K8S configures the security context securityContext for Pod or container to solve the problem of Docker container limiting the number of file handles

Others 2020-10-19 11:31:40 views: null

Article Directory

One, the problem
- - Talking about Docker security support
Two, the solution

One, the problem

I need to set the maximum number of file handles in the container to 204800, but it is rejected. This is caused by Docker's own security mechanism

Talking about Docker security support

Insert picture description here

Two, the solution

`方法一：简单粗暴`

Set the container to privileged mode, but the security is not high

Add the following two lines to the yaml file

securityContext:
      privileged: true

Insert picture description here

kubectl apply -f pod-01.yaml			#发现有如下报错

Insert picture description here
Need to delete the previous Pod, and then execute kubectl apply

kubectl delete -f pod-01.yaml
kubectl apply -f pod-01.yaml

Insert picture description here
No error is reported this time, enter the container

kubectl exec -it pod-01 bash
ulimit -n 204800

Set successfully
Insert picture description here

`方法二：温柔可佳`

Add the capabilities in the CAP_SYS_RESOURCEcapabilities to the container , with high security
Insert picture description here

Capability introduction click here

securityContext:
      capabilities:
        add: ["SYS_RESOURCE"]

Insert picture description here

Guess you like

Origin blog.csdn.net/anqixiang/article/details/108546101

K8S configures the security context securityContext for Pod or container to solve the problem of Docker container limiting the number of file handles

Probe of k8s Pod container

k8s deployment docker container

Solve the problem that the k8s container mount directory cannot be written

Container pod, the log path location of nginx in k8s

Pod container resource limitations of k8s

File copy of docker container

docker container version of the problem

Docker's Container (container) Introduction

Docker file of Docker container technology

Solve the problem of "In Pod container, without sudo permission, unable to install software and perform specific operations"

[Container] Docker security and log management

Open the door to the world of container: Docker, Exploration POD

Rancher entry to the master zone when the container -2.0 K8S autoconfiguration -Pod Preset

K8S Pod configuration advanced 1 container field explanation

The port for k8s external access to the internal container of the pod - NodePort

Linux cloud computing architecture-docker container configures static IP address, configures registry private warehouse, configures harbor private warehouse, uses aliyun's container mirroring service

Docker introduced into a container file sql

File import and export of docker container

Docker container and local file transfer

Docker container Mysql connection problem

docker container docker container

The initialization container Init Container Pod

Kubernetes Pod resource initialization container concept (8)

docker container command, docker file related concepts

Solve the problem of kali container name conflict

Docker container internal Chinese garbled solve

Docker container (Container)

Docker Container (container) - 6

Docker problem: The container cannot access the host's PORTS

Recommended

Ranking

#2019110700005

What materials and procedures are required for patent transfer

What is the blockchain Ethereum triplet state root transaction root receipt root

Front-end study notes 04 --- About the insertion of html pictures and videos

Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries

2017 Qingdao-site tournament I The Squared Mosquito Coil

[BZOJ3165][HEOI2013]Segment (line segment tree without marking)

Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju

The latest tutorial on making framework for iOS

DAX Section 6: Statistical Functions

Daily

More

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)