{"id":33418,"date":"2023-07-20T17:21:59","date_gmt":"2022-12-14T02:43:54","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/"},"modified":"2024-04-30T14:29:55","modified_gmt":"2024-04-30T06:29:55","slug":"%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/","title":{"rendered":"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 &#8211; \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09"},"content":{"rendered":"<h2>\u73af\u5883\u3002<\/h2>\n<ol>Minikube\u7248\u672c\uff1av1.16.0\u3002<\/ol>\n<h2>\u7b2c\u4e00\u9879\u9a8c\u8bc1\uff1a\u4f7f\u7528\u201cbusybox\u201d\u8fdb\u884c\u9a8c\u8bc1\u3002<\/h2>\n<h2>\u6b65\u9aa4<\/h2>\n<p>\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u7533\u8bf7\u4f7f\u7528busypod\u7684yaml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code>kubectl run busybox --image=busybox --restart=Never --dry-run=client -o=yaml -- sleep 3600 &gt; pod_busybox3600.yaml\r\n<\/code><\/pre>\n<p>\u4f7f\u7528\u6587\u672c\u7f16\u8f91\u5668\u6765\u7f16\u8f91\u5df2\u7ecf\u751f\u6210\u7684yaml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code>apiVersion: v1kind: Pod\r\nmetadata:\r\n  creationTimestamp: null\r\n  labels:\r\n    run: busybox\r\n  name: busybox\r\nspec:\r\n  containers:\r\n  - args:\r\n    - sleep\r\n    - \"3600\"\r\n    image: busybox\r\n    name: busybox\r\n    resources: {\u200b\u200b\u200b\u200b\u200b\u200b\u200b}\u200b\u200b\u200b\u200b\u200b\u200b\u200b\r\n  securityContext:            \u2190\u3053\u3053\u3092\u8ffd\u8a18\r\n    runAsUser: 1000            \u2190\u3053\u3053\u3092\u8ffd\u8a18\r\n  dnsPolicy: ClusterFirst\r\n  restartPolicy: Never\r\nstatus: {\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b}\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u5df2\u521b\u5efa\u7684yaml\u6587\u4ef6\u662f\u5426\u6b63\u786e\u3002<\/p>\n<pre class=\"post-pre\"><code>kubectl apply -f pod_busybox3600.yaml --dry-run=client -o=yaml\r\n<\/code><\/pre>\n<pre class=\"post-pre\"><code>apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n\u00a0\u00a0annotations:\r\n\u00a0 \u00a0 {\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u8a18\u8f09\u7701\u7565}\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\r\n\u00a0\u00a0creationTimestamp: null\r\n\u00a0\u00a0labels:\r\n\u00a0\u00a0\u00a0\u00a0run: busybox\r\n\u00a0\u00a0name: busybox\r\n\u00a0\u00a0namespace: default\r\nspec:\r\n\u00a0\u00a0containers:\r\n\u00a0\u00a0- args:\r\n\u00a0\u00a0\u00a0\u00a0- sleep\r\n\u00a0\u00a0\u00a0\u00a0- \"3600\"\r\n\u00a0\u00a0\u00a0\u00a0image: busybox\r\n\u00a0\u00a0\u00a0\u00a0name: busybox\r\n\u00a0\u00a0\u00a0\u00a0resources: {\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b}\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\r\n\u00a0\u00a0dnsPolicy: ClusterFirst\r\n\u00a0\u00a0restartPolicy: Never\r\n\u00a0\u00a0securityContext:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u2190\u3053\u3053\u3092\u30c1\u30a7\u30c3\u30af\r\n\u00a0\u00a0\u00a0\u00a0runAsUser: 1000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u2190\u3053\u3053\u3092\u30c1\u30a7\u30c3\u30af\r\nstatus: {\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b}\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u200b\r\n<\/code><\/pre>\n<p>\u4f7f\u7528\u521b\u5efa\u7684yaml\u6587\u4ef6\u5e94\u7528busybox\u3002<\/p>\n<pre class=\"post-pre\"><code>kubectl apply -f pod_busybox3600.yaml\r\n<\/code><\/pre>\n<p>\u786e\u8ba4Pod\u7684\u72b6\u6001<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl get pod\r\nNAME      READY   STATUS    RESTARTS   AGE\r\nbusybox   1\/1     Running   0          7s\r\n<\/code><\/pre>\n<p>\u786e\u5b9a\u5728\u542f\u52a8\u4e4b\u524d\u662f\u5426\u6ca1\u6709\u4efb\u4f55\u95ee\u9898<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl describe pod busybox\r\nName:         busybox\r\nNamespace:    default\r\nPriority:     0\r\n\r\n{\u8a18\u8f09\u7701\u7565}\r\n\r\nEvents:\r\n  Type    Reason     Age   From               Message\r\n  ----    ------     ----  ----               -------\r\n  Normal  Scheduled  47s   default-scheduler  Successfully assigned default\/busybox to minikube\r\n  Normal  Pulling    46s   kubelet            Pulling image \"busybox\"\r\n  Normal  Pulled     43s   kubelet            Successfully pulled image \"busybox\" in 3.178333781s\r\n  Normal  Created    43s   kubelet            Created container busybox\r\n  Normal  Started    43s   kubelet            Started container busybox\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u6267\u884c\u7528\u6237<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl exec -it busybox -- sh\r\n\/ $ whoami\r\nwhoami: unknown uid 1000    \u2190\u3000\u610f\u56f3\u3057\u305f\u30e6\u30fc\u30b6\u30fc\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u4e8b\u3092\u78ba\u8a8d\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u6bcf\u4e2a\u8fdb\u7a0b\u7684\u6267\u884c\u7528\u6237<\/p>\n<pre class=\"post-pre\"><code>\/ $ ps\r\nPID   USER     TIME  COMMAND\r\n    1 1000      0:00 sleep 3600\r\n    9 1000      0:00 sh\r\n   17 1000      0:00 ps\r\n\/ $\r\n<\/code><\/pre>\n<p>\u67e5\u8be2busybox\u7684\u7528\u6237\u5217\u8868\u3002<\/p>\n<pre class=\"post-pre\"><code>\/ $ cat etc\/passwd\r\nroot:x:0:0:root:\/root:\/bin\/sh\r\ndaemon:x:1:1:daemon:\/usr\/sbin:\/bin\/false\r\nbin:x:2:2:bin:\/bin:\/bin\/false\r\nsys:x:3:3:sys:\/dev:\/bin\/false\r\nsync:x:4:100:sync:\/bin:\/bin\/sync\r\nmail:x:8:8:mail:\/var\/spool\/mail:\/bin\/false\r\nwww-data:x:33:33:www-data:\/var\/www:\/bin\/false\r\noperator:x:37:37:Operator:\/var:\/bin\/false\r\nnobody:x:65534:65534:nobody:\/home:\/bin\/false\r\n\/ $\r\n<\/code><\/pre>\n<p>\u4ee5\u4e0b\u662f\u9488\u5bf9\u8fc4\u4eca\u4e3a\u6b62\u7684\u9a8c\u8bc1\u7ed3\u679c\u7684\u603b\u7ed3\uff1a<br \/>\n\u5bf9\u4e8ebusybox\u6765\u8bf4\uff0c\u5373\u4f7f\u8bbe\u7f6e\u4e0d\u5b58\u5728\u7684\u7528\u6237UID\uff0c\u5bb9\u5668\u4e5f\u53ef\u4ee5\u6b63\u5e38\u542f\u52a8\uff0c\u5e76\u4e14\u53ef\u4ee5\u4f7f\u7528\u8be5UID\u8fd0\u884c\u3002<\/p>\n<h2>\u9a8c\u8bc12\uff1a\u4f7f\u7528\u201cnginx\u201d\u8fdb\u884c\u9a8c\u8bc1<\/h2>\n<h2>\u6b65\u9aa4<\/h2>\n<p>\u6211\u8981\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u5e94\u7528nginx\u7684yaml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code>kubectl