- Sort Score
- Result 10 results
- Languages All
Results 141 - 150 of 330 for fsGroup (0.16 sec)
-
plugin/pkg/admission/security/podsecurity/testdata/pod_baseline.yaml
preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 seccompProfile: type: RuntimeDefault supplementalGroups: - 65534 serviceAccount: kube-dns serviceAccountName: kube-dns terminationGracePeriodSeconds: 30 tolerations:
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Oct 04 16:26:30 UTC 2021 - 18.1K bytes - Viewed (0) -
pkg/volume/downwardapi/downwardapi.go
// change the permissions on the whole volume and not only in the timestamp directory. return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) } err = writer.Write(data, setPerms) if err != nil { klog.Errorf("Error writing payload to dir: %v", err) return err }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 10.4K bytes - Viewed (0) -
plugin/pkg/admission/security/podsecurity/testdata/pod_restricted.yaml
preemptionPolicy: PreemptLowerPriority priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 seccompProfile: type: RuntimeDefault supplementalGroups: - 65534 serviceAccount: kube-dns serviceAccountName: kube-dns terminationGracePeriodSeconds: 30 tolerations:
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Oct 04 16:26:30 UTC 2021 - 18.3K bytes - Viewed (0) -
tests/integration/pilot/testdata/upgrade/1.9.5-install.yaml.tar
rvice` .Values.global.proxy.capNetBindService) `true` -}} - NET_BIND_SERVICE {{- end }} {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesyst: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot:...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jun 01 19:57:24 UTC 2021 - 80K bytes - Viewed (0) -
tests/integration/pilot/testdata/upgrade/1.10.0-install.yaml.tar
rvice` .Values.global.proxy.capNetBindService) `true` -}} - NET_BIND_SERVICE {{- end }} {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesyst: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot:...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Jun 01 19:57:24 UTC 2021 - 80K bytes - Viewed (0) -
CHANGELOG/CHANGELOG-1.2.md
* Whether all containers should be non-root * Supplemental Groups * FSGroup - a special supplemental group * SELinux options * If a pod defines an FSGroup, that Pod’s system (emptyDir, secret, configMap, etc) volumes and block-device volumes will be owned by the FSGroup, and each container in the pod will run with the FSGroup as a supplemental group
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Dec 04 06:36:19 UTC 2020 - 41.4K bytes - Viewed (0) -
pkg/volume/configmap/configmap.go
// change the permissions on the whole volume and not only in the timestamp directory. return volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, nil /*fsGroupChangePolicy*/, volumeutil.FSGroupCompleteHook(b.plugin, nil)) } err = writer.Write(payload, setPerms) if err != nil { klog.Errorf("Error writing payload to dir: %v", err) return err }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 10K bytes - Viewed (0) -
pkg/volume/portworx/portworx.go
if err := os.MkdirAll(dir, 0750); err != nil { return err } if err := b.manager.MountVolume(b, dir); err != nil { return err } if !b.readOnly { volume.SetVolumeOwnership(b, dir, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy, util.FSGroupCompleteHook(b.plugin, nil)) } klog.Infof("Portworx Volume %s setup at %s", b.volumeID, dir) return nil } func (pwx *portworxVolume) GetPath() string {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 13.6K bytes - Viewed (0) -
tests/integration/pilot/testdata/upgrade/1.6.11-install.yaml.tar
/var/run/secrets/tokens name: istio-token readOnly: true - mountPath: /var/run/secrets/istio-dns name: local-certs - mountPath: /etc/cacerts name: cacerts readOnly: true - mountPath: /var/lib/istio/inject name: inject readOnly: true securityContext: fsGroup: 1337 serviceAccountName: istiod-service-account volumes: - emptyDir: medium: Memory name: local-certs - name: istio-token projected: sources: - serviceAccountToken: audience: istio-ca expirationSeconds: 43200 path: istio-token - name: cacerts secret:...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jan 13 16:06:08 UTC 2021 - 50K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.json
"runAsGroup": 6, "runAsNonRoot": true, "supplementalGroups": [ 4 ], "supplementalGroupsPolicy": "supplementalGroupsPolicyValue", "fsGroup": 5, "sysctls": [ { "name": "nameValue", "value": "valueValue" } ], "fsGroupChangePolicy": "fsGroupChangePolicyValue",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 53.9K bytes - Viewed (0)