andre/kuboard-press
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security context

Browse Source
This commit is contained in:
huanqing.shao
2019-10-04 16:57:09 +08:00
parent cfc8a2df67
commit ffc7435a0c
13 changed files with 310 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.vuepress/config.js
View File

@ -322,10 +322,11 @@ module.exports = {
collapsable: true,
children: [
'k8s-intermediate/config/sec-ctx/',
// 'k8s-intermediate/config/sec-ctx/pod',
// 'k8s-intermediate/config/sec-ctx/con',
// 'k8s-intermediate/config/sec-ctx/con-cap',
// 'k8s-intermediate/config/sec-ctx/con-sel',
'k8s-intermediate/config/sec-ctx/pod',
'k8s-intermediate/config/sec-ctx/con',
'k8s-intermediate/config/sec-ctx/con-cap',
'k8s-intermediate/config/sec-ctx/con-sel',
'k8s-intermediate/config/sec-ctx/volumes',
]
},
]

21
.vuepress/public/statics/learning/sec-ctx/security-context-1.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
volumes:
- name: sec-ctx-vol
emptyDir: {}
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
securityContext:
allowPrivilegeEscalation: false

14
.vuepress/public/statics/learning/sec-ctx/security-context-2.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-2
spec:
securityContext:
runAsUser: 1000
containers:
- name: sec-ctx-demo-2
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false

9
.vuepress/public/statics/learning/sec-ctx/security-context-3.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-3
spec:
containers:
- name: sec-ctx-demo-3
image: busybox
command: [ "sh", "-c", "sleep 1h" ]

12
.vuepress/public/statics/learning/sec-ctx/security-context-4.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-4
spec:
containers:
- name: sec-ctx-demo-4
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
securityContext:
capabilities:
add: ["NET_ADMIN", "SYS_TIME"]