sync en zh example yaml (#19778)

tanjunchen · web-flow · commit 09fc6f9e03c1 · 2020-03-22T20:32:45.000-07:00
diff --git a/content/zh/examples/policy/restricted-psp.yaml b/content/zh/examples/policy/restricted-psp.yaml
@@ -1,48 +1,48 @@
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: restricted
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-spec:
-  privileged: false
-  # Required to prevent escalations to root.
-  allowPrivilegeEscalation: false
-  # This is redundant with non-root + disallow privilege escalation,
-  # but we can provide it for defense in depth.
-  requiredDropCapabilities:
-    - ALL
-  # Allow core volume types.
-  volumes:
-    - 'configMap'
-    - 'emptyDir'
-    - 'projected'
-    - 'secret'
-    - 'downwardAPI'
-    # Assume that persistentVolumes set up by the cluster admin are safe to use.
-    - 'persistentVolumeClaim'
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    # Require the container to run without root privileges.
-    rule: 'MustRunAsNonRoot'
-  seLinux:
-    # This policy assumes the nodes are using AppArmor rather than SELinux.
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      # Forbid adding the root group.
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: restricted
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  # This is redundant with non-root + disallow privilege escalation,
+  # but we can provide it for defense in depth.
+  requiredDropCapabilities:
+    - ALL
+  # Allow core volume types.
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    # Assume that persistentVolumes set up by the cluster admin are safe to use.
+    - 'persistentVolumeClaim'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
diff --git a/content/zh/examples/windows/emptydir-pod.yaml b/content/zh/examples/windows/emptydir-pod.yaml
@@ -1,20 +1,20 @@
- apiVersion: v1
- kind: Pod
- metadata:
-   name: my-empty-dir-pod
- spec:
-   containers:
-   - image: microsoft/windowsservercore:1709
-     name: my-empty-dir-pod
-     volumeMounts:
-     - mountPath: /cache
-       name: cache-volume
-     - mountPath: C:/scratch
-       name: scratch-volume
-   volumes:
-   - name: cache-volume
-     emptyDir: {}
-   - name: scratch-volume
-     emptyDir: {}
-   nodeSelector:
-     beta.kubernetes.io/os: windows
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-empty-dir-pod
+spec:
+  containers:
+  - image: microsoft/windowsservercore:1709
+    name: my-empty-dir-pod
+    volumeMounts:
+    - mountPath: /cache
+      name: cache-volume
+    - mountPath: C:/scratch
+      name: scratch-volume
+  volumes:
+  - name: cache-volume
+    emptyDir: {}
+  - name: scratch-volume
+    emptyDir: {}
+  nodeSelector:
+    beta.kubernetes.io/os: windows
diff --git a/content/zh/examples/windows/run-as-username-container.yaml b/content/zh/examples/windows/run-as-username-container.yaml
@@ -1,17 +1,17 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: run-as-username-container-demo
-spec:
-  securityContext:
-    windowsOptions:
-      runAsUserName: "ContainerUser"
-  containers:
-  - name: run-as-username-demo
-    image: mcr.microsoft.com/windows/servercore:ltsc2019
-    command: ["ping", "-t", "localhost"]
-    securityContext:
-        windowsOptions:
-            runAsUserName: "ContainerAdministrator"
-  nodeSelector:
-    beta.kubernetes.io/os: windows
+apiVersion: v1
+kind: Pod
+metadata:
+  name: run-as-username-container-demo
+spec:
+  securityContext:
+    windowsOptions:
+      runAsUserName: "ContainerUser"
+  containers:
+  - name: run-as-username-demo
+    image: mcr.microsoft.com/windows/servercore:ltsc2019
+    command: ["ping", "-t", "localhost"]
+    securityContext:
+        windowsOptions:
+            runAsUserName: "ContainerAdministrator"
+  nodeSelector:
+    kubernetes.io/os: windows
diff --git a/content/zh/examples/windows/run-as-username-pod.yaml b/content/zh/examples/windows/run-as-username-pod.yaml
@@ -1,14 +1,14 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: run-as-username-pod-demo
-spec:
-  securityContext:
-    windowsOptions:
-      runAsUserName: "ContainerUser"
-  containers:
-  - name: run-as-username-demo
-    image: mcr.microsoft.com/windows/servercore:ltsc2019
-    command: ["ping", "-t", "localhost"]
-  nodeSelector:
-    beta.kubernetes.io/os: windows
+apiVersion: v1
+kind: Pod
+metadata:
+  name: run-as-username-pod-demo
+spec:
+  securityContext:
+    windowsOptions:
+      runAsUserName: "ContainerUser"
+  containers:
+  - name: run-as-username-demo
+    image: mcr.microsoft.com/windows/servercore:ltsc2019
+    command: ["ping", "-t", "localhost"]
+  nodeSelector:
+    kubernetes.io/os: windows
