File tree Expand file tree Collapse file tree 1 file changed +46
-0
lines changed Expand file tree Collapse file tree 1 file changed +46
-0
lines changed Original file line number Diff line number Diff line change @@ -216,14 +216,60 @@ You can drop all capabilites from containers by setting the `requiredDropCapabil
216216
217217* `MustRunAs` - Requires a `runAsUser` to be configured. Uses the configured
218218`runAsUser` as the default. Validates against the configured `runAsUser`.
219+
220+ +
221+ .Example `MustRunAs` snippet
222+ [source,yaml]
223+ ----
224+ ...
225+ runAsUser:
226+ type: MustRunAs
227+ uid: <id>
228+ ...
229+ ----
230+
219231* `MustRunAsRange` - Requires minimum and maximum values to be defined if not
220232using pre-allocated values. Uses the minimum as the default. Validates against
221233the entire allowable range.
234+
235+ +
236+ .Example `MustRunAsRange` snippet
237+ [source,yaml]
238+ ----
239+ ...
240+ runAsUser:
241+ type: MustRunAsRange
242+ uidRangeMax: <maxvalue>
243+ uidRangeMin: <minvalue>
244+ ...
245+ ----
246+
222247* `MustRunAsNonRoot` - Requires that the pod be submitted with a non-zero
223248`runAsUser` or have the `USER` directive defined in the image. No default
224249provided.
250+
251+ +
252+ .Example `MustRunAsNonRoot` snippet
253+ [source,yaml]
254+ ----
255+ ...
256+ runAsUser:
257+ type: MustRunAsNonRoot
258+ ...
259+ ----
260+
225261* `RunAsAny` - No default provided. Allows any `runAsUser` to be specified.
226262
263+ +
264+ .Example `RunAsAny` snippet
265+ [source,yaml]
266+ ----
267+ ...
268+ runAsUser:
269+ type: RunAsAny
270+ ...
271+ ----
272+
227273.SELinuxContext
228274
229275* `MustRunAs` - Requires `seLinuxOptions` to be configured if not using
You can’t perform that action at this time.
0 commit comments