K
Q

K8s: what is the difference between Security Context and Security Policy?

10/8/2018

Looking into Kubernetes documentation:

Mmmm... aren't eventually they doing the same? What is the difference?

-- Illidan
kubernetes

Similar Questions

Get requesters source IP
Can I use metrics from one application to automatically scale a different one?
Connecting to Kubernetes error " The label b '*' is not a valid label
Kubernetes drops HTTP connection initialized by node.js / postgres
Delete HTTP socket connection when timeout with nodeJS axios
In Kubernetes ingress, when use-regex is true, what's the correct way to define a route for /
How to template an external ip from one service into another service
Use PythonOperator with mounted PersistentVolumeClaim
Error: template: inject:469: function "appendMultusNetwork" not defined
How to Add Config map in Azure DevOps for AKS

1 Answer

10/8/2018

I have no idea why folks are down-voting this question, it's spot on and actually we've got our docs to blame and not the OP. OK, here goes:

The pod security context (which is preceded by and largely based on OpenShift Security Context Constraints) allows you (as a developer?) to define runtime restrictions and/or settings on a per-pod basis.

But how do you enforce this? How do you make sure that folks are actually defining the constraints? That's where pod security policies (PSP) come into play: as a cluster or namespace admin you can define and enforce those security context-related policies using PSPs. See also the Kubernetes Security book for more details.

-- Michael Hausenblas
Source: StackOverflow