kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #36890 from windsonsea/nslvl 

[zh]Sync /tutorials/security/ns-level-pss.md
This commit is contained in:
Kubernetes Prow Robot 2022-09-18 23:44:30 -07:00 committed by GitHub
parent 0d74ec5dd8 fcbf89b8eb
commit 6897c0e5fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/zh-cn/docs/tutorials/security/ns-level-pss.md
View File

@ -61,8 +61,10 @@ Install the following on your workstation:
```shell
kind create cluster --name psa-ns-level --image kindest/node:v1.23.0
```
<!-- The output is similar to this: -->
输出类似于:
```
Creating cluster "psa-ns-level" ...
✓ Ensuring node image (kindest/node:v1.23.0) 🖼
@ -81,11 +83,14 @@ Install the following on your workstation:
<!-- 1. Set the kubectl context to the new cluster: -->
1. 将 kubectl 上下文设置为新集群:
```shell
kubectl cluster-info --context kind-psa-ns-level
```
<!-- The output is similar to this: -->
<!-- The output is similar to this: -->
输出类似于:
```
Kubernetes control plane is running at https://127.0.0.1:50996
CoreDNS is running at https://127.0.0.1:50996/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
@ -158,7 +163,7 @@ namespace/example created
-->
## 验证 Pod 安全标准 {#verify-the-pod-security-standards}
1. 在 `example` 名字空间中创建一个最小的 pod
1. 在 `example` 名字空间中创建一个最小的 Pod
```shell
cat <<EOF > /tmp/pss/nginx-pod.yaml
@ -179,11 +184,14 @@ namespace/example created
2. Apply the pod spec to the cluster in `example` namespace:
-->
1. 将 Pod 规约应用到集群中的 `example` 名字空间中:
```shell
kubectl apply -n example -f /tmp/pss/nginx-pod.yaml
```
<!-- The output is similar to this: -->
输出类似于:
```
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nginx" must set securityContext allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext seccompProfile.type to "RuntimeDefault" or "Localhost")
pod/nginx created
@ -216,11 +224,11 @@ with no warnings.
<!--
## Clean up
Run `kind delete cluster -name psa-ns-level` to delete the cluster created.
Run `kind delete cluster --name psa-ns-level` to delete the cluster created.
-->
## 清理 {#clean-up}
运行 `kind delete cluster -name psa-ns-level` 删除创建的集群。
运行 `kind delete cluster --name psa-ns-level` 删除创建的集群。
## {{% heading "whatsnext" %}}