mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
deploy: reduce the PSP permission for cephfs deployment
cephfs deployment doesnot need extra permission like privileged,Capabilities and remove unwanted volumes. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
parent
7fc1bf1321
commit
051af3b257
@ -4,12 +4,8 @@ kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: cephfs-csi-provisioner-psp
|
||||
spec:
|
||||
allowPrivilegeEscalation: true
|
||||
allowedCapabilities:
|
||||
- 'SYS_ADMIN'
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
privileged: true
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
seLinux:
|
||||
@ -21,7 +17,6 @@ spec:
|
||||
- 'emptyDir'
|
||||
- 'projected'
|
||||
- 'secret'
|
||||
- 'downwardAPI'
|
||||
- 'hostPath'
|
||||
allowedHostPaths:
|
||||
- pathPrefix: '/dev'
|
||||
|
Loading…
Reference in New Issue
Block a user