- Sort Score
- Result 10 results
- Languages All
Results 1 - 5 of 5 for cap (0.16 sec)
-
cni/README.md
- CAP_SYS_ADMIN - CAP_NET_ADMIN - CAP_NET_RAW ## Ambient mode details Fundamentally, this component is responsible for the following:
Plain Text - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Wed Feb 28 17:29:38 GMT 2024 - 12.1K bytes - Viewed (0) -
istioctl/pkg/kubeinject/testdata/mesh-config.yaml
# The "TPROXY" mode preserves both the source and destination IP # addresses and ports, so that they can be used for advanced filtering # and manipulation. # The "TPROXY" mode also configures the sidecar to run with the # CAP_NET_ADMIN capability, which is required to use TPROXY. #interceptionMode: REDIRECT # # Port where Envoy listens (on local host) for admin commands # You can exec into the istio-proxy container in a pod and
Others - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Thu Jun 15 15:02:17 GMT 2023 - 2.2K bytes - Viewed (0) -
manifests/charts/istio-cni/values.yaml
# Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. repairPods: true initContainerName: "istio-validation" brokenPodLabelKey: "cni.istio.io/uninitialized" brokenPodLabelValue: "true"
Others - Registered: Wed Mar 20 22:53:08 GMT 2024 - Last Modified: Wed Feb 28 17:29:38 GMT 2024 - 5.1K bytes - Viewed (1) -
manifests/charts/istio-cni/templates/daemonset.yaml
# privileged is redundant with CAP_SYS_ADMIN # since it's redundant, hardcode it to `true`, then manually drop ALL + readd granular # capabilities we actually require capabilities: drop: - ALL add: # CAP_NET_ADMIN is required to allow ipset and route table access - NET_ADMIN
Others - Registered: Wed Mar 20 22:53:08 GMT 2024 - Last Modified: Wed Feb 28 17:29:38 GMT 2024 - 9.4K bytes - Viewed (0) -
common-protos/k8s.io/api/core/v1/generated.proto
// If set to true or not present, the pod will be run in the host user namespace, useful // for when the pod needs a feature only available to the host user namespace, such as // loading a kernel module with CAP_SYS_MODULE. // When set to false, a new userns is created for the pod. Setting false is useful for // mitigating container breakout vulnerabilities even allowing users to run their
Plain Text - Registered: Wed Apr 24 22:53:08 GMT 2024 - Last Modified: Mon Mar 11 18:43:24 GMT 2024 - 255.8K bytes - Viewed (0)