Features not usually noticed in Kubernetes

Others 2020-09-18 17:40:05 views: null

1. Share process namespace between containers in Pod

kubernetes official website link
Process namespace sharing is enabled using the ShareProcessNamespace field in v1.PodSpec. E.g:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  shareProcessNamespace: true
  containers:
  - name: nginx
    image: nginx
  - name: shell
    image: busybox
    securityContext:
      capabilities:
        add:
        - SYS_PTRACE
    stdin: true
    tty: true

Insert picture description here

The container process no longer has it PID 1. In no PID 1case where the number of rejected containers start image (e.g., using systemd container), or refuse to execute kill -HUP 1the command or the like to notify the process vessel. In the process of having a shared namespace pod, the kill -HUP 1will notify the podsandbox (in the example above /pause).
Process to podbe seen in other containers. This includes /procall visible information, such as password passed as a parameter or environment variables. These routine by Unixprotection rights.
Container file system /proc/$pid/rootlinks podvisible to other containers. This makes debugging easier, but it also means that file system security is only protected by file system permissions.

Guess you like

Origin blog.csdn.net/Free_time_/article/details/107991699

Features not usually noticed in Kubernetes

kubernetes series of tutorials (a) Preliminary kubernetes features and components

Easy understanding of Kubernetes authentication features

[kubernetes] In-depth understanding of kuberneter features, detailed summary

Cloud native in-depth analysis of Kubernetes architecture and features

Features

Usually encountered linux command

Usually use the thread pool

Usually used sql

Usually crazy homework

Project a collation of changes noticed in the map js traversal order

What are some interesting facts about Python that are not easily noticed?

'The client noticed that the server is not a supported distribution of Elasticsearch' error and solution

Cloud Native Weekly: A List of New Features of Kubernetes v1.28 | 2023.8.14

The third detailed explanation of the new features of IntelliJ IDEA 2023.2! Docker, Kubernetes and more are supported!

Usually at the routine returns JSON data

Usually multi snap atmospheric chamber

Programmers usually by what the platform orders

Some problems that I usually encounter

Kubernetes внедряет канареечные выпуски путем последовательного развертывания обновлений.

Usually often say ThreadLocal, today solve it

Usually sieve method primes fast linear sieve

linux-usually used command summary

JavaScript function scope (usually tested in interviews, not to look at it)

Usually encountered development problems-continuous update

The points that I usually forget about developing mysql

Ai Yongliang: Have you noticed these details to increase user stickiness and create super products?

6 key points to note about performance testing in 2023 (see if you haven't noticed)

These three points are very important when choosing a traffic card. Have you noticed it?

No one noticed that the newly installed Ubuntu 23.04 does not support the installation of 32-bit applications

Recommended

Ranking

Override the watermark on the image: after pseudo-element

SGI-STL abbreviated (nine) - string (string / wstring)

How to align memory in the structure: take you to learn the case of 1+4=8

Linux chkconfig service registration (service registration script description)

What is separate from the main copy, read and write, why use

PCA Dimensionality Reduction (Principal Component Analysis)

springboot dynamic changes to the timing of tasks

Kafka works invasion deleted

List intersection, union, and difference

Cisco CCNP routing and switching Intermediate Course - Experiment 26: Named ACL configuration and analysis

Daily

More

2024-06-11(0)

2024-06-10(0)

2024-06-09(0)

2024-06-08(0)

2024-06-07(0)

2024-06-06(0)

2024-06-05(0)

2024-06-04(0)

2024-06-03(1)

2024-06-02(0)