目录
1.Pod管理
在master节点/root目录下编写yaml文件nginx.yaml,具体要求如下:
(1)Pod名称:nginx-pod;
(2)命名空间:default;
(3)容器名称:mynginx;
(4)镜像:nginx;拉取策略:IfNotPresent;
(5)容器端口:80。
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
namespace: default
spec:
containers:
- image: nginx:latest
imagePullPolicy: IfNotPresent
name: mynginx
ports:
- containerPort: 80
restartPolicy: Always
kubectl apply -f nginx.yaml && kubectl get pods
kubectl get pods nginx-pod -o yaml
........
name: nginx-pod || imagePullPolicy: IfNotPresent || containerPort: 80
2.Pod安全策略
在master节点/root目录下编写yaml文件policy.yaml,具体要求如下:
(1)安全策略名称:pod-policy;
(2)仅禁止创建特权模式的Pod;
(3)其它所有字段都被允许。
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: pod-policy
spec:
privileged: false
allowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
kubectl apply -f policy.yaml && kubectl get podsecuritypolicy.policy
...
pod-policy false || RunAsAny RunAsAny RunAsAny RunAsAny false