# SecurityContext renders container immutable ###### tags: `CKS Day2` ## Practice 1.Create Pod holiday with two containers c1 and c2 of image bash:5.1.0, ensure the containers keep running 2.Force container c2 of Pod holiday to run immutable: no files can be changed during runtime ``` Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task Don't read below until you finish the task ``` ### Don't read below until you finish the task ``` alias k=kubectl k run holiday --image=bash:5.1.0 --command -oyaml --dry-run=client -- sh -c 'sleep 1d' > holiday.yaml vim holiday.yaml ``` Add second container and change container names: ``` apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: holiday name: holiday spec: containers: - command: - sh - -c - sleep 1d image: bash:5.1.0 name: c1 resources: {} - command: - sh - -c - sleep 1d image: bash:5.1.0 name: c2 resources: {} dnsPolicy: ClusterFirst restartPolicy: Always status: {} ``` Add SecurityContext on container level: ``` apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: holiday name: holiday spec: containers: - command: - sh - -c - sleep 1d image: bash:5.1.0 name: c1 resources: {} - command: - sh - -c - sleep 1d image: bash:5.1.0 name: c2 resources: {} securityContext: readOnlyRootFilesystem: true dnsPolicy: ClusterFirst restartPolicy: Always status: {} ```