检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
metadata: name: psp-privileged-container spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] excludedNamespaces: ["kube-system"]
psp-automount-serviceaccount-token-pod spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] excludedNamespaces: ["kube-system"]
psp-allow-privilege-escalation-container spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] 符合策略实例的资源定义 示例中allowPrivilegeEsca
metadata: name: psp-forbidden-sysctls spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: forbiddenSysctls:
container-image-must-not-have-latest-tag spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] namespaces: - "default"
K8sPSPProcMount metadata: name: psp-proc-mount spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: procMount: Default
K8sExternalIPs metadata: name: external-ips spec: match: kinds: - apiGroups: [""] kinds: ["Service"] parameters: allowedIPs:
K8sPSPFSGroup metadata: name: psp-fsgroup spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: rule: "MayRunAs"
metadata: name: all-must-have-owner spec: match: kinds: - apiGroups: [""] kinds: ["Namespace"] parameters: message: "All
K8sReplicaLimits metadata: name: replica-limits spec: match: kinds: - apiGroups: ["apps"] kinds: ["Deployment"] parameters: ranges:
name: container-must-have-requests spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: cpu: "200m"
metadata: name: psp-host-filesystem spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: allowedHostPaths:
quests-memory-limits-and-requests spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: limits: -
K8sPSPSeccomp metadata: name: psp-seccomp spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: allowedProfiles:
metadata: name: psp-host-network-ports spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: hostNetwork: bool
metadata: name: psp-flexvolume-drivers spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: allowedFlexVolumes:
K8sPSPAppArmor metadata: name: psp-apparmor spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: allowedProfiles:
metadata: name: block-wildcard-ingress spec: match: kinds: - apiGroups: ["extensions", "networking.k8s.io"] kinds: ["Ingress"]
metadata: name: capabilities-demo spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] namespaces: - "default"
container-must-meet-memory-and-cpu-ratio spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: ratio: "1" cpuRatio:
长按/截图保存,微信识别二维码
或者关注公众号“华为云”
