
    Discovery configuration
    
    Kubernetes ingress configuration
    
    Setting up metrics
    
    Global Side Car configuration
    
    Global logging configuration
    
    Global persistence configuration
    
    Configuring Scaling
    
    Image Security Context Image Security Context
    On this page
    
    podSecurityContext
    
    securityContext
    
    Service configuration
    
    Additional Configuration
    
    RT Stream Archival
  - Service Configuration
    Service Configuration
    
    Client Controller (RT ingestion)
    
    Keycloak (Authentication Service)
    
    Information service (Ingestion discovery)
    
    KXI Controller (Assembly Management)
  - Advanced
    Advanced
    
    Keycloak
- Command line interface
  Command line interface
- Packages
  Packages
  - Overview
  - Quickstart
- REST API
  REST API
  - Reference
- Reliable Transport
  Reliable Transport
  - RT overview
  - RT configuration
- SDKs
  SDKs
  - Getting started
  - C SDK
    C SDK
    
    Using the C SDK
    
    Sample C SDK Program
  - Java SDK
    Java SDK
    
    Using the Java SDK
    
    Java Samples
  - kodbc
    kodbc
    
    Installing kodbc
    
    Using kodbc
  - RT Bridge
- Analytic testing
- Azure Marketplace
  Azure Marketplace
  - About
  - Installing
  - KX Managed App Permissions
  - Azure Active Directory
    Azure Active Directory
    
    Azure Active Directory Integration
    
    Azure Active Directory Composite Roles
  - Azure Monitoring
    Azure Monitoring
    
    Alert Configuration
    
    Workbook Configuration
  - Azure Secrets
  - Licensing
  - Billing kdb Insights through Azure
  - Upgrading
- Guided Walkthrough
  Guided Walkthrough
  - About
  - Ingest
    Ingest
    
    Build Database
    
    Deploy Assembly
    
    Deploy Pipelines
    Deploy Pipelines
    
    Object Storage (Weather)
    
    Kafka (Subway)
    
    SQL Database (Health)
    
    Protocol Buffer (Crime)
  - Query
  - Visualize
    Visualize
    
    Build a View
    
    Maps
  - Troubleshooting
APIs
APIs
- Overview
- OpenAPI
  OpenAPI
- Packages
  Packages
  - Overview
  - Package Contents
  - Command Line Interface
  - q Interface
    q Interface
    
    Overview
    
    Packages
    
    User Defined Functions
  - Python Interface
    Python Interface
    
    Overview
    
    Packages
    
    User Defined Functions
- Stream Processor
  Stream Processor
  - Overview
  - q Interface
    q Interface
    
    Overview
    
    Configuring Operators
    
    General
    
    Lifecycle
    
    Operators
    
    Data Structures
    
    Readers
    
    Decoders
    
    Encoders
    
    Data Transforms
    
    Stats
    
    State
    
    Windows
    
    Writers
    
    User Defined Functions
    
    Machine Learning
  - Python Interface
    Python Interface
    
    Overview
    
    General
    
    Lifecycle
    
    Operators
    
    Readers
    
    Decoders
    
    Encoders
    
    Data Transforms
    
    State
    
    Windows
    
    Writers
    
    Machine Learning
  - OpenAPI
    OpenAPI
    
    Coordinator
    
    Controller
    
    Worker
- Machine Learning
  Machine Learning
  - About
  - q Interface
    q Interface
    
    About
    
    Analytics
    Analytics
    
    About
    
    ML Analytics API
    ML Analytics API
    
    Introduction
    
    ML Toolkit
    
    Online Models
    Online Models
    
    Introduction
    
    Stochastic Gradient Descent
    Stochastic Gradient Descent
    
    Stochastic Gradient Descent
    
    Linear Regression
    
    Logistic Classification
    
    Secure Updates
    
    Sequential K Means
    
    Variadic Functionality
    Variadic Functionality
    
    Introduction
    
    Function Calls
    
    Clustering models
    
    Statistical models
    
    Time series models
    
    Online models
    
    Registry
    Registry
    
    About
    
    Cloud Integration
    
    Registry API
    Registry API
    
    Storing
    
    Loading
    
    Deleting
    
    Examples
    Examples
    
    Basic Examples
  - Python Interface
    Python Interface
    
    About
    
    Registry
    Registry
    
    About
    
    Cloud Integration
    
    Registry API
    Registry API
    
    Storing
    
    Loading
    
    Deleting
    
    Examples
    Examples
    
    Basic Python Examples
Licensing
Licensing
- About
- Installation
- Quick start
- Licensing workflow
- Service accounts
- Usage data
- Access control
- Walkthroughs
  Walkthroughs
  - Containers
  - Kubernetes
- Appendix
  Appendix
  - Identity
  - Offline enrolment
Extras
Extras
- About
- Kafka setup
- Kafka TLS setup
- PostgreSQL setup
- Recipes
  Recipes
  - Index
  - Kafka
  - Finance
  - Manufacturing

Security Context configuration

Setting the fsGroup at a global level ensures that all resources such as PVC and configMaps are mounted with the same Owner and prevents access errors at run-time

See Configure a Security Context for a Pod or Container

global:
  podSecurityContext: 
    fsGroup: 65534

  securityContext:
    capabilities:
      drop:
      - ALL
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    runAsUser: 65534

podSecurityContext

podSecurityContext is used to set pod wide privilege and access levels.

Where a local podSecurityContext is present, it will be merged with the global

securityContext

securityContext is used to set privilege and access levels at a container level.

Where a local securityContext is present, it will be merged with the global