levis/help365
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
production
help365/platform/security-context.html
koziavin 00717a92fb
All checks were successful
Deploy Static Site / deploy (push) Successful in 6m6s
Details
update
2025-05-29 16:42:45 +04:00

218 lines
18 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<title>Security settings for containers and pods</title>
<meta name="generator" content="Help+Manual" />
<meta name="keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="The Security Context tool in Kubernetes specifies security parameters for pods and containers, including the user name for running processes, what permissions this user has,..." />
<meta name="picture" content="" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
<meta property="og:url" content="https://brix365.com/en/help" />
<meta property="og:image" content="" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
<link rel="stylesheet" href="./jquery-ui.min.css" />
<link rel="stylesheet" href="default.css" />
<link rel="stylesheet" href="./search-yandex.css" />
<link rel="stylesheet" href="./article.css" />
<link rel="stylesheet" href="./glossary.css" />
<link rel="stylesheet" href="./theme.css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="helpman_settings.js"></script>
<script type="text/javascript" src="helpman_topicinit.js"></script>
<script type="text/javascript" src="highlight.js"></script>
<script type="text/javascript">
$(document).ready(function(){highlight();});
</script>
</head>
<body>
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
<header class="header elma-365">
<div class="container">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-en.svg" alt="header logo">
</a>
<!-- <div class="hero__search-form" id="search-panel">
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
<label class="search-form__label">
<span id="reset-search" class="search__icon"></span>
<input class="search-form__input" type="text">
</label>
<input class="search-form__submit" type="submit" value="Submit">
</form>
</div> -->
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
<div class="hero__search">
<a href="#" id="search-icon" class="hero__search-icon">
<img src="search-icon-white.svg" alt="search string">
</a>
<a href="#" id="side-menu-icon" class="hero__side-icon">
<img src="side_menu.svg" alt="side menu">
</a>
</div>
<div class="header__navi">
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
</div>
</div>
</header>
<main class="main container">
<aside class="sidebar" id="sidebar">
<div class="sidebar__header">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-light-en.svg">
</a>
<span class="sidebar__close elma-365-close" id="close"></span>
</div>
<div class="sidebar__wrapper" id="side-menu">
</div>
</aside>
<article class="article" id="article">
<div class="article-inner">
<div class="content">
<header class="article__header">
<div class="article__bread" style="display:flex; gap:10px;">
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
<div class="topic__breadcrumbs">
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> &gt; <a href="elma365-enterprise.html">BRIX On-Premises Enterprise</a> &gt; <a href="advanced-kubernetes-settings.html">BRIX Enterprise advanced settings</a> / Security settings for containers and pods</p>
</div>
</div>
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">Security settings for containers and pods</span></h1>
</div>
</header>
<section class="article__content">
<div class="scroll-top-inner">
<a href="#h1-article" class="scroll-top"></a>
</div>
<!-- Placeholder for topic body. -->
<p class="p_Normal">The <span style="font-weight: bold;">Security Context</span> tool in Kubernetes specifies security parameters for pods and containers, including the user name for running processes, what permissions this user has, what system calls can be executed, etc.</p>
<p class="p_Normal">This article covers how to configure the parameters:</p>
<ul style="list-style-type:disc">
<li class="p_Normal"><code><b>securityContext</b></code> for a specific container inside a pod.</li><li class="p_Normal"><code><b>podSecurityContext</b></code> for the whole pod and all containers inside it.</li></ul>
<h2 class="p_Heading2"><span class="f_Heading2">How to configure the securityContext parameter</span></h2>
<p class="p_Normal">The <code><b>securityContext</b></code> parameter defines security settings for a specific container inside the pod.</p>
<p class="p_Normal">You can configure this parameter in the <code><b>values-elma365.yaml</b></code> file. In the <code><b>.Values.global.securityContext</b></code> field, set values, for example:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">global:</span><br />
<span class="f_CodeExample"> securityContext:</span><br />
<span class="f_CodeExample"> &nbsp; runAsUser: 1000</span><br />
