Overview

By default, Polyaxon operations run without a security context, and pods run as root. Sometimes you might even need to run pods with privileged security, for examples the dockerizer component.

Usage

If you need to configure a security context for your jobs and services, you can use the environment.SecurityContext section:

kind: component
...
run:
  kind: ...
  environment:
    securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000

If you are running a distributed operation, you can provide a security context per replica as well.

Global configuration

If you to define a security context globally, we suggest creating a preset. If you are using Polyaxon Cloud or Polyaxon EE, you can add the security context definition to the default organization’s preset or the default project’s preset.