检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
表1 错误码说明 错误码 状态码 错误信息 描述 UCS.00000001 400 Failed to obtain the user information.
/default labels: app: nginx-seccomp spec: containers: - name: nginx image: nginx 不符合策略实例的资源定义 示例中的container.seccomp.security.alpha.kubernetes.io
apiVersion: v1 kind: Pod metadata: name: test-pod1 spec: containers: - name: tomcat image: tomcat ports: - containerPort: 8080
k8scontainerrequests k8scontainerlimits k8sblockwildcardingress k8sblocknodeport k8sblockloadbalancer k8sblockendpointeditdefaultrole k8spspautomountserviceaccounttokenpod
- name: nginx image: nginx:1.14.2 ports: - containerPort: 80 父主题: 使用策略定义库
Same as domain-name when using main account, otherwise use iam user name 其中,Flags分为用户名密码、AKSK和公共配置。
- name: nginx image: nginx ports: - containerPort: 9001 hostPort: 9001 父主题: 使用策略定义库
/nginx: unconfined labels: app: nginx-apparmor spec: containers: - name: nginx image: nginx 父主题: 使用策略定义库
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sImageDigests metadata: name: container-image-must-have-digest spec: match: kinds
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sDisallowedTags metadata: name: container-image-must-not-have-latest-tag spec: match
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sRequiredResources metadata: name: container-must-have-cpu-requests-memory-limits-and-requests
RESPONSE_CODE_DETAILS%", "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%", "bytes_received": "%BYTES_RECEIVED%", "bytes_sent
", "xdomain_id": "30086000........
apiVersion: v1 kind: Pod metadata: name: nginx-disallowed spec: containers: - name: nginx image: nginx 父主题: 使用策略定义库
请检查成员集群中是否有“LoadCorednsConditionFailed”或者“StoreCorednsConditionFailed”类型的事件。若存在,请按事件中的错误提示进行处理。
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPReadOnlyRootFilesystem metadata: name: psp-readonlyrootfilesystem spec: match:
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPHostNamespace metadata: name: psp-host-namespace spec: match: kinds:
may be used to allow all volume types - configMap - emptyDir - projected - secret - downwardAPI - persistentVolumeClaim
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPAutomountServiceAccountTokenPod metadata: name: psp-automount-serviceaccount-token-pod
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPProcMount metadata: name: psp-proc-mount spec: match: kinds: - apiGroups
长按/截图保存,微信识别二维码
或者关注公众号“华为云”
