Reputation: 4237
K8s: what is the difference between Security Context and Security Policy?
Looking into Kubernetes documentation:
Mmmm... aren't eventually they doing the same? What is the difference?
Upvotes: 16
Views: 3630
Answers (1)
Reputation: 13941
I have no idea why folks are down-voting this question, it's spot on and actually we've got our docs to blame and not the OP. OK, here goes:
The pod security context (which is preceded by and largely based on OpenShift Security Context Constraints) allows you (as a developer?) to define runtime restrictions and/or settings on a per-pod basis.
But how do you enforce this? How do you make sure that folks are actually defining the constraints? That's where pod security policies (PSP) come into play: as a cluster or namespace admin you can define and enforce those security context-related policies using PSPs. See also the Kubernetes Security book for more details.
Upvotes: 15
Related Questions
- What is a Policy for controlling access in Kubernetes?
- how does kubernetes' security work currently?
- k8s securityContext.runAsUser vs Dockerfile USER instruction
- Kubernetes securityContext
- How does Kubernetes implement Linux capabilities?
- k8s securityContext bypass
- Setup securityContext inside kubernetes deployment
- What is the difference between a service account and a context in Kubernetes?
- Pod Security Policy not working as intended
- Kubernetes security context runAsUser