真题解析2

题目

修改运行在 namespace app，名为 lamp-deployment 的现有 Deployment，使其 containers：

使用用户 ID 30000 运行
使用一个只读的根文件系统
禁止 privilege escalation

解析

编辑 Deployment lamp-deployment

# kubectl edit deploy lamp-deployment -n app
    spec:
      containers:
      - image: redis
        imagePullPolicy: Always
        name: redis
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        securityContext:  # 添加此项配置
          runAsUser: 30000
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false

Previous真题环境模拟 Next真题环境模拟2

Last updated 1 year ago