run nginx --image=nginx --restart=Never --dry-run=client -o=yaml &gt; pod_nginx.yaml\r\n<\/code><\/pre>\n<p>\u5728\u6587\u672c\u7f16\u8f91\u5668\u4e2d\u4fee\u6539\u5df2\u751f\u6210\u7684yaml\u6587\u4ef6\u3002<\/p>\n<pre class=\"post-pre\"><code>apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  creationTimestamp: null\r\n  labels:\r\n    run: nginx\r\n  name: nginx\r\nspec:\r\n  containers:\r\n  - image: nginx\r\n    name: nginx\r\n    resources: {}\r\n  securityContext:            \u2190\u3053\u3053\u3092\u8ffd\u8a18\r\n    runAsUser: 1000            \u2190\u3053\u3053\u3092\u8ffd\u8a18\r\n  dnsPolicy: ClusterFirst\r\n  restartPolicy: Never\r\nstatus: {}\r\n<\/code><\/pre>\n<p>\u68c0\u67e5\u5df2\u521b\u5efa\u7684yaml\u6587\u4ef6\u662f\u5426\u6b63\u786e\u3002<\/p>\n<pre class=\"post-pre\"><code>kubectl apply -f pod_nginx.yaml --dry-run=client -o=yaml\r\n<\/code><\/pre>\n<pre class=\"post-pre\"><code>apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  annotations:\r\n\r\n{\u8a18\u8f09\u7701\u7565}\r\n\r\n  creationTimestamp: null\r\n  labels:\r\n    run: nginx\r\n  name: nginx\r\n  namespace: default\r\nspec:\r\n  containers:\r\n  - image: nginx\r\n    name: nginx\r\n    resources: {}\r\n  dnsPolicy: ClusterFirst\r\n  restartPolicy: Never\r\n\u00a0\u00a0securityContext:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u2190\u3053\u3053\u3092\u30c1\u30a7\u30c3\u30af\r\n\u00a0\u00a0\u00a0\u00a0runAsUser: 1000\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u2190\u3053\u3053\u3092\u30c1\u30a7\u30c3\u30af\r\nstatus: {}\r\n<\/code><\/pre>\n<p>\u4f7f\u7528\u521b\u5efa\u7684YAML\u6587\u4ef6\u5bf9busybox\u8fdb\u884capply\u3002<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl apply -f pod_nginx.yaml\r\npod\/nginx created\r\n<\/code><\/pre>\n<p>\u68c0\u67e5Pod\u7684\u72b6\u6001&#8230;\u51fa\u73b0\u9519\u8bef\u3002<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl get pod\r\nNAME    READY   STATUS   RESTARTS   AGE\r\nnginx   0\/1     Error    0          29s\r\n<\/code><\/pre>\n<p>\u8bf7\u786e\u8ba4\u542f\u52a8\u4e4b\u524d\u662f\u5426\u6709\u4efb\u4f55\u95ee\u9898<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl describe pod nginx\r\nName:         nginx\r\nNamespace:    default\r\nPriority:     0\r\n\r\n{\u8a18\u8f09\u7701\u7565}\r\n\r\nEvents:\r\n  Type    Reason     Age   From               Message\r\n  ----    ------     ----  ----               -------\r\n  Normal  Scheduled  2m5s  default-scheduler  Successfully assigned default\/nginx to minikube\r\n  Normal  Pulling    2m4s  kubelet            Pulling image \"nginx\"\r\n  Normal  Pulled     2m1s  kubelet            Successfully pulled image \"nginx\" in 3.162750793s\r\n  Normal  Created    2m1s  kubelet            Created container nginx\r\n  Normal  Started    2m1s  kubelet            Started container nginx\r\n<\/code><\/pre>\n<p>\u786e\u8ba4\u6267\u884c\u7528\u6237\u3002\u7531\u4e8e\u9519\u8bef\u539f\u56e0\uff0c\u65e0\u6cd5\u8fdb\u5165\u5bb9\u5668\u3002<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl exec -it nginx -- sh\r\nerror: cannot exec into a