正在生成
详细信息:
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
采集容器文件日志时,若节点存储模式为Device Mapper模式,路径配置必须为节点数据盘挂载路径。 若容器运行时为containerd模式,容器标准输出日志中的多行配置暂不生效。
容忍度(Toleration)说明 容忍度应用于Pod上,允许(但并不要求)Pod调度到带有与之匹配的污点的节点上。 污点和容忍度相互配合,可以用来避免Pod被分配到不合适的节点上。每个节点上都可以拥有一个或多个污点,而对这些污点没有设置容忍度的Pod,将不会被调度到该节点上。
matchLabels: app: {{app_name}} version: v1 template: metadata: labels: app: {{app_name}} version
apiVersion: apps/v1 kind: Deployment metadata: name: allowed-deployment spec: selector: matchLabels: app: nginx replicas: 3
apiVersion: v1 kind: Service metadata: name: allowed-external-ip spec: selector: app: MyApp ports: - name: http protocol:
apiVersion: v1 kind: Service metadata: name: allowed-external-ip spec: selector: app: MyApp ports: - name: http protocol:
namespace: kube-system labels: app: policy-test spec: replicas: 1 selector: matchLabels: app: policy-test-deploy template
metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" creationTimestamp: null labels: kubernetes.io/bootstrapping
apiVersion: v1 kind: Pod metadata: name: nginx-privileged-allowed labels: app: nginx-privileged spec: containers: - name: nginx
apiVersion: v1 kind: Pod metadata: name: nginx-automountserviceaccounttoken-allowed labels: app: nginx-not-automountserviceaccounttoken
apiVersion: v1 kind: Pod metadata: name: nginx-readonlyrootfilesystem-allowed labels: app: nginx-readonlyrootfilesystem spec: containers
forecast # 服务授权名 namespace: weather # 在weather命名空间下创建 spec: selector: matchLabels: app
apiVersion: v1 kind: Pod metadata: name: nginx-privilege-escalation-allowed labels: app: nginx-privilege-escalation spec: containers
apiVersion: v1 kind: Pod metadata: name: nginx-host-namespace-allowed labels: app: nginx-host-namespace spec: hostPID: false hostIPC
apiVersion: v1 kind: Pod metadata: name: nginx-host-filesystem labels: app: nginx-host-filesystem-disallowed spec: containers:
apiVersion: v1 kind: Pod metadata: name: nginx-proc-mount-disallowed labels: app: nginx-proc-mount spec: containers: - name: nginx
metadata: name: nginx-seccomp-disallowed annotations: container.seccomp.security.alpha.kubernetes.io/nginx: unconfined labels: app
apiVersion: v1 kind: Pod metadata: name: nginx-host-networking-ports-allowed labels: app: nginx-host-networking-ports spec: hostNetwork
apiVersion: v1 kind: Pod metadata: name: nginx-forbidden-sysctls-disallowed labels: app: nginx-forbidden-sysctls spec: containers:
apiVersion: v1 kind: Pod metadata: name: nginx-flexvolume-driver-allowed labels: app: nginx-flexvolume-driver spec: containers: -