deploy: reduce the PSP permission for cephfs deployment

cephfs deployment doesnot need extra permission like
privileged,Capabilities and remove unwanted volumes.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna 2021-09-17 14:01:36 +05:30 committed by mergify[bot]
parent 7fc1bf1321
commit 051af3b257

View File

@ -4,12 +4,8 @@ kind: PodSecurityPolicy
metadata:
name: cephfs-csi-provisioner-psp
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
- 'SYS_ADMIN'
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
@ -21,7 +17,6 @@ spec:
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'hostPath'
allowedHostPaths:
- pathPrefix: '/dev'