检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
tab=detail。 已创建的存储资源详情可以在“云容器引擎 > 资源 > 容器存储”页面查看。 登录UCS控制台,在左侧导航栏中选择“云原生服务中心”,单击“我的订阅”页签。“我的订阅”可管理用户从服务目录订阅的服务,支持创建实例、更新、退订等操作。
表1 错误码说明 错误码 状态码 错误信息 描述 UCS.00000001 400 Failed to obtain the user information.
UCS.00150007 500 Get policy job failed. 获取策略任务失败 请参考返回的message,或联系技术支持。 UCS.01000001 400 Failed to obtain the user information.
磁盘挂卷 表6 磁盘挂卷 节点类型 磁盘挂载点 可用大小(GB) 用途 集群管理节点 /var/lib/containerd 50 存放containerd镜像目录 /run/containerd 30 containerd运行时目录 /var/paas/run 50 etcd数据目录
/default labels: app: nginx-seccomp spec: containers: - name: nginx image: nginx 不符合策略实例的资源定义 示例中的container.seccomp.security.alpha.kubernetes.io
k8scontainerrequests k8scontainerlimits k8sblockwildcardingress k8sblocknodeport k8sblockloadbalancer k8sblockendpointeditdefaultrole k8spspautomountserviceaccounttokenpod
apiVersion: v1 kind: Pod metadata: name: test-pod1 spec: containers: - name: tomcat image: tomcat ports: - containerPort: 8080
- name: nginx image: nginx ports: - containerPort: 9001 hostPort: 9001 父主题: 使用策略定义库
- name: nginx image: nginx:1.14.2 ports: - containerPort: 80 父主题: 使用策略定义库
/nginx: unconfined labels: app: nginx-apparmor spec: containers: - name: nginx image: nginx 父主题: 使用策略定义库
Same as domain-name when using main account, otherwise use iam user name 其中,Flags分为用户名密码、AKSK和公共配置。
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sDisallowedTags metadata: name: container-image-must-not-have-latest-tag spec: match
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sImageDigests metadata: name: container-image-must-have-digest spec: match: kinds
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sRequiredResources metadata: name: container-must-have-cpu-requests-memory-limits-and-requests
RESPONSE_CODE_DETAILS%", "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%", "bytes_received": "%BYTES_RECEIVED%", "bytes_sent
", "xdomain_id": "30086000........
apiVersion: v1 kind: Pod metadata: name: nginx-disallowed spec: containers: - name: nginx image: nginx 父主题: 使用策略定义库
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPReadOnlyRootFilesystem metadata: name: psp-readonlyrootfilesystem spec: match:
may be used to allow all volume types - configMap - emptyDir - projected - secret - downwardAPI - persistentVolumeClaim
请检查成员集群中是否有“LoadCorednsConditionFailed”或者“StoreCorednsConditionFailed”类型的事件。若存在,请按事件中的错误提示进行处理。