mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-30 18:20:19 +00:00
51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
|
#
|
||
|
# /!\ DO NOT MODIFY THIS FILE
|
||
|
#
|
||
|
# This file has been automatically generated by Ceph-CSI yamlgen.
|
||
|
# The source for the contents can be found in the api/deploy directory, make
|
||
|
# your modifications there.
|
||
|
#
|
||
|
---
|
||
|
kind: SecurityContextConstraints
|
||
|
apiVersion: security.openshift.io/v1
|
||
|
metadata:
|
||
|
name: "ceph-csi"
|
||
|
# To allow running privilegedContainers
|
||
|
allowPrivilegedContainer: true
|
||
|
# CSI daemonset pod needs hostnetworking
|
||
|
allowHostNetwork: true
|
||
|
# This need to be set to true as we use HostPath
|
||
|
allowHostDirVolumePlugin: true
|
||
|
priority:
|
||
|
# SYS_ADMIN is needed for rbd to execture rbd map command
|
||
|
allowedCapabilities: ["SYS_ADMIN"]
|
||
|
# Needed as we run liveness container on daemonset pods
|
||
|
allowHostPorts: true
|
||
|
# Needed as we are setting this in RBD plugin pod
|
||
|
allowHostPID: true
|
||
|
# Required for encryption
|
||
|
allowHostIPC: true
|
||
|
# Set to false as we write to RootFilesystem inside csi containers
|
||
|
readOnlyRootFilesystem: false
|
||
|
runAsUser:
|
||
|
type: RunAsAny
|
||
|
seLinuxContext:
|
||
|
type: RunAsAny
|
||
|
fsGroup:
|
||
|
type: RunAsAny
|
||
|
supplementalGroups:
|
||
|
type: RunAsAny
|
||
|
# The type of volumes which are mounted to csi pods
|
||
|
volumes:
|
||
|
- configMap
|
||
|
- projected
|
||
|
- emptyDir
|
||
|
- hostPath
|
||
|
users:
|
||
|
# A user needs to be added for each service account.
|
||
|
- "system:serviceaccount:ceph-csi:csi-rbd-plugin-sa"
|
||
|
- "system:serviceaccount:ceph-csi:csi-rbd-provisioner-sa"
|
||
|
- "system:serviceaccount:ceph-csi:csi-cephfs-plugin-sa"
|
||
|
# yamllint disable-line rule:line-length
|
||
|
- "system:serviceaccount:ceph-csi:csi-cephfs-provisioner-sa"
|