mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
deploy: reduce the PSP permission for cephfs deployment
cephfs deployment doesnot need extra permission like privileged,Capabilities and remove unwanted volumes. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
parent
7fc1bf1321
commit
051af3b257
@ -4,12 +4,8 @@ kind: PodSecurityPolicy
|
|||||||
metadata:
|
metadata:
|
||||||
name: cephfs-csi-provisioner-psp
|
name: cephfs-csi-provisioner-psp
|
||||||
spec:
|
spec:
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
allowedCapabilities:
|
|
||||||
- 'SYS_ADMIN'
|
|
||||||
fsGroup:
|
fsGroup:
|
||||||
rule: RunAsAny
|
rule: RunAsAny
|
||||||
privileged: true
|
|
||||||
runAsUser:
|
runAsUser:
|
||||||
rule: RunAsAny
|
rule: RunAsAny
|
||||||
seLinux:
|
seLinux:
|
||||||
@ -21,7 +17,6 @@ spec:
|
|||||||
- 'emptyDir'
|
- 'emptyDir'
|
||||||
- 'projected'
|
- 'projected'
|
||||||
- 'secret'
|
- 'secret'
|
||||||
- 'downwardAPI'
|
|
||||||
- 'hostPath'
|
- 'hostPath'
|
||||||
allowedHostPaths:
|
allowedHostPaths:
|
||||||
- pathPrefix: '/dev'
|
- pathPrefix: '/dev'
|
||||||
|
Loading…
Reference in New Issue
Block a user