(→같이 보기) |
(→같이 보기) |
||
| 53번째 줄: | 53번째 줄: | ||
==같이 보기== | ==같이 보기== | ||
* [[k8s 초기화 컨테이너]] | * [[k8s 초기화 컨테이너]] | ||
* [[k8s securityContext]] | |||
* [[k8s PodSecurityPolicy]] | * [[k8s PodSecurityPolicy]] | ||
* [[k8s allowPrivilegeEscalation]] | * [[k8s allowPrivilegeEscalation]] | ||
2020년 10월 7일 (수) 19:09 판
1 개요
- k8s privileged
- 쿠버네티스 privileged
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: example
spec:
privileged: false # Don't allow privileged pods!
# The rest fills in some required fields.
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'
...
spec:
template:
spec:
initContainers:
- name: configure-sysctl
image: busybox
securityContext:
runAsUser: 0
privileged: true
command: ["sysctl", "-w", "vm.max_map_count=262144"]
...
spec:
template:
spec:
initContainers:
- name: init-sysctl
image: busybox:1.27.2
command:
- sysctl
- -w
- vm.max_map_count=262144
securityContext:
privileged: true
2 같이 보기
3 참고
로그인하시면 댓글을 쓸 수 있습니다.
{{ comment.name }}
{{ comment.created | snstime }}
-
{{comment.page_title}} ―{{comment.name}}