如何为 NebulaGraph 集群配置安全上下文以限制内核功能

这边使用kubectl部署了NebulaGraph-v3.4.1版本,yaml文件如下所示,

apiVersion: apps.nebula-graph.io/v1alpha1
kind: NebulaCluster
metadata:
  name: nebula
spec:
  graphd:
    resources:
      requests:
        cpu: "500m"
        memory: "500Mi"
      limits:
        cpu: "1"
        memory: "1Gi"
    replicas: 1
    image: vesoft/nebula-graphd
    version: v3.4.1
    logVolumeClaim:
      resources:
        requests:
          storage: 2Gi
      storageClassName: fast-disks
  metad:
    resources:
      requests:
        cpu: "500m"
        memory: "500Mi"
      limits:
        cpu: "1"
        memory: "1Gi"
    replicas: 1
    image: vesoft/nebula-metad
    version: v3.4.1
    logVolumeClaim:
      resources:
        requests:
          storage: 2Gi
      storageClassName: fast-disks
    dataVolumeClaim:
      resources:
        requests:
          storage: 2Gi
      storageClassName: fast-disks
  storaged:
    resources:
      requests:
        cpu: "500m"
        memory: "500Mi"
      limits:
        cpu: "1"
        memory: "1Gi"
    replicas: 1
    image: vesoft/nebula-storaged
    version: v3.4.1
    logVolumeClaim:
      resources:
        requests:
          storage: 2Gi
      storageClassName: fast-disks
    dataVolumeClaims:   # 从 Operator 1.3.0 开始,支持挂载多个数据盘。
    - resources:
        requests:
          storage: 2Gi
      storageClassName: fast-disks
    - resources:
        requests:
          storage: 2Gi
      storageClassName: fast-disks    
    enableAutoBalance: true
  reference:
    name: statefulsets.apps
    version: v1
  schedulerName: default-scheduler
  nodeSelector:
    nebula: cloud
  imagePullPolicy: Always
  unsatisfiableAction: ScheduleAnyway

如何在这份yaml文件中配置安全上下文以限制内核功能,例如添加以下配置

securityContext:
  privileged: false
  allowPrivilegeEscalation: false
  capabilities:
    add:
      - NET_BIND_SERVICE
    drop:
      - all

希望有大佬帮忙解答,谢谢

securityContext 是针对 pod 或 container 的设置。FYI. Configure a Security Context for a Pod or Container | Kubernetes

此话题已在最后回复的 30 天后被自动关闭。不再允许新回复。