kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added info about where to add/drop capabilities 

The user-guide did not mention where to drop/add capabilities in Kubernetes.
Added a link to the not yet complete API documentation and an example.
This commit is contained in:
Nicolai von Neudeck 2016-11-29 00:11:40 +01:00 committed by GitHub
parent db33439777
commit 537893253f
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/user-guide/containers.md
View File

@ -94,3 +94,24 @@ The relationship between Docker's capabilities and [Linux capabilities](http://m
| SETFCAP | CAP_SETFCAP |
| WAKE_ALARM | CAP_WAKE_ALARM |
| BLOCK_SUSPEND | CAP_BLOCK_SUSPEND |
Capabilities are added/dropped in the [`SecurityContext`](http://kubernetes.io/docs/api-reference/v1/definitions/#_v1_securitycontext), e.g.:
```
apiVersion: v1
kind: Pod
metadata:
name: hello-world
spec:
containers:
- name: friendly-container
image: "alpine:3.4"
command:
- echo "hello"
securityContext:
capabilities:
add:
- SYS_NICE
drop:
- KILL
```