위키
포럼
도구
바뀐글
랜덤

K8s privileged

1 개요[ | ]

k8s privileged
쿠버네티스 privileged

2 PodSpec[ | ]

kind: Deployment
...
spec:
  template:
    spec:
      initContainers:
      - name: configure-sysctl
        image: busybox
        securityContext:
          runAsUser: 0
          privileged: true
        command: ["sysctl", "-w", "vm.max_map_count=262144"]

kind: Deployment
...
spec:
  template:
    spec:
      initContainers:
      - name: init-sysctl
        image: busybox:1.27.2
        command:
        - sysctl
        - -w
        - vm.max_map_count=262144
        securityContext:
          privileged: true

3 PodSecurityPolicy[ | ]

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  privileged: false  # Don't allow privileged pods!
  # The rest fills in some required fields.
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  runAsUser:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  volumes:
  - '*'

4 같이 보기[ | ]

5 참고[ | ]

원본 주소 "https://zetawiki.com/w/index.php?title=K8s_privileged&oldid=905016"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}