K8s privileged

Jmnote (토론 | 기여)님의 2020년 8월 19일 (수) 23:00 판 (Jmnote님이 K8s privileged 문서를 쿠버네티스 privileged 문서로 이동했습니다)

1 개요

k8s privileged
쿠버네티스 privileged
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  privileged: false  # Don't allow privileged pods!
  # The rest fills in some required fields.
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'
...
spec:
  template:
    spec:
      initContainers:
      - name: configure-sysctl
        image: busybox
        securityContext:
          runAsUser: 0
          privileged: true
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
...
spec:
  template:
    spec:
      initContainers:
      - name: init-sysctl
        image: busybox:1.27.2
        command:
        - sysctl
        - -w
        - vm.max_map_count=262144
        securityContext:
          privileged: true

2 같이 보기

3 참고

문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}