mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-26 15:00:19 +00:00
helm: Add selinuxMount flag to enable/disable /etc/selinux host mount
Add selinuxMount flag to enable/disable /etc/selinux host mount inside pods to support selinux-enabled filesystems Signed-off-by: Francesco Astegiano <francesco.astegiano@gmail.com>
This commit is contained in:
parent
ea89b26f65
commit
4235178f7c
@ -156,6 +156,7 @@ charts and their default values.
|
||||
| `secret.name` | Specifies the cephFS secret name | `csi-cephfs-secret` |
|
||||
| `secret.adminID` | Specifies the admin ID of the cephFS secret | `<plaintext ID>` |
|
||||
| `secret.adminKey` | Specifies the key that corresponds to the adminID | `<Ceph auth key corresponding to ID above>` |
|
||||
| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` |
|
||||
|
||||
### Command Line
|
||||
|
||||
|
@ -112,9 +112,11 @@ spec:
|
||||
name: host-mount
|
||||
- mountPath: /sys
|
||||
name: host-sys
|
||||
{{- if .Values.selinuxMount }}
|
||||
- mountPath: /etc/selinux
|
||||
name: etc-selinux
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- mountPath: /lib/modules
|
||||
name: lib-modules
|
||||
readOnly: true
|
||||
@ -176,9 +178,11 @@ spec:
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- if .Values.selinuxMount }}
|
||||
- name: etc-selinux
|
||||
hostPath:
|
||||
path: /etc/selinux
|
||||
{{- end }}
|
||||
- name: host-mount
|
||||
hostPath:
|
||||
path: /run/mount
|
||||
|
@ -40,8 +40,10 @@ spec:
|
||||
readOnly: false
|
||||
- pathPrefix: '/sys'
|
||||
readOnly: false
|
||||
{{- if .Values.selinuxMount }}
|
||||
- pathPrefix: '/etc/selinux'
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- pathPrefix: '/lib/modules'
|
||||
readOnly: true
|
||||
- pathPrefix: '{{ .Values.kubeletDir }}'
|
||||
|
@ -201,6 +201,10 @@ provisioner:
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
|
||||
# Mount the host /etc/selinux inside pods to support
|
||||
# selinux-enabled filesystems
|
||||
selinuxMount: true
|
||||
|
||||
topology:
|
||||
# Specifies whether topology based provisioning support should
|
||||
# be exposed by CSI
|
||||
|
@ -175,6 +175,7 @@ charts and their default values.
|
||||
| `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` |
|
||||
| `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` |
|
||||
| `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` |
|
||||
| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` |
|
||||
|
||||
### Command Line
|
||||
|
||||
|
@ -109,9 +109,11 @@ spec:
|
||||
name: host-mount
|
||||
- mountPath: /sys
|
||||
name: host-sys
|
||||
{{- if .Values.selinuxMount }}
|
||||
- mountPath: /etc/selinux
|
||||
name: etc-selinux
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- mountPath: /lib/modules
|
||||
name: lib-modules
|
||||
readOnly: true
|
||||
@ -193,9 +195,11 @@ spec:
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
{{- if .Values.selinuxMount }}
|
||||
- name: etc-selinux
|
||||
hostPath:
|
||||
path: /etc/selinux
|
||||
{{- end }}
|
||||
- name: lib-modules
|
||||
hostPath:
|
||||
path: /lib/modules
|
||||
|
@ -40,8 +40,10 @@ spec:
|
||||
readOnly: false
|
||||
- pathPrefix: '/sys'
|
||||
readOnly: false
|
||||
{{- if .Values.selinuxMount }}
|
||||
- pathPrefix: '/etc/selinux'
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- pathPrefix: '/lib/modules'
|
||||
readOnly: true
|
||||
- pathPrefix: '{{ .Values.cephLogDirHostPath }}'
|
||||
|
@ -399,6 +399,10 @@ storageClass:
|
||||
# mountOptions:
|
||||
# - discard
|
||||
|
||||
# Mount the host /etc/selinux inside pods to support
|
||||
# selinux-enabled filesystems
|
||||
selinuxMount: true
|
||||
|
||||
secret:
|
||||
# Specifies whether the secret should be created
|
||||
create: false
|
||||
|
Loading…
Reference in New Issue
Block a user