DocsICP FilingConsole
官方文档
首页

Configure a SecurityContext

更新时间:
复制 MD 格式
产品详情
我的收藏

When you create or deploy an application in a Container Service for Kubernetes cluster, configure the application's SecurityContext. A proper SecurityContext configuration significantly improves application security, helps enforce the principle of least privilege, and prevents container escapes and privilege escalation attacks.

Concepts

A SecurityContext is a key configuration in Kubernetes that defines security-related properties for containers. It specifies the privilege and access control settings for a pod or container. For more information, see Configure a Security Context for a Pod or Container.

Procedure

  1. Log on to the EDAS consoleEDAS console.

  2. In the left-side navigation pane, choose Application Management > Applications. In the top navigation bar, select a region. In the upper part of the Applications page, select a microservices namespace from the Microservices Namespace drop-down list.

  3. In the upper-left corner of the Applications page, click Create Application.

  4. On the Basic Information page, enter the required information and click Next.

  5. In the Configurations step, configure the environment information, basic information, and deployment method for the application, set the related resource parameters, and then click Next.

  6. On the Advanced Settings page, expand SecurityContext Configuration and configure the parameters. Then, at the bottom of the page, click Next.

    Configuration Item

    Description

    SecurityContext

    runAsUser: 0
runAsGroup: 0

  7. After you configure the advanced settings, click Create Application. In the Creation Completed step, click Create Application.

  8. In the Confirm Application Change Precheck dialog box, click Start Precheck.

    1. After the data in the dialog box is refreshed, confirm the precheck items and results and click Continue.

    2. (Optional) If you modify the preceding precheck items, click Check Again.

    The application requires several minutes to be deployed. During the process, you can view the change records to track the deployment progress of the application on the Change List page. After you deploy the application, go to the Application Overview page to view the running status of pods. If the pods are in the running state, the application is deployed. You can click the running status of pods to view the Deployments, pods, and advanced configurations of the application instances.

Previous:Configure sidecar containers and init containersNext:Configure custom volumes