RunAsGroup documentation for Progressing this to Beta

content/en/docs/reference/command-line-tools-reference/feature-gates.md

@@ -124,7 +124,7 @@ different Kubernetes components.
 | `RotateKubeletClientCertificate` | `true` | Beta | 1.7 | |
 | `RotateKubeletServerCertificate` | `false` | Alpha | 1.7 | 1.11 |
 | `RotateKubeletServerCertificate` | `true` | Beta | 1.12 | |
-| `RunAsGroup` | `false` | Alpha | 1.10 | |
+| `RunAsGroup` | `true` | Beta | 1.14 | |
 | `RuntimeClass` | `true` | Beta | 1.14 | |
 | `SCTPSupport` | `false` | Alpha | 1.12 | |
 | `ServiceNodeExclusion` | `false` | Alpha | 1.8 | |

content/en/docs/reference/glossary/security-context.md

@@ -14,5 +14,4 @@ tags:
 
 <!--more--> 
 
-The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user (runAsUser) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
-
+The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user, groups, capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) and more that container processes use.

content/en/docs/tasks/configure-pod-container/security-context.md

@@ -52,10 +52,11 @@ Here is a configuration file for a Pod that has a `securityContext` and an `empt
 {{< codenew file="pods/security/security-context.yaml" >}}
 
 In the configuration file, the `runAsUser` field specifies that for any Containers in
-the Pod, the first process runs with user ID 1000. The `fsGroup` field specifies that
-group ID 2000 is associated with all Containers in the Pod. Group ID 2000 is also
-associated with the volume mounted at `/data/demo` and with any files created in that
-volume.
+the Pod, all processes run with user ID 1000. The `runAsGroup` field specifies the primary group ID of 3000 for 
+all processes within any containers of the Pod. If this field is ommitted, the primary group ID of the containers 
+will be root(0). Any files created will also be owned by user 1000 and group 3000 when `runAsGroup` is specified. 
+Since `fsGroup` field is specified, all processes of the container are also part of the supplementary group ID 2000. 
+The owner for volume `/data/demo` and any files created in that volume will be Group ID 2000. 
 
 Create the Pod:
 
@@ -123,6 +124,16 @@ The output shows that `testfile` has group ID 2000, which is the value of `fsGro
 -rw-r--r-- 1 1000 2000 6 Jun  6 20:08 testfile
 ```
 
+Run the following command:
+
+```shell
+$ id
+uid=1000 gid=3000 groups=2000
+```
+You will see that gid is 3000 which is same as `runAsGroup` field. If the `runAsGroup` was ommitted the gid would
+remain as 0(root) and the process will be able to interact with files that are owned by root(0) group and that have 
+the required group permissions for root(0) group.
+
 Exit your shell:
 
 ```shell
@@ -357,5 +368,3 @@ After you specify an MCS label for a Pod, all Pods with the same label can acces
 
 
 {{% /capture %}}
-
-