这边使用kubectl部署了NebulaGraph-v3.4.1版本,yaml文件如下所示,
apiVersion: apps.nebula-graph.io/v1alpha1
kind: NebulaCluster
metadata:
name: nebula
spec:
graphd:
resources:
requests:
cpu: "500m"
memory: "500Mi"
limits:
cpu: "1"
memory: "1Gi"
replicas: 1
image: vesoft/nebula-graphd
version: v3.4.1
logVolumeClaim:
resources:
requests:
storage: 2Gi
storageClassName: fast-disks
metad:
resources:
requests:
cpu: "500m"
memory: "500Mi"
limits:
cpu: "1"
memory: "1Gi"
replicas: 1
image: vesoft/nebula-metad
version: v3.4.1
logVolumeClaim:
resources:
requests:
storage: 2Gi
storageClassName: fast-disks
dataVolumeClaim:
resources:
requests:
storage: 2Gi
storageClassName: fast-disks
storaged:
resources:
requests:
cpu: "500m"
memory: "500Mi"
limits:
cpu: "1"
memory: "1Gi"
replicas: 1
image: vesoft/nebula-storaged
version: v3.4.1
logVolumeClaim:
resources:
requests:
storage: 2Gi
storageClassName: fast-disks
dataVolumeClaims: # 从 Operator 1.3.0 开始,支持挂载多个数据盘。
- resources:
requests:
storage: 2Gi
storageClassName: fast-disks
- resources:
requests:
storage: 2Gi
storageClassName: fast-disks
enableAutoBalance: true
reference:
name: statefulsets.apps
version: v1
schedulerName: default-scheduler
nodeSelector:
nebula: cloud
imagePullPolicy: Always
unsatisfiableAction: ScheduleAnyway
如何在这份yaml文件中配置安全上下文以限制内核功能,例如添加以下配置
securityContext:
privileged: false
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
希望有大佬帮忙解答,谢谢