@@ -10,7 +10,9 @@ weight: 10
10
10
-->
11
11
12
12
{{% alert title="Note" %}}
13
- <!-- This tutorial applies only for new clusters. -->
13
+ <!--
14
+ This tutorial applies only for new clusters.
15
+ -->
14
16
本教程仅适用于新集群。
15
17
{{% /alert %}}
16
18
@@ -48,7 +50,7 @@ Pod 安全准入是在创建 Pod 时应用
48
50
Install the following on your workstation:
49
51
50
52
- [KinD](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
51
- - [kubectl](https://kubernetes.io /docs/tasks/tools/)
53
+ - [kubectl](/docs/tasks/tools/)
52
54
-->
53
55
在你的工作站中安装以下内容:
54
56
@@ -76,7 +78,7 @@ that are most appropriate for your configuration, do the following:
76
78
77
79
<!--
78
80
1. Create a cluster with no Pod Security Standards applied:
79
- -->
81
+ -->
80
82
1 . 创建一个没有应用 Pod 安全标准的集群:
81
83
82
84
``` shell
@@ -98,7 +100,6 @@ that are most appropriate for your configuration, do the following:
98
100
kubectl cluster-info --context kind-psa-wo-cluster-pss
99
101
100
102
Thanks for using kind! 😊
101
-
102
103
```
103
104
104
105
<!--
@@ -111,11 +112,11 @@ that are most appropriate for your configuration, do the following:
111
112
```
112
113
<!-- The output is similar to this: -->
113
114
输出类似于:
114
-
115
115
```
116
- Kubernetes control plane is running at https://127.0.0.1:61350
116
+ Kubernetes control plane is running at https://127.0.0.1:61350
117
+
117
118
CoreDNS is running at https://127.0.0.1:61350/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
118
-
119
+
119
120
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
120
121
```
121
122
@@ -141,7 +142,7 @@ that are most appropriate for your configuration, do the following:
141
142
<!--
142
143
1. Use `--dry-run=server` to understand what happens when different Pod Security Standards
143
144
are applied:
144
- -->
145
+ -->
145
146
4 . 使用 ` --dry-run=server ` 来了解应用不同的 Pod 安全标准时会发生什么:
146
147
147
148
1 . Privileged
@@ -159,7 +160,7 @@ that are most appropriate for your configuration, do the following:
159
160
namespace/local-path-storage labeled
160
161
```
161
162
2. Baseline
162
- ` ` ` shell
163
+ ` ` ` shell
163
164
kubectl label --dry-run=server --overwrite ns --all \
164
165
pod-security.kubernetes.io/enforce=baseline
165
166
` ` `
@@ -280,16 +281,17 @@ following:
280
281
namespaces: [ kube-system]
281
282
EOF
282
283
```
283
- {{< note >}}
284
- <!--
285
- `pod-security.admission.config.k8s.io/v1` configuration requires v1.25+.
286
- For v1.23 and v1.24, use [v1beta1](https://v1-24.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
287
- For v1.22, use [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
288
- -->
284
+
285
+ {{< note >}}
286
+ <!--
287
+ `pod-security.admission.config.k8s.io/v1` configuration requires v1.25+.
288
+ For v1.23 and v1.24, use [v1beta1](https://v1-24.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
289
+ For v1.22, use [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/).
290
+ -->
289
291
`pod-security.admission.config.k8s.io/v1` 配置需要 v1.25+。
290
- 对于 v1.23 和 v1.24,使用 [v1beta1](https://v1-24.docs.kubernetes.io/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。
291
- 对于 v1.22,使用 [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。
292
- {{< /note >}}
292
+ 对于 v1.23 和 v1.24,使用 [v1beta1](https://v1-24.docs.kubernetes.io/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。
293
+ 对于 v1.22,使用 [v1alpha1](https://v1-22.docs.kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/)。
294
+ {{< /note >}}
293
295
294
296
<!--
295
297
1. Configure the API server to consume this file during cluster creation:
@@ -439,7 +441,7 @@ created.
439
441
[shell script](/examples/security/kind-with-cluster-level-baseline-pod-security.sh)
440
442
to perform all the preceding steps at once:
441
443
1. Create a Pod Security Standards based cluster level Configuration
442
- 2. Create a file to let API server consumes this configuration
444
+ 2. Create a file to let API server consume this configuration
443
445
3. Create a cluster that creates an API server with this configuration
444
446
4. Set kubectl context to this new cluster
445
447
5. Create a minimal pod yaml file
0 commit comments