Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
Tags
- Terraform GKE
- Encapsulation
- Session Manager
- Terraform GCP GKE
- Terrafrom GCP
- 엔지니어블로그
- client vpn 인증서
- 비공개 GKE
- Decapsulation
- aws
- TCP/IP
- AWS private EC2
- 테라폼 private GKE
- 벨로그
- java s3 400
- ACM 도메인
- AWS client VPN 인증서
- 프라이빗 EC2 접속
- client vpn
- 문과남자의 과학공부
- AWS session manager
- 독서노트
- 비공개 GKE autorized
- 티스토리
- S3
- ACM
- velog
- s3 upload 400
Archives
- Today
- Total
망지로그
CKA - security context 본문
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Configure a Security Context for a Pod or Container
A security context defines privilege and access control settings for a Pod or Container. Security context settings include, but are not limited to: Discretionary Access Control: Permission to access an object, like a file, is based on user ID (UID) and gro
kubernetes.io
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-4
spec:
containers:
- name: sec-ctx-4
image: gcr.io/google-samples/hello-app:2.0
securityContext:
capabilities:
add: ["NET_ADMIN", "SYS_TIME"]security context capa 설정
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo-2
spec:
securityContext:
runAsUser: 1000
containers:
- name: sec-ctx-demo-2
image: gcr.io/google-samples/hello-app:2.0
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false기본적으로 run as user 1000으로 설정되고 특정 컨테이너에서 다시 옵션 설정해주면 그 설정이 반영됨
'Kubernetes' 카테고리의 다른 글
| CKA- pv,pvc (0) | 2024.07.02 |
|---|---|
| CKA - networkpolicy (0) | 2024.07.02 |
| CKA - secrets;private registry (0) | 2024.07.01 |
| CKA- service account (0) | 2024.07.01 |
| CKA - RBAC; Cluster Role, cluster role binding (0) | 2024.07.01 |