Difference between Security Contexts and Security Policies in terms of scope.

Prepare for the Kubernetes Certified Network Administrator (KCNA) exam with our detailed tests. Use flashcards and multiple choice questions, complete with hints and explanations, to enhance your learning experience. Get exam-ready today!

Multiple Choice

Difference between Security Contexts and Security Policies in terms of scope.

Explanation:
Security contexts set per pod/container and control runtime behavior at the container level, such as which user to run as, allowed capabilities, and whether the root filesystem is writable. They are defined inside the PodSpec for a specific pod, so their scope stays with that pod (and its namespace). Security policies, on the other hand, are cluster-wide controls that enforce constraints across all pods in the cluster. They’re implemented by the cluster’s control plane during admission, determining whether a pod should be allowed to run based on broader rules—e.g., disallowing privileged containers or enforcing certain security standards across the whole cluster. So the main difference in scope is container-runtime, pod-level enforcement versus cluster-wide, control-plane-enforced governance. For example, a security context can require a pod’s containers to run as a non-root user, while a security policy can blanketly prevent any pod from running in privileged mode across the entire cluster.

Security contexts set per pod/container and control runtime behavior at the container level, such as which user to run as, allowed capabilities, and whether the root filesystem is writable. They are defined inside the PodSpec for a specific pod, so their scope stays with that pod (and its namespace).

Security policies, on the other hand, are cluster-wide controls that enforce constraints across all pods in the cluster. They’re implemented by the cluster’s control plane during admission, determining whether a pod should be allowed to run based on broader rules—e.g., disallowing privileged containers or enforcing certain security standards across the whole cluster.

So the main difference in scope is container-runtime, pod-level enforcement versus cluster-wide, control-plane-enforced governance. For example, a security context can require a pod’s containers to run as a non-root user, while a security policy can blanketly prevent any pod from running in privileged mode across the entire cluster.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy