5,321
edits
Kubernetes: Difference between revisions
→NetworkPolicy
| Line 431: | Line 431: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
}} | }} | ||
==Security Context== | |||
[https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ security context] | |||
If you want to restrict pods to run as a particular UID/GUI while still binding to any port, you can add the following: | |||
<syntaxhighlight> | |||
spec: | |||
securityContext: | |||
runAsUser: 1000 | |||
runAsGroup: 1000 | |||
sysctls: | |||
- name: net.ipv4.ip_unprivileged_port_start | |||
value: "0" | |||
</syntaxhighlight> | |||
==Devices== | ==Devices== | ||