container in a completed pod; current phase is Failed\r\n<\/code><\/pre>\n<p>\u8bf7\u67e5\u770b\u65e5\u5fd7\u3002<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl logs nginx\r\n\/docker-entrypoint.sh: \/docker-entrypoint.d\/ is not empty, will attempt to perform configuration\r\n\/docker-entrypoint.sh: Looking for shell scripts in \/docker-entrypoint.d\/\r\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/10-listen-on-ipv6-by-default.sh\r\n10-listen-on-ipv6-by-default.sh: info: can not modify \/etc\/nginx\/conf.d\/default.conf (read-only file system?)\r\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/20-envsubst-on-templates.sh\r\n\/docker-entrypoint.sh: Configuration complete; ready for start up\r\n2021\/01\/08 14:33:02 [warn] 1#1: the \"user\" directive makes sense only if the master process runs with super-user privileges, ignored in \/etc\/nginx\/nginx.conf:2\r\nnginx: [warn] the \"user\" directive makes sense only if the master process runs with super-user privileges, ignored in \/etc\/nginx\/nginx.conf:2\r\n2021\/01\/08 14:33:02 [emerg] 1#1: mkdir() \"\/var\/cache\/nginx\/client_temp\" failed (13: Permission denied)\r\nnginx: [emerg] mkdir() \"\/var\/cache\/nginx\/client_temp\" failed (13: Permission denied)\r\n\r\n<\/code><\/pre>\n<p>\u6700\u521d\u306e\u8b66\u544a\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u898b\u3066\u307f\u308b\u3002<br \/>\nthe &#8220;user&#8221; directive makes sense only if the master process runs with super-user privileges, ignored in \/etc\/nginx\/nginx.conf:2<br \/>\n\u2193<br \/>\n\u300cuser\u300d\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306f\u3001\u30de\u30b9\u30bf\u30fc\u30d7\u30ed\u30bb\u30b9\u304c\u30b9\u30fc\u30d1\u30fc\u30e6\u30fc\u30b6\u30fc\u6a29\u9650\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u610f\u5473\u304c\u3042\u308a\u3001\/ etc \/ nginx \/ nginx.conf\uff1a2\u3067\u306f\u7121\u8996\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u55ef\u3002<br \/>\n\u8fd4\u56deroot\u6267\u884c\uff0c\u67e5\u770b\/etc\/nginx\/nginx.conf\u6587\u4ef6\u7684\u7b2c\u4e8c\u884c\u3002<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl delete -f pod_nginx.yaml\r\npod \"nginx\" deleted\r\n\r\n&gt;kubectl run nginx --image=nginx --restart=Never\r\npod\/nginx created\r\n\r\n&gt;kubectl exec -it nginx -- sh\r\n# cat \/etc\/nginx\/nginx.conf\r\n                       \u2190\u3053\u3053\u304c1\u884c\u76ee\r\nuser  nginx;           \u2190\u3053\u3053\u304c2\u884c\u76ee\r\nworker_processes  1;\r\n\r\nerror_log  \/var\/log\/nginx\/error.log warn;\r\npid        \/var\/run\/nginx.pid;\r\n\r\n{\u4ee5\u4e0b\u3001\u8a18\u8f09\u7701\u7565}\r\n<\/code><\/pre>\n<p>nginx\u3063\u3066\u3044\u3046\u30e6\u30fc\u30b6\u30fc\u3067\u306a\u3044\u3068\u30c0\u30e1\uff1f\u306a\u306e\u304b\u3082\u3057\u308c\u306a\u3044\u3002<br \/>\nnginx\u3068\u3044\u3046\u30e6\u30fc\u30b6\u30fc\u304c\u3042\u308b\u306e\u304b\u8abf\u3079\u308b\u3002<\/p>\n<pre class=\"post-pre\"><code># cat \/etc\/passwd\r\nroot:x:0:0:root:\/root:\/bin\/bash\r\ndaemon:x:1:1:daemon:\/usr\/sbin:\/usr\/sbin\/nologin\r\nbin:x:2:2:bin:\/bin:\/usr\/sbin\/nologin\r\n{\u8a18\u8f09\u7701\u7565}\r\nnginx:x:101:101:nginx