K8s: what is the difference between Security Context and Security Policy?

10/8/2018

Looking into Kubernetes documentation:

Mmmm... aren't eventually they doing the same? What is the difference?

-- Illidan
kubernetes

1 Answer

10/8/2018

I have no idea why folks are down-voting this question, it's spot on and actually we've got our docs to blame and not the OP. OK, here goes:

The pod security context (which is preceded by and largely based on OpenShift Security Context Constraints) allows you (as a developer?) to define runtime restrictions and/or settings on a per-pod basis.

But how do you enforce this? How do you make sure that folks are actually defining the constraints? That's where pod security policies (PSP) come into play: as a cluster or namespace admin you can define and enforce those security context-related policies using PSPs. See also the Kubernetes Security book for more details.

-- Michael Hausenblas
Source: StackOverflow