github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-13 21:25:09 +00:00
Code Issues Projects Releases Wiki Activity

Adds ReadOnlyRootFilesystem support for containers

Browse Source
This commit is contained in:
Nick Schuch
2016-02-12 08:31:26 +10:00
parent c30bffacc8
commit 5d511aeb54
18 changed files with 427 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/swagger-spec/extensions_v1beta1.json
View File

@@ -5635,6 +5635,10 @@
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"readOnlyRootFilesystem": {
"type": "boolean",
"description": "Whether this container has a read-only root filesystem. Default is false."
}
}
},

4
api/swagger-spec/v1.json
View File

@@ -16030,6 +16030,10 @@
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"readOnlyRootFilesystem": {
"type": "boolean",
"description": "Whether this container has a read-only root filesystem. Default is false."
}
}
},