Merge pull request #33291 from kinzhi/kinzhi52

k8s-ci-robot · web-flow · commit a66ba6a53ebd · 2022-04-30T05:37:12.000-07:00
[zh]Sync content/zh/examples/policy/restricted-psp.yaml
diff --git a/content/zh/examples/policy/restricted-psp.yaml b/content/zh/examples/policy/restricted-psp.yaml
@@ -3,6 +3,7 @@ kind: PodSecurityPolicy
 metadata:
   name: restricted
   annotations:
+    # docker/default 标识 seccomp 的配置文件，但它与 Docker 运行时没有特别关联
     seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
     apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
     apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
@@ -45,3 +46,4 @@ spec:
       - min: 1
         max: 65535
   readOnlyRootFilesystem: false
+
