☑️ Ensure containers and pods have a configured security context

A security context defines the operating system security settings (uid, gid, capabilities, SELinux role, etc..) applied to a container, and controls the security parameters that will be assigned to it.
Well-defined privilege and access control settings will enhance assurance that your pod is running with the properties it requires to function.

Targeted objects by this rule (types of kind): Deployment / Pod / DaemonSet / StatefulSet / ReplicaSet / CronJob / Job

Complexity: medium (What does this mean?)

Policy as code identifier: CIS_MISSING_KEY_SECURITYCONTEXT

This rule will fail

If a pod or container does not have a security context defined:

apiVersion: v1
kind: Pod
metadata:
  name: my-pod

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Ensure containers and pods have a configured security context [1 occurrence]
💡 Missing key `securityContext` - set to enforce your containers' security and stability

How to fix this failure

Define a security context for your pod or container:

apiVersion: v1
kind: Pod
spec:
  containers:
  - securityContext:
      capabilities:
        add: [ "SYS_TIME"]

This rule will fail​

Rule output in the CLI​

How to fix this failure​

Read more​

This rule will fail

Rule output in the CLI

How to fix this failure

Read more