Overview

File neuvector.yaml of Package neuvector-demo

# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-4.3.1

# NOTE: If you generated this yaml from an unprivileged and rootless podman container on an SELinux
# enabled system, check the podman generate kube man page for steps to follow to ensure that your pod/container
# has the right permissions to access the volumes added.
---
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2023-01-17T09:16:21Z"
  labels:
    app: neuvector
  name: neuvector
spec:
  ports:
  - name: "8443"
    nodePort: 32096
    port: 8443
    targetPort: 8443
  selector:
    app: neuvector
  type: NodePort
---
apiVersion: v1
kind: Pod
shareProcessNamespace: true
metadata:
  annotations:
    io.kubernetes.cri-o.TTY/allinone: "false"
    io.kubernetes.cri-o.TTY/scanner: "false"
    io.podman.annotations.autoremove/allinone: "FALSE"
    io.podman.annotations.autoremove/scanner: "FALSE"
    io.podman.annotations.init/allinone: "FALSE"
    io.podman.annotations.init/scanner: "FALSE"
    io.podman.annotations.privileged/allinone: "TRUE"
    io.podman.annotations.privileged/scanner: "FALSE"
    io.podman.annotations.publish-all/allinone: "FALSE"
    io.podman.annotations.publish-all/scanner: "FALSE"
    io.podman.annotations.label: "disable"
    io.podman.annotations.label/allinone: "disable"
    io.podman.annotations.label/scanner: "disable"
  creationTimestamp: "2023-01-17T09:16:21Z"
  labels:
    app: neuvector
  name: neuvector
spec:
  hostPID: true
  automountServiceAccountToken: false
  containers:
  - env:
    - name: CLUSTER_JOIN_ADDR
      value: neuvector
    - name: NV_PLATFORM_INFO
      value: platform=docker
    image: docker.io/neuvector/allinone:latest
    name: allinone
    ports:
    - containerPort: 8443
      hostPort: 8443
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /lib/modules
      name: lib-modules-host-0
      readOnly: true
    - mountPath: /var/neuvector
      name: var-neuvector-host-1
    - mountPath: /var/run/docker.sock
      name: run-podman-podman.sock-host-2
      readOnly: true
    - mountPath: /host/proc
      name: proc-host-3
      readOnly: true
    - mountPath: /host/cgroup
      name: sys-fs-cgroup-host-4
      readOnly: true
  - env:
    - name: CLUSTER_JOIN_ADDR
      value: neuvector
    image: docker.io/neuvector/scanner:latest
    name: scanner
    securityContext:
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
  enableServiceLinks: false
  volumes:
  - hostPath:
      path: /lib/modules
      type: Directory
    name: lib-modules-host-0
  - hostPath:
      path: /var/neuvector
      type: DirectoryOrCreate
    name: var-neuvector-host-1
  - hostPath:
      path: /run/podman/podman.sock
      type: File
    name: run-podman-podman.sock-host-2
  - hostPath:
      path: /proc
      type: Directory
    name: proc-host-3
  - hostPath:
      path: /sys/fs/cgroup
      type: Directory
    name: sys-fs-cgroup-host-4
openSUSE Build Service is sponsored by
Places