真题环境模拟
工作节点安装 AppArmor
apt-get install apparmor-utils -y
apparmor_status创建自定义 AppArmor 配置文件
vim /etc/apparmor.d/nginx_apparmor
#include <tunables/global>
profile nginx-deny-write flags=(attach_disconnected) {
#include <abstractions/base>
file,
# 拒绝所有文件写入
deny /** w,
}创建 nginx-deploy.yaml 文件
kubectl create deploy nginx-deploy --image=nginx --dry-run=client -o yaml > nginx-deploy.yaml
cat nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-deploy
name: nginx-deploy
spec:
replicas: 1
selector:
matchLabels:
app: nginx-deploy
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx-deploy
spec:
containers:
- image: nginx
name: nginx
resources: {}
status: {}Last updated