mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-29 09:40:22 +00:00
helm: Add selinuxMount flag to enable/disable /etc/selinux host mount
Add selinuxMount flag to enable/disable /etc/selinux host mount inside pods to support selinux-enabled filesystems Signed-off-by: Francesco Astegiano <francesco.astegiano@gmail.com>
This commit is contained in:
parent
ea89b26f65
commit
4235178f7c
@ -156,6 +156,7 @@ charts and their default values.
|
|||||||
| `secret.name` | Specifies the cephFS secret name | `csi-cephfs-secret` |
|
| `secret.name` | Specifies the cephFS secret name | `csi-cephfs-secret` |
|
||||||
| `secret.adminID` | Specifies the admin ID of the cephFS secret | `<plaintext ID>` |
|
| `secret.adminID` | Specifies the admin ID of the cephFS secret | `<plaintext ID>` |
|
||||||
| `secret.adminKey` | Specifies the key that corresponds to the adminID | `<Ceph auth key corresponding to ID above>` |
|
| `secret.adminKey` | Specifies the key that corresponds to the adminID | `<Ceph auth key corresponding to ID above>` |
|
||||||
|
| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` |
|
||||||
|
|
||||||
### Command Line
|
### Command Line
|
||||||
|
|
||||||
|
@ -112,9 +112,11 @@ spec:
|
|||||||
name: host-mount
|
name: host-mount
|
||||||
- mountPath: /sys
|
- mountPath: /sys
|
||||||
name: host-sys
|
name: host-sys
|
||||||
|
{{- if .Values.selinuxMount }}
|
||||||
- mountPath: /etc/selinux
|
- mountPath: /etc/selinux
|
||||||
name: etc-selinux
|
name: etc-selinux
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
name: lib-modules
|
name: lib-modules
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -176,9 +178,11 @@ spec:
|
|||||||
- name: host-sys
|
- name: host-sys
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /sys
|
path: /sys
|
||||||
|
{{- if .Values.selinuxMount }}
|
||||||
- name: etc-selinux
|
- name: etc-selinux
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/selinux
|
path: /etc/selinux
|
||||||
|
{{- end }}
|
||||||
- name: host-mount
|
- name: host-mount
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /run/mount
|
path: /run/mount
|
||||||
|
@ -40,8 +40,10 @@ spec:
|
|||||||
readOnly: false
|
readOnly: false
|
||||||
- pathPrefix: '/sys'
|
- pathPrefix: '/sys'
|
||||||
readOnly: false
|
readOnly: false
|
||||||
|
{{- if .Values.selinuxMount }}
|
||||||
- pathPrefix: '/etc/selinux'
|
- pathPrefix: '/etc/selinux'
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
- pathPrefix: '/lib/modules'
|
- pathPrefix: '/lib/modules'
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- pathPrefix: '{{ .Values.kubeletDir }}'
|
- pathPrefix: '{{ .Values.kubeletDir }}'
|
||||||
|
@ -201,6 +201,10 @@ provisioner:
|
|||||||
podSecurityPolicy:
|
podSecurityPolicy:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
# Mount the host /etc/selinux inside pods to support
|
||||||
|
# selinux-enabled filesystems
|
||||||
|
selinuxMount: true
|
||||||
|
|
||||||
topology:
|
topology:
|
||||||
# Specifies whether topology based provisioning support should
|
# Specifies whether topology based provisioning support should
|
||||||
# be exposed by CSI
|
# be exposed by CSI
|
||||||
|
@ -175,6 +175,7 @@ charts and their default values.
|
|||||||
| `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` |
|
| `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` |
|
||||||
| `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` |
|
| `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` |
|
||||||
| `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` |
|
| `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` |
|
||||||
|
| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` |
|
||||||
|
|
||||||
### Command Line
|
### Command Line
|
||||||
|
|
||||||
|
@ -109,9 +109,11 @@ spec:
|
|||||||
name: host-mount
|
name: host-mount
|
||||||
- mountPath: /sys
|
- mountPath: /sys
|
||||||
name: host-sys
|
name: host-sys
|
||||||
|
{{- if .Values.selinuxMount }}
|
||||||
- mountPath: /etc/selinux
|
- mountPath: /etc/selinux
|
||||||
name: etc-selinux
|
name: etc-selinux
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
name: lib-modules
|
name: lib-modules
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -193,9 +195,11 @@ spec:
|
|||||||
- name: host-sys
|
- name: host-sys
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /sys
|
path: /sys
|
||||||
|
{{- if .Values.selinuxMount }}
|
||||||
- name: etc-selinux
|
- name: etc-selinux
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /etc/selinux
|
path: /etc/selinux
|
||||||
|
{{- end }}
|
||||||
- name: lib-modules
|
- name: lib-modules
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /lib/modules
|
path: /lib/modules
|
||||||
|
@ -40,8 +40,10 @@ spec:
|
|||||||
readOnly: false
|
readOnly: false
|
||||||
- pathPrefix: '/sys'
|
- pathPrefix: '/sys'
|
||||||
readOnly: false
|
readOnly: false
|
||||||
|
{{- if .Values.selinuxMount }}
|
||||||
- pathPrefix: '/etc/selinux'
|
- pathPrefix: '/etc/selinux'
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
- pathPrefix: '/lib/modules'
|
- pathPrefix: '/lib/modules'
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- pathPrefix: '{{ .Values.cephLogDirHostPath }}'
|
- pathPrefix: '{{ .Values.cephLogDirHostPath }}'
|
||||||
|
@ -399,6 +399,10 @@ storageClass:
|
|||||||
# mountOptions:
|
# mountOptions:
|
||||||
# - discard
|
# - discard
|
||||||
|
|
||||||
|
# Mount the host /etc/selinux inside pods to support
|
||||||
|
# selinux-enabled filesystems
|
||||||
|
selinuxMount: true
|
||||||
|
|
||||||
secret:
|
secret:
|
||||||
# Specifies whether the secret should be created
|
# Specifies whether the secret should be created
|
||||||
create: false
|
create: false
|
||||||
|
Loading…
Reference in New Issue
Block a user