Challenge, Easy,  on  Kubernetes

Multi-Container Pod Security Design

Scenario

You need to create a Pod with two containers that run as different users but share a common group ID for file access. This is a common pattern when multiple containers need to collaborate on shared files while maintaining process isolation.

Tasks

  1. Create a Pod named twin-uid in the sec-ctx namespace.
  2. Configure two containers in the Pod:
    • Container named preproc running as user ID 1000
    • Container named shipper running as user ID 2000
  3. Both containers must use the image public.ecr.aws/docker/library/busybox:stable.
  4. Configure both containers to remain running (use a command like sleep infinity).
  5. Set a Pod-level security context with fsGroup so both containers can share file access.

Test Cases

Level up your Server Side game — Join 20,000 engineers who receive insightful learning materials straight to their inbox

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge security-contexts-in-multi-container-pods-09f6fb9f

This will create a local copy of the challenge content in a directory named security-contexts-in-multi-container-pods-09f6fb9f. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge security-contexts-in-multi-container-pods-09f6fb9f

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge