| restricted | anyuid | privileged |
|---|---|---|
| allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: true |
| allowHostIPC: false | allowHostIPC: false | allowHostIPC: true |
| allowHostNetwork: false | allowHostNetwork: false | allowHostNetwork: true |
| allowHostPID: false | allowHostPID: false | allowHostPID: true |
| allowHostPorts: false | allowHostPorts: false | allowHostPorts: true |
| allowPrivilegeEscalation: true | allowPrivilegeEscalation: true | allowPrivilegeEscalation: true |
| allowPrivilegedContainer: false | allowPrivilegedContainer: false | allowPrivilegedContainer: true |
| allowedCapabilities: null | allowedCapabilities: [ | allowedCapabilities: [*] |
| NET_RAW | ||
| FSETID | ||
| SETGID | ||
| SETUID | ||
| CHOWN | ||
| SYS_CHROOT] | ||
| allowedUnsafeSysctls: | allowedUnsafeSysctls: [*] | |
| apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 |
| defaultAddCapabilities: null | defaultAddCapabilities: null | defaultAddCapabilities: null |
| fsGroup: | fsGroup: RunAsAny | fsGroup: RunAsAny |
| groups: [] | groups: [system:cluster-admins] | groups: [system:cluster-admins, system:nodes, system:masters] |
| kind: SecurityContextConstraints | kind: SecurityContextConstraints | kind: SecurityContextConstraints |
| name: restricted | name: anyuid | name: privileged |
| resourceVersion: "3512475209" | resourceVersion: "3512475203" | resourceVersion: "340" |
| uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d | uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 | uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050 |
| priority: null | priority: 10 | priority: null |
| readOnlyRootFilesystem: false | readOnlyRootFilesystem: false | readOnlyRootFilesystem: false |
| requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] | requiredDropCapabilities: [MKNOD] | requiredDropCapabilities: null |
| runAsUser: | runAsUser: RunAsAny | runAsUser: RunAsAny |
| seLinuxContext: | seLinuxContext: MustRunAs | seLinuxContext: RunAsAny |
| supplementalGroups: RunAsAny | supplementalGroups: RunAsAny | supplementalGroups: RunAsAny |
| users: [] | users: [] | users: [system:admin, system:serviceaccount:openshift-infra:build-controller] |
| volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [*] |
【k8s】scc权限 restricted、anyuid、privileged
云川之下2025-01-10 11:16
相关推荐
机器学习之心15 小时前
多目标鲸鱼优化算法(NSWOA),含46种测试函数和9个评价指标,MATLAB实现max50060016 小时前
基于Meta Llama的二语习得学习者行为预测计算模型王哥儿聊AI17 小时前
Lynx:新一代个性化视频生成模型,单图即可生成视频,重新定义身份一致性与视觉质量手握风云-19 小时前
优选算法的寻踪契合:字符串专题闭着眼睛学算法19 小时前
【华为OD机考正在更新】2025年双机位A卷真题【完全原创题解 | 详细考点分类 | 不断更新题目 | 六种主流语言Py+Java+Cpp+C+Js+Go】IT古董19 小时前
【第五章:计算机视觉-项目实战之目标检测实战】2.目标检测实战:中国交通标志检测-(2)中国交通标志检测数据格式转化与读取MobotStone19 小时前
LLM 采样入门到进阶:理解与实践 Top-K、Top-P、温度控制杨小码不BUG20 小时前
CSP-J/S初赛知识点精讲-图论LeaderSheepH21 小时前
常见的排序算法周杰伦_Jay1 天前
【图文详解】强化学习核心框架、数学基础、分类、应用场景