restricted | anyuid | privileged |
---|---|---|
allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: true |
allowHostIPC: false | allowHostIPC: false | allowHostIPC: true |
allowHostNetwork: false | allowHostNetwork: false | allowHostNetwork: true |
allowHostPID: false | allowHostPID: false | allowHostPID: true |
allowHostPorts: false | allowHostPorts: false | allowHostPorts: true |
allowPrivilegeEscalation: true | allowPrivilegeEscalation: true | allowPrivilegeEscalation: true |
allowPrivilegedContainer: false | allowPrivilegedContainer: false | allowPrivilegedContainer: true |
allowedCapabilities: null | allowedCapabilities: [ | allowedCapabilities: [*] |
NET_RAW | ||
FSETID | ||
SETGID | ||
SETUID | ||
CHOWN | ||
SYS_CHROOT] | ||
allowedUnsafeSysctls: | allowedUnsafeSysctls: [*] | |
apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 |
defaultAddCapabilities: null | defaultAddCapabilities: null | defaultAddCapabilities: null |
fsGroup: | fsGroup: RunAsAny | fsGroup: RunAsAny |
groups: [] | groups: [system:cluster-admins] | groups: [system:cluster-admins, system:nodes, system:masters] |
kind: SecurityContextConstraints | kind: SecurityContextConstraints | kind: SecurityContextConstraints |
name: restricted | name: anyuid | name: privileged |
resourceVersion: "3512475209" | resourceVersion: "3512475203" | resourceVersion: "340" |
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d | uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 | uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050 |
priority: null | priority: 10 | priority: null |
readOnlyRootFilesystem: false | readOnlyRootFilesystem: false | readOnlyRootFilesystem: false |
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] | requiredDropCapabilities: [MKNOD] | requiredDropCapabilities: null |
runAsUser: | runAsUser: RunAsAny | runAsUser: RunAsAny |
seLinuxContext: | seLinuxContext: MustRunAs | seLinuxContext: RunAsAny |
supplementalGroups: RunAsAny | supplementalGroups: RunAsAny | supplementalGroups: RunAsAny |
users: [] | users: [] | users: [system:admin, system:serviceaccount:openshift-infra:build-controller] |
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [*] |
【k8s】scc权限 restricted、anyuid、privileged
云川之下2025-01-10 11:16
相关推荐
jerry60929 分钟前
优先队列、堆笔记(算法第四版)勤劳的牛马1 小时前
📚 小白学算法 | 每日一题 | 算法实战:加1!Epiphany.5561 小时前
基于c++的LCA倍增法实现一只码代码的章鱼1 小时前
学习笔记2(Lombok+算法)jerry6092 小时前
c++流对象2301_817031653 小时前
C语言-- 深入理解指针(4)·醉挽清风·3 小时前
学习笔记—双指针算法—移动零几点才到啊3 小时前
使用 malloc 函数模拟开辟一个 3x5 的整型二维数组编程绿豆侠4 小时前
力扣HOT100之链表:23. 合并 K 个升序链表Ayanami_Reii4 小时前
Leetcode837.新21点