mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-10 00:10:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: reduce the PSP permission for cephfs deployment

Browse Source 
cephfs deployment doesnot need extra permission like
privileged,Capabilities and remove unwanted volumes.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna 2021-09-17 14:01:36 +05:30 committed by mergify[bot]
parent 7fc1bf1321
commit 051af3b257
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
View File

@ -4,12 +4,8 @@ kind: PodSecurityPolicy
metadata: metadata:
name: cephfs-csi-provisioner-psp name: cephfs-csi-provisioner-psp
spec: spec:
allowPrivilegeEscalation: true
allowedCapabilities:
- 'SYS_ADMIN'
fsGroup: fsGroup:
rule: RunAsAny rule: RunAsAny
privileged: true
runAsUser: runAsUser:
rule: RunAsAny rule: RunAsAny
seLinux: seLinux:
@ -21,7 +17,6 @@ spec:
- 'emptyDir' - 'emptyDir'
- 'projected' - 'projected'
- 'secret' - 'secret'
- 'downwardAPI'
- 'hostPath' - 'hostPath'
allowedHostPaths: allowedHostPaths:
- pathPrefix: '/dev' - pathPrefix: '/dev'