restricted | anyuid | privileged |
---|---|---|
allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: true |
allowHostIPC: false | allowHostIPC: false | allowHostIPC: true |
allowHostNetwork: false | allowHostNetwork: false | allowHostNetwork: true |
allowHostPID: false | allowHostPID: false | allowHostPID: true |
allowHostPorts: false | allowHostPorts: false | allowHostPorts: true |
allowPrivilegeEscalation: true | allowPrivilegeEscalation: true | allowPrivilegeEscalation: true |
allowPrivilegedContainer: false | allowPrivilegedContainer: false | allowPrivilegedContainer: true |
allowedCapabilities: null | allowedCapabilities: [ | allowedCapabilities: [*] |
NET_RAW | ||
FSETID | ||
SETGID | ||
SETUID | ||
CHOWN | ||
SYS_CHROOT] | ||
allowedUnsafeSysctls: | allowedUnsafeSysctls: [*] | |
apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 |
defaultAddCapabilities: null | defaultAddCapabilities: null | defaultAddCapabilities: null |
fsGroup: | fsGroup: RunAsAny | fsGroup: RunAsAny |
groups: [] | groups: [system:cluster-admins] | groups: [system:cluster-admins, system:nodes, system:masters] |
kind: SecurityContextConstraints | kind: SecurityContextConstraints | kind: SecurityContextConstraints |
name: restricted | name: anyuid | name: privileged |
resourceVersion: "3512475209" | resourceVersion: "3512475203" | resourceVersion: "340" |
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d | uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 | uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050 |
priority: null | priority: 10 | priority: null |
readOnlyRootFilesystem: false | readOnlyRootFilesystem: false | readOnlyRootFilesystem: false |
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] | requiredDropCapabilities: [MKNOD] | requiredDropCapabilities: null |
runAsUser: | runAsUser: RunAsAny | runAsUser: RunAsAny |
seLinuxContext: | seLinuxContext: MustRunAs | seLinuxContext: RunAsAny |
supplementalGroups: RunAsAny | supplementalGroups: RunAsAny | supplementalGroups: RunAsAny |
users: [] | users: [] | users: [system:admin, system:serviceaccount:openshift-infra:build-controller] |
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [*] |
【k8s】scc权限 restricted、anyuid、privileged
云川之下2025-01-10 11:16
相关推荐
小新学习屋18 分钟前
《剑指offer》-数据结构篇-树好心的小明25 分钟前
【深度之眼机器学习笔记】04-01-决策树简介、熵,04-02-条件熵及计算举例,04-03-信息增益、ID3算法恣艺2 小时前
LeetCode 1074:元素和为目标值的子矩阵数量queenlll3 小时前
P1064 [NOIP 2006 提高组] 金明的预算方案 题解WildBlue3 小时前
前端算法秘籍:BFS 算法的 JS 魔法之旅🤩设计师小聂!4 小时前
力扣---------238. 除自身以外数组的乘积minji...4 小时前
数据结构 二叉树(2)---二叉树的实现草香农4 小时前
Keccak 算法详解荒诞硬汉5 小时前
二维数组相关学习周末程序猿6 小时前
技术总结|如何使用提升 strlen 的性能?