Difference between Security Contexts and Security Policies in terms of scope.

Study for the Kubernetes Certified Network Administrator Exam. Our test offers comprehensive flashcards, multiple-choice questions, and detailed explanations. Be confident for your exam!

Multiple Choice

Difference between Security Contexts and Security Policies in terms of scope.

Explanation:
Security contexts set per pod/container and control runtime behavior at the container level, such as which user to run as, allowed capabilities, and whether the root filesystem is writable. They are defined inside the PodSpec for a specific pod, so their scope stays with that pod (and its namespace). Security policies, on the other hand, are cluster-wide controls that enforce constraints across all pods in the cluster. They’re implemented by the cluster’s control plane during admission, determining whether a pod should be allowed to run based on broader rules—e.g., disallowing privileged containers or enforcing certain security standards across the whole cluster. So the main difference in scope is container-runtime, pod-level enforcement versus cluster-wide, control-plane-enforced governance. For example, a security context can require a pod’s containers to run as a non-root user, while a security policy can blanketly prevent any pod from running in privileged mode across the entire cluster.

Security contexts set per pod/container and control runtime behavior at the container level, such as which user to run as, allowed capabilities, and whether the root filesystem is writable. They are defined inside the PodSpec for a specific pod, so their scope stays with that pod (and its namespace).

Security policies, on the other hand, are cluster-wide controls that enforce constraints across all pods in the cluster. They’re implemented by the cluster’s control plane during admission, determining whether a pod should be allowed to run based on broader rules—e.g., disallowing privileged containers or enforcing certain security standards across the whole cluster.

So the main difference in scope is container-runtime, pod-level enforcement versus cluster-wide, control-plane-enforced governance. For example, a security context can require a pod’s containers to run as a non-root user, while a security policy can blanketly prevent any pod from running in privileged mode across the entire cluster.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy