mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-11 17:26:04 +00:00
Add explicit securityContext values to static Kubernetes policy workloads whose generated policy now includes image-derived identity data. Refresh existing guest-pull comments to point at the Limitations documentation instead of the old issue link. Signed-off-by: Manuel Huber <manuelh@nvidia.com> Assisted-by: OpenAI Codex <codex@openai.com>
31 lines
734 B
YAML
31 lines
734 B
YAML
#
|
|
# Copyright (c) 2019 Intel Corporation
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: initcontainer-shared-volume
|
|
spec:
|
|
runtimeClassName: kata
|
|
securityContext:
|
|
supplementalGroups: [10]
|
|
initContainers:
|
|
- name: first
|
|
image: quay.io/prometheus/busybox:latest
|
|
command: [ "sh", "-c", "echo ${EPOCHREALTIME//.} > /volume/initContainer" ]
|
|
volumeMounts:
|
|
- mountPath: /volume
|
|
name: volume
|
|
containers:
|
|
- name: last
|
|
image: quay.io/prometheus/busybox:latest
|
|
command: [ "sh", "-c", "echo ${EPOCHREALTIME//.} > /volume/container; tail -f /dev/null" ]
|
|
volumeMounts:
|
|
- mountPath: /volume
|
|
name: volume
|
|
volumes:
|
|
- name: volume
|
|
emptyDir: {}
|