Security Context

No Security

 1apiVersion: v1
 2kind: Pod
 3metadata:
 4  name: web-pod
 5spec:
 6  containers:
 7    - name: ubunutu
 8      image: ubuntu
 9      command: 
10        - sleep
11        - "360"

Pod Level

 1apiVersion: v1
 2kind: Pod
 3metadata:
 4  name: web-pod
 5spec:
 6  securityContext:
 7    runAsUser: 1000
 8  containers:
 9    - name: ubunutu
10      image: ubuntu
11      command: ["sleep", "360"]

Container Level

 1apiVersion: v1
 2kind: Pod
 3metadata:
 4  name: web-pod
 5spec:
 6  containers:
 7    - name: ubunutu
 8      image: ubuntu
 9      command: ["sleep", "360"]
10      securityContext:
11        runAsUser: 1000
12        capabilities: 
13          - MAC_ADMIN

capabilities is only available at container level