About the Default Kubernetes Security Context for TimesTen Pods

A Kubernetes security context defines privilege and access control settings for a Pod or Container. There are several security context settings. See Configure a Security Context for a Pod or Container in the Kubernetes documentation.

The TimesTen Operator adds a default security context, including the Kubernetes default seccomp profile to the Pods it creates. This security context defines the privileges and capabilities in which TimesTen containers run. If you provide your own security context for TimesTen Pods, the TimesTen Operator uses your provided security context and does not make any changes to it.

The following snippet shows the default security context for TimesTen containers.

    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault