Workload Security Context

Overview

By default, Polyaxon operations run without a security context, and pods run as root. Sometimes you might even need to run pods with privileged security, for examples the dockerizer component.

Defining a security context preset

If you need to configure a security context for your jobs and services, you can use the environment.SecurityContext section:

runPatch:
  environment:
    securityContext:
    runAsUser: 2222
    runAsGroup: 2222
    runAsNonRoot: true

By saving this preset as security-context, users can now use this section in their jobs or services automatically:

polyaxon run ... --presets=security-context

You can also use the preset directly on the component or operation definition:

kind: operation
presets: [security-context]
...

Global or per project security context

Managers and Admins of Polyaxon organizations and projects can set the security context directly as the default preset.

Setting the organization’s default preset:

default-org-preset

Setting a project’s default preset:

default-project-preset

Core Workload Security Context

Workload Security Context

Overview

Defining a security context preset

Global or per project security context

Scheduling Presets

Using Kubernetes Entities

Version

Improve this page!

Have a feedback?