user,,,:\/nonexistent:\/bin\/false\u3000\u3000\u3000\u2190\u3044\u305f\uff01\r\n<\/code><\/pre>\n<p>\u3044\u3063\u305f\u3093nginx\u306epod\u3092\u524a\u9664\u3057\u3066\u3001pod_nginx.yaml\u306erunAsUser\u3092101\u306b\u5909\u3048\u3066\u518d\u30c8\u30e9\u30a4\u3002<\/p>\n<pre class=\"post-pre\"><code># exit\r\ncommand terminated with exit code 127\r\n\r\n&gt;kubectl delete pod nginx\r\npod \"nginx\" deleted\r\n<\/code><\/pre>\n<pre class=\"post-pre\"><code>apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  creationTimestamp: null\r\n  labels:\r\n    run: nginx\r\n  name: nginx\r\nspec:\r\n  containers:\r\n  - image: nginx\r\n    name: nginx\r\n    resources: {}\r\n  securityContext:\r\n    runAsUser: 101\u3000\u3000\u3000\u3000\u2190 \u3053\u3053\u30921000\u304b\u3089101\u306b\u5909\u66f4\u3002\r\n  dnsPolicy: ClusterFirst\r\n  restartPolicy: Never\r\nstatus: {}\r\n<\/code><\/pre>\n<pre class=\"post-pre\"><code>&gt;kubectl apply -f pod_nginx.yaml\r\npod\/nginx created\r\n\r\n&gt;kubectl get pod\r\nNAME    READY   STATUS   RESTARTS   AGE\r\nnginx   0\/1     Error    0          10s\r\n\r\n&gt;kubectl logs nginx\r\n\/docker-entrypoint.sh: \/docker-entrypoint.d\/ is not empty, will attempt to perform configuration\r\n\/docker-entrypoint.sh: Looking for shell scripts in \/docker-entrypoint.d\/\r\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/10-listen-on-ipv6-by-default.sh\r\n10-listen-on-ipv6-by-default.sh: info: can not modify \/etc\/nginx\/conf.d\/default.conf (read-only file system?)\r\n\/docker-entrypoint.sh: Launching \/docker-entrypoint.d\/20-envsubst-on-templates.sh\r\n\/docker-entrypoint.sh: Configuration complete; ready for start up\r\n2021\/01\/08 15:05:53 [warn] 1#1: the \"user\" directive makes sense only if the master process runs with super-user privileges, ignored in \/etc\/nginx\/nginx.conf:2\r\nnginx: [warn] the \"user\" directive makes sense only if the master process runs with super-user privileges, ignored in \/etc\/nginx\/nginx.conf:2\r\n2021\/01\/08 15:05:53 [emerg] 1#1: mkdir() \"\/var\/cache\/nginx\/client_temp\" failed (13: Permission denied)\r\nnginx: [emerg] mkdir() \"\/var\/cache\/nginx\/client_temp\" failed (13: Permission denied)\r\n<\/code><\/pre>\n<p>\u3084\u306f\u308a\u3001Error\u306b\u306a\u3063\u3066\u3057\u307e\u3063\u305f\u3002\u7d50\u5c40\u6700\u5f8c\u306e\u30ed\u30b0\u3067\u3000\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4f5c\u308a\u305f\u3044\u3051\u308c\u3069\u6a29\u9650\u8db3\u3089\u306a\u3044\u3063\u3066\u3053\u3068\u307f\u305f\u3044\u3002<br \/>\n\u3064\u307e\u308a\u306f\u5143\u306e\u30b3\u30f3\u30c6\u30ca\u3067\u9069\u5207\u306b\u4ed5\u4e8b\u304c\u51fa\u6765\u308b\u30e6\u30fc\u30b6\u30fc\u3092\u4f5c\u3063\u3066\u304a\u3044\u305f\u4e0a\u3067\u3001runAsUser\u306b\u6307\u5b9a\u3057\u306a\u3044\u3068\u30c0\u30e1\u3063\u3066\u4e8b\u304b\u306a\u30fc\u3002<\/p>\n<h2>\u691c\u8a3c3:\u300cnode\u300d\u3067\u306e\u691c\u8a3c<\/h2>\n<p>\u6700\u521d\u306bDockerHub\u306e\u516c\u5f0f\u30a4\u30e1\u30fc\u30b8\u304b\u3089nodejs\u306e\u30b3\u30f3\u30c6\u30ca\u30a4\u30e1\u30fc\u30b8\u3092\u53d6\u5f97\u3057\u3001kubernetes\u306ePod\u5185\u306e\u30b3\u30f3\u30c6\u30ca\u3068\u3057\u3066\u8d77\u52d5\u3059\u308b\u3002<br \/>\nDockerHub\u306enodejs\u516c\u5f0f\u30a4\u30e1\u30fc\u30b8(https:\/\/hub.docker.com\/_\/node)<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl run mynodejs --image=node -- \/bin\/sh -c \"sleep 3600\"\r\npod\/mynodejs created\r\n\r\n&gt;kubectl get pod mynodejs\r\nNAME       READY   STATUS    RESTARTS   AGE\r\nmynodejs   1\/1     Running   0          15s\r\n<\/code><\/pre>\n<p>\u8d77\u52d5\u3057\u305f\u30b3\u30f3\u30c6\u30ca\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u4ee5\u4e0b\u306e\u4e8b\u3092\u78ba\u8a8d\u3059\u308b\u3002<br \/>\n1. \u30ed\u30b0\u30a4\u30f3\u6642\u306e\u30e6\u30fc\u30b6\u30fc\u306f\u4f55\u306b\u306a\u308b\u304b\uff1f<br \/>\n2. \u5404\u30d7\u30ed\u30bb\u30b9\u306f\u3001\u3069\u306e\u30e6\u30fc\u30b6\u30fc\u3067\u8d77\u52d5\u3057\u3066\u3044\u308b\u304b\uff1f<br \/>\n3. \u767b\u9332\u3055\u308c\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u306b\u306f\u3069\u3093\u306a\u3082\u306e\u304c\u3042\u308b\u304b\uff1f<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl exec -it mynodejs -- \/bin\/sh\r\n# whoami\r\nroot\r\n# ps -aux\r\nUSER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND\r\nroot           1  0.0  0.0   4280   696 ?        Ss   03:13   0:00 \/bin\/sh -c sleep 3600\r\nroot           8  0.0  0.0   4188   640 ?        S    03:13   0:00 sleep 3600\r\nroot           9  0.0  0.0   4280   736 pts\/0    Ss   03:14   0:00 \/bin\/sh\r\nroot          17  0.0  0.1  36636  2732 pts\/0    R+   03:14   0:00 ps -aux\r\n# cat \/etc\/passwd\r\nroot:x:0:0:root:\/root:\/bin\/bash\r\ndaemon:x:1:1:daemon:\/usr\/sbin:\/usr\/sbin\/nologin\r\nbin:x:2:2:bin:\/bin:\/usr\/sbin\/nologin\r\nsys:x:3:3:sys:\/dev:\/usr\/sbin\/nologin\r\n{\u4e2d\u7565}\r\n_apt:x:100:65534::\/nonexistent:\/bin\/false\r\nnode:x:1000:1000::\/home\/node:\/bin\/bash  \u2190 node \u3068\u3044\u3046\u30e6\u30fc\u30b6\u30fc\u304c\u5b58\u5728\u3002UID:GID\u3068\u3082\u306b1000\r\n#\r\n<\/code><\/pre>\n<p>\u8d77\u52d5\u30e6\u30fc\u30b6\u30fc\u3092\u6307\u5b9a\u3059\u308byaml\u3092\u4f5c\u3063\u3066nodejs\u30b3\u30f3\u30c6\u30ca\u3092\u3001kubernetes\u306ePod\u5185\u306e\u30b3\u30f3\u30c6\u30ca\u3068\u3057\u3066\u8d77\u52d5\u3059\u308b\u3002<br \/>\n1. yaml\u30d5\u30a1\u30a4\u30eb\u3092\u751f\u6210\u3002<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl run mynodejs --image=node --dry-run=client -o=yaml -- \/bin\/sh -c \"node; sleep 3600\" &gt; mynodejs.yaml\r\n<\/code><\/pre>\n<ol>\u5728securityContext\u4e2d\uff0c\u6307\u5b9a\u7528\u6237\u548c\u7ec4\u3002\u540c\u65f6\u963b\u6b62\u4ee5root\u6743\u9650\u542f\u52a8\u3002<\/ol>\n<pre class=\"post-pre\"><code>apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  creationTimestamp: null\r\n  labels:\r\n    run: mynodejs\r\n  name: mynodejs\r\nspec:\r\n  securityContext:      \u2190\u3053\u3053\u3092\u8ffd\u52a0\r\n    runAsUser: 1000     \u2190\u3053\u3053\u3092\u8ffd\u52a0\r\n    runAsGroup: 1000    \u2190\u3053\u3053\u3092\u8ffd\u52a0\r\n    runAsNonRoot: True  \u2190\u3053\u3053\u3092\u8ffd\u52a0\r\n  containers:\r\n  - args:\r\n    - \/bin\/sh\r\n    - -c\r\n    - node; sleep 3600\r\n    image: node\r\n    name: mynodejs\r\n    resources: {}\r\n  dnsPolicy: ClusterFirst\r\n  restartPolicy: Always\r\nstatus: {}\r\n<\/code><\/pre>\n<ol>kubernetes\u306ePod\u5185\u306e\u30b3\u30f3\u30c6\u30ca\u3068\u3057\u3066\u8d77\u52d5\u3059\u308b\u3002<\/ol>\n<pre class=\"post-pre\"><code>&gt;kubectl apply -f mynodejs.yaml\r\npod\/mynodejs created\r\n<\/code><\/pre>\n<p>\u8d77\u52d5\u3057\u305f\u30b3\u30f3\u30c6\u30ca\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u4ee5\u4e0b\u306e\u4e8b\u3092\u78ba\u8a8d\u3059\u308b\u3002<br \/>\n1. \u30ed\u30b0\u30a4\u30f3\u6642\u306e\u30e6\u30fc\u30b6\u30fc\u306f\u4f55\u306b\u306a\u308b\u304b\uff1f<br \/>\n2. node\u30b3\u30de\u30f3\u30c9\u304c\u52d5\u304f\u304b\uff1f<br \/>\n3. \u5404\u30d7\u30ed\u30bb\u30b9\u306f\u3001\u3069\u306e\u30e6\u30fc\u30b6\u30fc\u3067\u8d77\u52d5\u3057\u3066\u3044\u308b\u304b\uff1f<\/p>\n<pre class=\"post-pre\"><code>&gt;kubectl apply -f mynodejs.yaml\r\npod\/mynodejs created\r\n\r\n&gt;kubectl exec -it mynodejs -- sh\r\n$ whoami\r\nnode\r\n$ ps -aux\r\nUSER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND\r\nnode           1  0.0  0.0   4280   696 ?        Ss   03:31   0:00 \/bin\/sh -c node; sleep 3600\r\nnode          19  0.0  0.0   4188   668 ?        S    03:31   0:00 sleep 3600\r\nnode          20  0.0  0.0   4280   700 pts\/0    Ss   03:32   0:00 sh\r\nnode          27  0.0  0.1  36636  2856 pts\/0    R+   03:33   0:00 ps -aux\r\n$ node\r\nWelcome to Node.js v15.5.1.\r\nType \".help\" for more information.\r\n&gt;\r\n<\/code><\/pre>\n<p>\u7ed3\u679c\u3002<br \/>\n\u9996\u5148\uff0c\u5bb9\u5668\u672c\u8eab\u5fc5\u987b\u662f\u4e00\u4e2a\u53ef\u4ee5\u5728root\u7528\u6237\u4e4b\u5916\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u96c6\u5408\u3002<br \/>\n\u5982\u679c\u662f\u57fa\u4e8enode\u7528\u6237\u8fd0\u884c\u7684\u5bb9\u5668\uff0c\u53ef\u4ee5\u901a\u8fc7Pod\u6307\u5b9a\u7528\u6237\u6765\u8fd0\u884c\u3002<br \/>\n\u5982\u679c\u50cfnginx\u4e00\u6837\u6709\u9650\u5236\u6267\u884c\u7528\u6237\u7684\u60c5\u51b5\u4e0b\uff0c\u5373\u4f7f\u6307\u5b9a\u4e86\u5408\u9002\u7684\u7528\u6237ID\uff0c\u4e5f\u65e0\u6cd5\u6b63\u5e38\u8fd0\u884c\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u73af\u5883\u3002 Minikube\u7248\u672c\uff1av1.16.0\u3002 \u7b2c\u4e00\u9879\u9a8c\u8bc1\uff1a\u4f7f\u7528\u201cbusybox\u201d\u8fdb\u884c\u9a8c\u8bc1\u3002 \u6b65\u9aa4 \u521b\u5efa\u4e00\u4e2a\u7528 [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-33418","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 - \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5-\u8c03\u67e5\u8bb0\u5f55\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 - \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09\" \/>\n<meta property=\"og:description\" content=\"\u73af\u5883\u3002 Minikube\u7248\u672c\uff1av1.16.0\u3002 \u7b2c\u4e00\u9879\u9a8c\u8bc1\uff1a\u4f7f\u7528\u201cbusybox\u201d\u8fdb\u884c\u9a8c\u8bc1\u3002 \u6b65\u9aa4 \u521b\u5efa\u4e00\u4e2a\u7528 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5-\u8c03\u67e5\u8bb0\u5f55\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-14T02:43:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T06:29:55+00:00\" \/>\n<meta name=\"author\" content=\"\u6587, \u7fd4\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6587, \u7fd4\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/\",\"name\":\"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 - \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2022-12-14T02:43:54+00:00\",\"dateModified\":\"2024-04-30T06:29:55+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 &#8211; \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\",\"name\":\"\u6587, \u7fd4\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"caption\":\"\u6587, \u7fd4\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 - \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5-\u8c03\u67e5\u8bb0\u5f55\/","og_locale":"zh_CN","og_type":"article","og_title":"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 - \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09","og_description":"\u73af\u5883\u3002 Minikube\u7248\u672c\uff1av1.16.0\u3002 \u7b2c\u4e00\u9879\u9a8c\u8bc1\uff1a\u4f7f\u7528\u201cbusybox\u201d\u8fdb\u884c\u9a8c\u8bc1\u3002 \u6b65\u9aa4 \u521b\u5efa\u4e00\u4e2a\u7528 [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5-\u8c03\u67e5\u8bb0\u5f55\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2022-12-14T02:43:54+00:00","article_modified_time":"2024-04-30T06:29:55+00:00","author":"\u6587, \u7fd4","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6587, \u7fd4","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"6 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/","name":"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 - \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2022-12-14T02:43:54+00:00","dateModified":"2024-04-30T06:29:55+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u5728k8s\u4e0a\uff0c\u4ee5\u975eroot\u6743\u9650\u7684\u7528\u6237\u8fd0\u884c\u5bb9\u5668\u7684\u65b9\u6cd5 &#8211; \u8c03\u67e5\u8bb0\u5f55\uff08\u8c03\u67e5\u4e2d\uff09"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c","name":"\u6587, \u7fd4","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","caption":"\u6587, \u7fd4"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%9c%a8k8s%e4%b8%8a%ef%bc%8c%e4%bb%a5%e9%9d%9eroot%e6%9d%83%e9%99%90%e7%9a%84%e7%94%a8%e6%88%b7%e8%bf%90%e8%a1%8c%e5%ae%b9%e5%99%a8%e7%9a%84%e6%96%b9%e6%b3%95-%e8%b0%83%e6%9f%a5%e8%ae%b0%e5%bd%95\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/33418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=33418"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/33418\/revisions"}],"predecessor-version":[{"id":92465,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/33418\/revisions\/92465"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=33418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=33418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=33418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}