检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
apiVersion: apps/v1 metadata: name: {{app_name}} namespace: {{namespace}} spec: replicas: 3 selector: matchLabels: app: {{app_name}}
Service metadata: name: allowed-external-ip spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80
Service metadata: name: allowed-external-ip spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80
kind: Deployment apiVersion: apps/v1 metadata: name: policy-test namespace: kube-system labels: app: policy-test spec: replicas:
"true" creationTimestamp: null labels: kubernetes.io/bootstrapping: rbac-defaults rbac.authorization.k8s.io/aggregate-to-edit: "true"
metadata: name: nginx-readonlyrootfilesystem-allowed labels: app: nginx-readonlyrootfilesystem spec: containers: - name: nginx
Pod metadata: name: nginx-privilege-escalation-allowed labels: app: nginx-privilege-escalation spec: containers: - name: nginx image:
kind: Pod metadata: name: nginx-proc-mount-disallowed labels: app: nginx-proc-mount spec: containers: - name: nginx image: nginx
v1 kind: Pod metadata: name: nginx-privileged-allowed labels: app: nginx-privileged spec: containers: - name: nginx image: nginx
metadata: name: nginx-automountserviceaccounttoken-allowed labels: app: nginx-not-automountserviceaccounttoken spec: automountServiceAccountToken:
# 在weather命名空间下创建 spec: selector: matchLabels: app: forecast version: v2 rules: - from: - source: principals:
kind: Pod metadata: name: nginx-host-namespace-allowed labels: app: nginx-host-namespace spec: hostPID: false hostIPC: false containers:
Pod metadata: name: nginx-flexvolume-driver-allowed labels: app: nginx-flexvolume-driver spec: containers: - name: nginx image:
apiVersion: v1 kind: Pod metadata: name: nginx-host-filesystem labels: app: nginx-host-filesystem-disallowed spec: containers: - name: nginx
seccomp.security.alpha.kubernetes.io/nginx: runtime/default labels: app: nginx-seccomp spec: containers: - name: nginx image: nginx 不符合策略实例的资源定义
metadata: name: nginx-host-networking-ports-allowed labels: app: nginx-host-networking-ports spec: hostNetwork: false containers:
kind: Pod metadata: name: nginx-selinux-allowed labels: app: nginx-selinux spec: containers: - name: nginx image: nginx
Pod metadata: name: nginx-forbidden-sysctls-disallowed labels: app: nginx-forbidden-sysctls spec: containers: - name: nginx
apiVersion: v1 kind: Pod metadata: name: nginx-users-allowed labels: app: nginx-users spec: securityContext: supplementalGroups: -
kind: Pod metadata: name: nginx-volume-types-allowed labels: app: nginx-volume-types spec: containers: - name: nginx image: nginx