检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
表1 错误码说明 错误码 状态码 错误信息 描述 UCS.00000001 400 Failed to obtain the user information.
UCS.00150007 500 Get policy job failed. 获取策略任务失败 请参考返回的message,或联系技术支持。 UCS.01000001 400 Failed to obtain the user information.
/default labels: app: nginx-seccomp spec: containers: - name: nginx image: nginx 不符合策略实例的资源定义 示例中的container.seccomp.security.alpha.kubernetes.io
- name: nginx image: nginx:1.14.2 ports: - containerPort: 80 父主题: 使用策略定义库
apiVersion: v1 kind: Pod metadata: name: test-pod1 spec: containers: - name: tomcat image: tomcat ports: - containerPort: 8080
k8scontainerrequests k8scontainerlimits k8sblockwildcardingress k8sblocknodeport k8sblockloadbalancer k8sblockendpointeditdefaultrole k8spspautomountserviceaccounttokenpod
Same as domain-name when using main account, otherwise use iam user name 其中,Flags分为用户名密码、AKSK和公共配置。
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sImageDigests metadata: name: container-image-must-have-digest spec: match: kinds
/nginx: unconfined labels: app: nginx-apparmor spec: containers: - name: nginx image: nginx 父主题: 使用策略定义库
- name: nginx image: nginx ports: - containerPort: 9001 hostPort: 9001 父主题: 使用策略定义库
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sDisallowedTags metadata: name: container-image-must-not-have-latest-tag spec: match
", "xdomain_id": "30086000........
RESPONSE_CODE_DETAILS%", "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%", "bytes_received": "%BYTES_RECEIVED%", "bytes_sent
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sRequiredResources metadata: name: container-must-have-cpu-requests-memory-limits-and-requests
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPHostNamespace metadata: name: psp-host-namespace spec: match: kinds:
请检查成员集群中是否有“LoadCorednsConditionFailed”或者“StoreCorednsConditionFailed”类型的事件。若存在,请按事件中的错误提示进行处理。
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPReadOnlyRootFilesystem metadata: name: psp-readonlyrootfilesystem spec: match:
apiVersion: v1 kind: Pod metadata: name: nginx-disallowed spec: containers: - name: nginx image: nginx 父主题: 使用策略定义库
may be used to allow all volume types - configMap - emptyDir - projected - secret - downwardAPI - persistentVolumeClaim
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPForbiddenSysctls metadata: name: psp-forbidden-sysctls spec: match: kinds:
长按/截图保存,微信识别二维码
或者关注公众号“华为云”
