创建具备特权的容器

apiVersion: apps/v1
kind: Deployment
metadata:
  name: cve-2021-3156-privilege-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: cve-2021-3156-privilege-true
        image: 172.18.8.210:5000/library/valapp/cve-2021-3156:latest
        command:
        - sleep
        - 9999d
        securityContext:
          # 这里是重点
          privileged: true
          runAsUser: 1001
          capabilities:
            add:
            - CAP_SYS_PTRACE
      nodeSelector:
        kubernetes.io/hostname: hygon-ubuntu-vm2

posted @ 2024-06-19 15:47 JaneySJ 阅读(11) 评论(0) 编辑收藏举报

刷新页面返回顶部

小虎牙磕代码

创建具备特权的容器

公告