A security context is a set of operating-system-level security settings, such as UID, gid, capabilities, and SELinux roles. These settings are applied at the container level as container security content. You can specify pod security context that will apply to all the containers in the pod. The pod security context can also apply its security settings (in particular, fsGroup and seLinuxOptions) to volumes.
Here is a sample pod security context:
apiVersion: v1 kind: Pod metadata: name: hello-world spec: containers: ... securityContext: fsGroup: 1234 supplementalGroups: [5678] seLinuxOptions: level: "s0:c123,c456"
The container security context is applied to each container, and it overrides the pod security context. It is embedded in the containers section of the pod manifest. Container context settings can't be applied to volumes, which remain at the pod level.
Here is a sample container security content:
apiVersion: v1 kind: Pod metadata: name: hello-world spec: containers: - name: hello-world-container # The container definition # ... securityContext: privileged: true seLinuxOptions: level: "s0:c123,c456"