DevOps Glossary

Kubernetes SecurityContext is a Kubernetes setting that defines security-related runtime options for a Pod or container. It controls practical safeguards such as whether a workload runs as root, which Linux user ID and group ID it uses, which Linux capabilities it receives, whether privilege escalation is allowed, and whether the container filesystem is read-only. Teams use SecurityContext to apply least-privilege defaults, meet compliance requirements, and reduce the impact of a compromised container. For example, a web application might set runAsNonRoot, drop unnecessary capabilities, block allowPrivilegeEscalation, and use readOnlyRootFilesystem so the container can serve traffic without broad host-level permissions. SecurityContext can be set at the Pod level for shared defaults or at the container level for more specific controls, which is useful when managing production clusters such as Azure Kubernetes Service or when tightening permissions during AWS and Kubernetes infrastructure management.