Security-context

The security-context trait specifies the security context for the containers that will be deployed on Kubernetes. This trait modifies the underlying pod spec in the spec.template. path

The following snippet shows an example application with a component and a security-context trait.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: my-app
  annotations: 
    version: "v0.0.1"
    description: "My application"
spec:
  components:
    - name: busybox
      type: worker
      properties:
        image: my-app-image:v1.0.0
      traits:
        - type: security-context
          properties:
            runAsUser:  1000 # (Optional) userID that will be used to execute the container processes.
            runAsGroup: 1000 # (Optional) group ID that will be used to execute the container processes.
            fsGroup: 1000 # (Optional) group ID that will be the owner for the volumes mounted on the containers.