Question: Pod Fails Due to SecurityContext - runAsNonRoot

01-kubernetes-fundamentals/nginx-deployment.yaml

@@ -16,9 +16,14 @@ spec:
     spec:
       containers:
         - name: nginx
+<<<<<<< HEAD
+          image: nginxinc/nginx-unprivileged
+=======
           image: nginxinc/nginx-unprivileged:stable
+>>>>>>> d3eafd0aab8d1502d15552170abd13d1ba11deea
           ports:
             - containerPort: 80
+ # Add Security Context to the Pod           
           securityContext:
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
+            runAsNonRoot: true # Ensures the container runs as a non-root user
+            allowPrivilegeEscalation: false  # Prevents the container from gaining additional privileges

01-kubernetes-fundamentals/nginx-pod.yaml

@@ -7,6 +7,13 @@ metadata:
 spec:
   containers:
     - name: nginx
+<<<<<<< HEAD
+      image: nginxinc/nginx-unprivileged
+=======
       image: nginxinc/nginx-unprivileged:stable
+>>>>>>> d3eafd0aab8d1502d15552170abd13d1ba11deea
       ports:
         - containerPort: 80
+      securityContext:
+        runAsNonRoot: true # Ensures the container runs as a non-root user
+        allowPrivilegeEscalation: false  # Prevents the container from gaining additional privileges

99-reflections/week1.md

@@ -6,46 +6,52 @@ This week, I worked through the Kubernetes fundamentals lab where I deployed a b
 
 ## ✅ What I Learned
 
-- 
-- 
-- 
-- 
+- Pods are single units; Deployments manage replicas and scaling (rollout strategies)
+- Security contexts is the first line of defense for controlling how containers behave from a security standpoint. It defines privilege and       access control settings for a Pod or its individual containers
+- Deploy contains 1 or more pods
+- Deployment availability depends on pods availability. If a pod is no running, it deployment would not run as well.
 
 
 ---
 
 ## ❓ What Was Challenging
 
-- 
-- 
-- 
+- Getting the pods and deployment to be available (running) without compromising the security.
+- Error: container has runAsNonRoot and image will run as root (pod: "nginx-deployment-dcb68cf9f-fnx7j_default(65476189-63a9-4c3a-a9e2-20a077318343)", container: nginx)
 
 ---
 
 ## 🧪 Commands I Practiced
 
 ```bash
-
-
-
+kubectl apply -f nginx-pod.yaml
+kubectl apply -f nginx-deployment.yaml
+kubectl get pods
+kubectl get deployment
+kubectl describe pods nginx
+kubectl describe deployment nginx-deployment
+kubectl scale deployment nginx-deployment --replicas=3
 
 ```
 
 ---
 
 ## 🔐 Security Improvements I Made
 
-- 
-- 
+- Set `runAsNonRoot` to `true` to ensures the container runs as a non-root user 
+- Set `allowPrivilegeEscalation` to `false` to prevents the container from gaining additional privileges
 
 ---
 
 ## 📝 Questions I Still Have
 
-- 
-- 
-- 
+- How do I get the pods and deployment running (available) without compromising the security.
+- How do i fix the error from the `kubectl describe pods` command
+- Error:
 
+``` 
+Error: container has runAsNonRoot and image will run as root (pod: "nginx-deployment-dcb68cf9f-fnx7j_default(65476189-63a9-4c3a-a9e2-20a077318343)", container: nginx)
+```
 ---
 
 ## 📎 Related YAMLs

README.md

@@ -1,3 +1,8 @@
+## 🌱 KubeSkills GROW Challenge
+
+[![GROW Portfolio](https://img.shields.io/badge/GROW-portfolio-blue)](https://github.com/felix-codexyz/student-notebook)
+
+
 # 📘 KubeSkills Student Notebook Template
 
 Welcome to your **KubeSkills GitHub Repository of Work (GROW)** 🪴.