CODEWITHSUNDEEP
kubernetes
skystone
skystone

Reputation: 81

How to list all securityContext of kubernetes pod and its container

Is there anyway to list all securityContext including default and defined:

  1. Pod Level
  2. Container Level

Using kubectl get pod -o yaml only show the defined in spec.securityContext and spec.containers[*].securityContext of manifest without the default one?

Upvotes: 6

Views: 4391

Answers (1)

Andrea89
Andrea89

Reputation: 166

Here you are, source can be found in this medium article:

kubectl get pods --all-namespaces -o go-template \
    --template='{{range .items}}{{"pod: "}}{{.metadata.name}}
{{if .spec.securityContext}}
  PodSecurityContext:
    {{"runAsGroup: "}}{{.spec.securityContext.runAsGroup}}                               
    {{"runAsNonRoot: "}}{{.spec.securityContext.runAsNonRoot}}                           
    {{"runAsUser: "}}{{.spec.securityContext.runAsUser}}                                 {{if .spec.securityContext.seLinuxOptions}}
    {{"seLinuxOptions: "}}{{.spec.securityContext.seLinuxOptions}}                       {{end}}
{{else}}PodSecurity Context is not set
{{end}}{{range .spec.containers}}
{{"container name: "}}{{.name}}
{{"image: "}}{{.image}}{{if .securityContext}}                                      
    {{"allowPrivilegeEscalation: "}}{{.securityContext.allowPrivilegeEscalation}}   {{if .securityContext.capabilities}}
    {{"capabilities: "}}{{.securityContext.capabilities}}                           {{end}}
    {{"privileged: "}}{{.securityContext.privileged}}                               {{if .securityContext.procMount}}
    {{"procMount: "}}{{.securityContext.procMount}}                                 {{end}}
    {{"readOnlyRootFilesystem: "}}{{.securityContext.readOnlyRootFilesystem}}       
    {{"runAsGroup: "}}{{.securityContext.runAsGroup}}                               
    {{"runAsNonRoot: "}}{{.securityContext.runAsNonRoot}}                           
    {{"runAsUser: "}}{{.securityContext.runAsUser}}                                 {{if .securityContext.seLinuxOptions}}
    {{"seLinuxOptions: "}}{{.securityContext.seLinuxOptions}}                       {{end}}{{if .securityContext.windowsOptions}}
    {{"windowsOptions: "}}{{.securityContext.windowsOptions}}                       {{end}}
{{else}}
    SecurityContext is not set
{{end}}
{{end}}{{end}}'

Upvotes: 15

Related Questions