Search Options

Results per page
Sort
Preferred Languages
Advance

Results 141 - 150 of 330 for fsGroup (0.16 sec)

  2. github.com/kubernetes/kubernetes

    plugin/pkg/admission/security/podsecurity/testdata/pod_baseline.yaml 

      preemptionPolicy: PreemptLowerPriority
  priority: 2000000000
  priorityClassName: system-cluster-critical
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 65534
    seccompProfile:
      type: RuntimeDefault
    supplementalGroups:
    - 65534
  serviceAccount: kube-dns
  serviceAccountName: kube-dns
  terminationGracePeriodSeconds: 30
  tolerations:
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Oct 04 16:26:30 UTC 2021
    - 18.1K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/volume/downwardapi/downwardapi.go 

    		// change the permissions on the whole volume and not only in the timestamp directory.
		return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
	}
	err = writer.Write(data, setPerms)
	if err != nil {
		klog.Errorf("Error writing payload to dir: %v", err)
		return err
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue May 14 06:17:25 UTC 2024
    - 10.4K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    plugin/pkg/admission/security/podsecurity/testdata/pod_restricted.yaml 

      preemptionPolicy: PreemptLowerPriority
  priority: 2000000000
  priorityClassName: system-cluster-critical
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 65534
    seccompProfile:
      type: RuntimeDefault
    supplementalGroups:
    - 65534
  serviceAccount: kube-dns
  serviceAccountName: kube-dns
  terminationGracePeriodSeconds: 30
  tolerations:
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Oct 04 16:26:30 UTC 2021
    - 18.3K bytes
    - Viewed (0)
  5. github.com/istio/istio

    tests/integration/pilot/testdata/upgrade/1.9.5-install.yaml.tar 

    rvice` .Values.global.proxy.capNetBindService) `true` -}} - NET_BIND_SERVICE {{- end }} {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesyst: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot:...
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Jun 01 19:57:24 UTC 2021
    - 80K bytes
    - Viewed (0)
  6. github.com/istio/istio

    tests/integration/pilot/testdata/upgrade/1.10.0-install.yaml.tar 

    rvice` .Values.global.proxy.capNetBindService) `true` -}} - NET_BIND_SERVICE {{- end }} {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesyst: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot:...
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Jun 01 19:57:24 UTC 2021
    - 80K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    CHANGELOG/CHANGELOG-1.2.md 

            * Whether all containers should be non-root
        * Supplemental Groups
        * FSGroup - a special supplemental group
        * SELinux options
     * If a pod defines an FSGroup, that Pod’s system (emptyDir, secret, configMap,
etc) volumes and block-device volumes will be owned by the FSGroup, and each
container in the pod will run with the FSGroup as a supplemental group
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Dec 04 06:36:19 UTC 2020
    - 41.4K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    pkg/volume/configmap/configmap.go 

    		// change the permissions on the whole volume and not only in the timestamp directory.
		return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil))
	}
	err = writer.Write(payload, setPerms)
	if err != nil {
		klog.Errorf("Error writing payload to dir: %v", err)
		return err
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue May 14 06:17:25 UTC 2024
    - 10K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/volume/portworx/portworx.go 

    	if err := os.MkdirAll(dir, 0750); err != nil {
		return err
	}

	if err := b.manager.MountVolume(b, dir); err != nil {
		return err
	}
	if !b.readOnly {
		volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil))
	}
	klog.Infof("Portworx Volume %s setup at %s", b.volumeID, dir)
	return nil
}

func (pwx *portworxVolume) GetPath() string {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue May 14 06:17:25 UTC 2024
    - 13.6K bytes
    - Viewed (0)
  10. github.com/istio/istio

    tests/integration/pilot/testdata/upgrade/1.6.11-install.yaml.tar 

    /var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true - mountPath: /var/lib/istio/inject name: inject readOnly: true securityContext: fsGroup: 1337 serviceAccountName: istiod-service-account volumes: - emptyDir: medium: Memory name: local-certs - name: istio-token projected: sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: cacerts secret:...
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Jan 13 16:06:08 UTC 2021
    - 50K bytes
    - Viewed (0)
  11. github.com/kubernetes/kubernetes

    staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.json 

              "runAsGroup": 6,
          "runAsNonRoot": true,
          "supplementalGroups": [
            4
          ],
          "supplementalGroupsPolicy": "supplementalGroupsPolicyValue",
          "fsGroup": 5,
          "sysctls": [
            {
              "name": "nameValue",
              "value": "valueValue"
            }
          ],
          "fsGroupChangePolicy": "fsGroupChangePolicyValue",
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 53.9K bytes
    - Viewed (0)
Back to top