| restricted | anyuid | privileged |
|---|---|---|
| allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: true |
| allowHostIPC: false | allowHostIPC: false | allowHostIPC: true |
| allowHostNetwork: false | allowHostNetwork: false | allowHostNetwork: true |
| allowHostPID: false | allowHostPID: false | allowHostPID: true |
| allowHostPorts: false | allowHostPorts: false | allowHostPorts: true |
| allowPrivilegeEscalation: true | allowPrivilegeEscalation: true | allowPrivilegeEscalation: true |
| allowPrivilegedContainer: false | allowPrivilegedContainer: false | allowPrivilegedContainer: true |
| allowedCapabilities: null | allowedCapabilities: [ | allowedCapabilities: \* |
| NET_RAW | ||
| FSETID | ||
| SETGID | ||
| SETUID | ||
| CHOWN | ||
| SYS_CHROOT] | ||
| allowedUnsafeSysctls: | allowedUnsafeSysctls: \* | |
| apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 |
| defaultAddCapabilities: null | defaultAddCapabilities: null | defaultAddCapabilities: null |
| fsGroup: | fsGroup: RunAsAny | fsGroup: RunAsAny |
| groups: \[\] | groups: system:cluster-admins | groups: system:cluster-admins, system:nodes, system:masters |
| kind: SecurityContextConstraints | kind: SecurityContextConstraints | kind: SecurityContextConstraints |
| name: restricted | name: anyuid | name: privileged |
| resourceVersion: "3512475209" | resourceVersion: "3512475203" | resourceVersion: "340" |
| uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d | uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 | uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050 |
| priority: null | priority: 10 | priority: null |
| readOnlyRootFilesystem: false | readOnlyRootFilesystem: false | readOnlyRootFilesystem: false |
| requiredDropCapabilities: KILL, MKNOD, SETUID, SETGID | requiredDropCapabilities: MKNOD | requiredDropCapabilities: null |
| runAsUser: | runAsUser: RunAsAny | runAsUser: RunAsAny |
| seLinuxContext: | seLinuxContext: MustRunAs | seLinuxContext: RunAsAny |
| supplementalGroups: RunAsAny | supplementalGroups: RunAsAny | supplementalGroups: RunAsAny |
| users: \[\] | users: \[\] | users: system:admin, system:serviceaccount:openshift-infra:build-controller |
| volumes: configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret | volumes: configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret | volumes: \* |
【k8s】scc权限 restricted、anyuid、privileged
云川之下2025-01-10 11:16
相关推荐
sheeta19987 分钟前
LeetCode 每日一题笔记 日期:2026.06.02 题目:3633. 最早完成陆地和水上游乐设施的时间 I王哈哈^_^21 分钟前
【源码教程+数据集】农作物分类检测数据集 10712 张,农作物分类检测系统实战教程bIo7lyA8v1 小时前
算法优化中的多线程数据一致性问题的技术8東隅已逝,桑榆非晚1 小时前
数据结构:算法效率与复杂度分析详解凌波粒1 小时前
LeetCode--236. 二叉树的最近公共祖先(二叉树)半夜修仙1 小时前
分治思想对数组进行排序-归并排序数智工坊1 小时前
周志华《Machine Learning》学习笔记--第六章--支持向量机casual~1 小时前
【学习记录】社交怪人1 小时前
【奇偶ASCII值】信息学奥赛一本通C语言解法(题号1042)