<span class="f_CodeExample"> &nbsp; seccompProfile:</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp; type: RuntimeDefault</span></p>
<p class="p_Normal">Where:</p>
<ul style="list-style-type:disc">
<li class="p_Normal"><code><b>runAsUser</b></code> is the UID inside the container, on behalf of which processes in this container are started.</li><li class="p_Normal"><code><b>seccompProfile.type</b></code> is the <code><b>seccomp</b></code> profile to restrict system calls inside the container: opening files, creating processes, etc. This example uses the <code><b>RuntimeDefault</b></code> value which provides a basic level of security.</li></ul>
<p class="p_Normal">Once the parameter is configured, apply it as described in the <a href="change-settings-enterprise.html#apply-new-parameters" class="topiclink">Modify BRIX Enterprise parameters article</a>.</p>
<h3 class="p_Heading3"><span class="f_Heading3">Default values for the securityContext parameter</span></h3>
<p class="p_Normal">If you do not specify a value for the parameter, the default settings apply:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">runAsUser: 1001</span><br />
<span class="f_CodeExample">seccompProfile:</span><br />
<span class="f_CodeExample"> &nbsp;type: RuntimeDefault</span></p>
<h2 class="p_Heading2"><span class="f_Heading2">How to configure the podSecurityContext parameter</span></h2>
<p class="p_Normal">The <code><b>podSecurityContext</b></code> parameter specifies security settings for the entire pod. They affect all containers within it.</p>
<p class="p_Normal">You can configure this parameter in the <code><b>values-elma365.yaml</b></code> file. In the <code><b>.Values.global.podSecurityContext</b></code> field, set values such as:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">global:</span><br />
<span class="f_CodeExample"> &nbsp;podSecurityContext:</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;runAsUser: 1000</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;seccompProfile:</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp; &nbsp;type: RuntimeDefault</span></p>
<p class="p_Normal">Where:</p>
<ul style="list-style-type:disc">
<li class="p_Normal"><code><b>runAsUser</b></code> is the UID on behalf of which all processes in the pod are started.</li><li class="p_Normal"><code><b>seccompProfile.type</b></code> is the <code><b>seccomp</b></code> profile for the entire pod. This example uses the <code><b>RuntimeDefault</b></code> value which provides a basic level of security.</li></ul>
<p class="p_Normal">Once the parameter is configured, apply it as described in the <a href="change-settings-enterprise.html#apply-new-parameters" class="topiclink">Modify BRIX Enterprise parameters article</a>.</p>
<h3 class="p_Heading3"><span class="f_Heading3">Default values for the podSecurityContext parameter</span></h3>
<p class="p_Normal">If you do not specify values for the parameter, the default settings apply:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">runAsUser: 1001</span><br />
<span class="f_CodeExample">seccompProfile:</span><br />
<span class="f_CodeExample"> &nbsp;type: RuntimeDefault</span></p>
<p class="p_Normal">&nbsp;</p>
<div class="bottom-nav">
<a id="prev-link" class="topic__navi_prev" href="advanced-kubernetes-settings.html">
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
class="bottom-nav__link">advanced-kubernetes-settings.html</span>
</a>
<a id="next-link" class="topic__navi_next" href="pod-disruption-budget.html">
<span class="bottom-nav__link">pod-disruption-budget.html</span> <span
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
</a>
</div>
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
</section>
</div>
<aside class="article__sidebar" style="display:none">
<input type="checkbox" />
<div class="article__arrow"></div>
<div class="table-of-contents elma365-right" id="toc2Content">
<h3 class="h3-toc">In this topic</h3>
<nav id="toc2"></nav>
</div>
</aside>
</div>
</article>
</main>
<footer class="footer">
<div class="footer-container">
<div class="footer-mobile">
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
</div>
<div class="footer-wrap">
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
<div class="footer-flex-b">
<span class="footer-copy">&copy; 2025 BRIX</span>
<ul class="footer-list">
<li class="footer-item">
<a href="#" class="arrow-top" style="display: block;"></a>
</li>
</ul>
</div>
</div>
</div>
</footer>
<iframe name="hmnavigation" style="display:none!important"></iframe>
<script src="./jquery-ui.js"></script>
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
<script src="./jquery.tocify.min.js"></script>
<script src="./TypoReporter.min.js"></script>
<script src="./google-search.js"></script>
<script src="./main.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink