Skip to content

Commit dc0e801

Browse files
hanans426hanans426
authored
Update index.md
1 parent 690a626 commit dc0e801

1 file changed

Lines changed: 17 additions & 16 deletions

File tree

docs/index.md

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -178,28 +178,29 @@ spec:
178178
```
179179
180180
重要字段说明
181-
SandboxSet.spec.persistentContents: filesystem #在pause,connect的过程中只保留文件系统(不保留ip、mem)
182-
template.spec.restartPolicy: Always
183-
template.spec.automountServiceAccountToken: false #Pod 不挂载 service account
184-
template.spec.enableServiceLinks: false #Pod 不注入 service 环境变量
181+
- SandboxSet.spec.persistentContents: filesystem #在pause,connect的过程中只保留文件系统(不保留ip、mem)
182+
- template.spec.restartPolicy: Always
183+
- template.spec.automountServiceAccountToken: false #Pod 不挂载 service account
184+
- template.spec.enableServiceLinks: false #Pod 不注入 service 环境变量
185185
186-
template.metadata.labels.alibabacloud.com/acs: "true"
187-
template.metadata.annotations.ops.alibabacloud.com/pause-enabled: "true" # 支持pause, connect 动作
186+
- template.metadata.labels.alibabacloud.com/acs: "true"
187+
- template.metadata.annotations.ops.alibabacloud.com/pause-enabled: "true" # 支持pause, connect 动作
188188
189-
template.spec.initContainer #下载并copy envd 的环境 , 保留即可
190-
template.spec.initContainers.restartPolicy: Always
189+
- template.spec.initContainer #下载并copy envd 的环境 , 保留即可
190+
- template.spec.initContainers.restartPolicy: Always
191191
192-
template.spec.containers.securityContext.runAsNonRoot: true #Pod 使用普通用户启动
193-
template.spec.containers.securityContext.privileged: false # 禁用特权配置
194-
template.spec.containers.securityContext.allowPrivilegeEscalation: false
195-
template.spec.containers.securityContext.seccompProfile.type.RuntimeDefault
196-
template.spec.containers.securityContext.capabilities.drop: [ALL]
197-
template.spec.containers.securityContext.readOnlyRootFilesystem: false
192+
- template.spec.containers.securityContext.runAsNonRoot: true #Pod 使用普通用户启动
193+
- template.spec.containers.securityContext.privileged: false # 禁用特权配置
194+
- template.spec.containers.securityContext.allowPrivilegeEscalation: false
195+
- template.spec.containers.securityContext.seccompProfile.type.RuntimeDefault
196+
- template.spec.containers.securityContext.capabilities.drop: [ALL]
197+
- template.spec.containers.securityContext.readOnlyRootFilesystem: false
198198
199199
如果预期使用Pause,一定不要设置liveness/rediness的探针,避免在暂停期间的健康检查问题
200200
必要的修改
201-
registry-cn-hangzhou.ack.aliyuncs.com/acs/agent-runtime # 修改为所在地域的镜像,并且是内网镜像【目前,未来会自动注入】
202-
registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/openclaw:2026.3.2 # 替换为客户自己构建的镜像
201+
- registry-cn-hangzhou.ack.aliyuncs.com/acs/agent-runtime # 修改为所在地域的镜像,并且是内网镜像【目前,未来会自动注入】
202+
- registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/openclaw:2026.3.2 # 替换为客户自己构建的镜像
203+
203204
机制的简要说明
204205
通过在pod启动envd,来支持e2b sdk的服务端接口
205206

0 commit comments

Comments
 (0)