mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-05-24 08:16:42 +00:00
helm: allowPrivilegeEscalation: true in containerSecurityContext
When running the kubernetes cluster with one single privileged PodSecurityPolicy which is allowing everything the nodeplugin daemonset can fail to start. To be precise the problem is the defaultAllowPrivilegeEscalation: false configuration in the PSP. Containers of the nodeplugin daemonset won't start when they have privileged: true but no allowPrivilegeEscalation in their container securityContext. Kubernetes will not schedule if this mismatch exists cannot set allowPrivilegeEscalation to false and privileged to true Signed-off-by: Silvan Loser <silvan.loser@hotmail.ch> Signed-off-by: Silvan Loser <33911078+losil@users.noreply.github.com> (cherry picked from commit 06c4477ff9fce02c49439d800f36cce82319f805)
This commit is contained in:
parent
41728c2465
commit
059969b10b
@ -42,6 +42,7 @@ spec:
|
||||
# created by privileged CSI driver container.
|
||||
securityContext:
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
|
||||
args:
|
||||
@ -135,6 +136,7 @@ spec:
|
||||
- name: liveness-prometheus
|
||||
securityContext:
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
||||
args:
|
||||
|
@ -42,6 +42,7 @@ spec:
|
||||
# created by privileged CSI driver container.
|
||||
securityContext:
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
|
||||
args:
|
||||
@ -142,6 +143,7 @@ spec:
|
||||
- name: liveness-prometheus
|
||||
securityContext:
|
||||
privileged: true
|
||||
allowPrivilegeEscalation: true
|
||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
||||
args:
|
||||
|
Loading…
x
Reference in New Issue
Block a user