gitea/kubernetes-up-and-running
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
kubernetes-up-and-running/19-3-amicontained-pod-securitycontext.yaml
Lachlan Evenson 2d09842027
Chapter 19 updates 
Signed-off-by: Lachlan Evenson <lachlan.evenson@gmail.com>
2024-01-29 21:49:09 -08:00

27 lines
674 B
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Pod
metadata:
name: amicontained
annotations:
container.apparmor.security.beta.kubernetes.io/amicontained: "runtime/default"
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
seccompProfile:
type: RuntimeDefault
containers:
- image: jess/amicontained:v0.4.9
name: amicontained
command: [ "/bin/sh", "-c", "--" ]
args: [ "amicontained" ]
securityContext:
capabilities:
add: ["SYS_TIME"]
drop: ["NET_BIND_SERVICE"]
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
privileged: false
Reference in New Issue View Git Blame Copy Permalink