Kubernetes Security - Security Context for a Pod or Container - 13

Поділитися
Вставка
  • Опубліковано 26 лис 2024

КОМЕНТАРІ • 12

  • @brontelobo
    @brontelobo 3 місяці тому

    Very nice demo. Thank you!

  • @vinayayinapurapu
    @vinayayinapurapu 2 місяці тому

    you CKS series is like webseries. Its addicting. Also do you plan to update series on latest changes? Starting tomorrow there is a change in exam pattern.

    • @learnwithgvr
      @learnwithgvr  2 місяці тому

      Not many changes ..but will do

  • @nitaprasad3855
    @nitaprasad3855 Рік тому

    Awesome video ..... 👏👏👏👏👏

  • @jalandharbehera99
    @jalandharbehera99 6 місяців тому

    ❤❤

  • @amitpawar1677
    @amitpawar1677 2 роки тому

    Very nice presentation sir...

  • @TheBestDanceMoves
    @TheBestDanceMoves 9 місяців тому

    Alright thank you. I have a problem. Let me detail my problem. Consider that we have two users/developers, John and James. Now, I have a kubernetes cluster with two pods inside, pod1 and pod2. I want John to access pod1 only and not pod2. similarly, I want James to access pod2 and not pod1.
    The same scenario occurs if I want them to access nodes. I hope it is clear.
    I look forward to your reply, thank you

    • @learnwithgvr
      @learnwithgvr  9 місяців тому

      One possible way to restrict pod access in kubernetes is to use Network policies. Network policies allow you to control the traffic flow between pods based on labels and selectors. For example, you can create a network policy that only allows pods with a certain label to communicate with each other, and deny all other traffic. Hope this helps
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
      name: access-pod1
      spec:
      podSelector:
      matchLabels:
      app: pod1 # select pod1
      ingress:
      - from:
      - podSelector:
      matchLabels:
      user: John # allow pods with user: John label
      ---
      apiVersion: networking.k8s.io/v1
      kind: NetworkPolicy
      metadata:
      name: access-pod2
      spec:
      podSelector:
      matchLabels:
      app: pod2 # select pod2
      ingress:
      - from:
      - podSelector:
      matchLabels:
      user: James # allow pods with user: James label

  • @itsme12994
    @itsme12994 2 роки тому

    very good can you please explain selinux security context in detail.