本文总结了Docker和Kubernetes(k8s)的安全设置资源,包括安全配置链接和如何强制记录堆栈跟踪。当Docker守护进程无响应时,可以发送SIGUSR1信号使其记录完整堆栈跟踪。在遇到gdb在Docker中运行时的ptrace权限错误时,可通过添加--privileged选项来解决。
安全设置相关
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://learn.cisecurity.org/benchmarks
https://docs.docker.com/engine/security/
配置
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
相关命令
Force a stack trace to be logged
If the daemon is unresponsive, you can force a full stack trace to be logged by sending a SIGUSR1 signal to the daemon.
• Linux:
• $ sudo kill -SIGUSR1 $(pidof dockerd)
• Look in the Docker logs for a message like the following:
• …goroutine stacks written to /var/run/docker/goroutine-stacks-2017-06-02T193336z.log
订阅专栏 解锁全文
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
