위키
포럼
도구
바뀐글
랜덤

K8s privileged

Jmnote (토론 | 기여)님의 2020년 8월 19일 (수) 22:58 판 (새 문서: ==개요== ;k8s privileged ;쿠버네티스 privileged <source lang='yaml'> apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: example spec: privileged: false #...)
(차이) ← 이전 판 | 최신판 (차이) | 다음 판 → (차이)

1 개요

k8s privileged
쿠버네티스 privileged
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  privileged: false  # Don't allow privileged pods!
  # The rest fills in some required fields.
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'

...
spec:
  template:
    spec:
      initContainers:
      - name: configure-sysctl
        image: busybox
        securityContext:
          runAsUser: 0
          privileged: true
        command: ["sysctl", "-w", "vm.max_map_count=262144"]

...
spec:
  template:
    spec:
      initContainers:
      - name: init-sysctl
        image: busybox:1.27.2
        command:
        - sysctl
        - -w
        - vm.max_map_count=262144
        securityContext:
          privileged: true

2 같이 보기

3 참고

원본 주소 "https://zetawiki.com/w/index.php?title=K8s_privileged&oldid=595912"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}