是否要列出所有的安全上下文,包括默认的和定义的:
<<ol>荚水平/gh><<li>容器水平/gh>使用kubectl get pod -o yaml只显示清单中spec.securityContext和spec.containers[*].securityContext中定义的,没有默认的?
给你,来源可以在这篇中等文章中找到:
kubectl get pods --all-namespaces -o go-template
--template='{{range .items}}{{"pod: "}}{{.metadata.name}}
{{if .spec.securityContext}}
PodSecurityContext:
{{"runAsGroup: "}}{{.spec.securityContext.runAsGroup}}
{{"runAsNonRoot: "}}{{.spec.securityContext.runAsNonRoot}}
{{"runAsUser: "}}{{.spec.securityContext.runAsUser}} {{if .spec.securityContext.seLinuxOptions}}
{{"seLinuxOptions: "}}{{.spec.securityContext.seLinuxOptions}} {{end}}
{{else}}PodSecurity Context is not set
{{end}}{{range .spec.containers}}
{{"container name: "}}{{.name}}
{{"image: "}}{{.image}}{{if .securityContext}}
{{"allowPrivilegeEscalation: "}}{{.securityContext.allowPrivilegeEscalation}} {{if .securityContext.capabilities}}
{{"capabilities: "}}{{.securityContext.capabilities}} {{end}}
{{"privileged: "}}{{.securityContext.privileged}} {{if .securityContext.procMount}}
{{"procMount: "}}{{.securityContext.procMount}} {{end}}
{{"readOnlyRootFilesystem: "}}{{.securityContext.readOnlyRootFilesystem}}
{{"runAsGroup: "}}{{.securityContext.runAsGroup}}
{{"runAsNonRoot: "}}{{.securityContext.runAsNonRoot}}
{{"runAsUser: "}}{{.securityContext.runAsUser}} {{if .securityContext.seLinuxOptions}}
{{"seLinuxOptions: "}}{{.securityContext.seLinuxOptions}} {{end}}{{if .securityContext.windowsOptions}}
{{"windowsOptions: "}}{{.securityContext.windowsOptions}} {{end}}
{{else}}
SecurityContext is not set
{{end}}
{{end}}{{end}}'