mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-26 00:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

helm: Add selinuxMount flag to enable/disable /etc/selinux host mount

Browse Source 
Add selinuxMount flag to enable/disable /etc/selinux host mount inside pods
to support selinux-enabled filesystems

Signed-off-by: Francesco Astegiano <francesco.astegiano@gmail.com>
This commit is contained in:
Francesco Astegiano 2022-02-16 00:13:39 +01:00 committed by mergify[bot]
parent ea89b26f65
commit 4235178f7c
8 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
charts/ceph-csi-cephfs/README.md
View File

@ -156,6 +156,7 @@ charts and their default values.
| `secret.name` | Specifies the cephFS secret name | `csi-cephfs-secret` | | `secret.name` | Specifies the cephFS secret name | `csi-cephfs-secret` |
| `secret.adminID` | Specifies the admin ID of the cephFS secret | `<plaintext ID>` | | `secret.adminID` | Specifies the admin ID of the cephFS secret | `<plaintext ID>` |
| `secret.adminKey` | Specifies the key that corresponds to the adminID | `<Ceph auth key corresponding to ID above>` | | `secret.adminKey` | Specifies the key that corresponds to the adminID | `<Ceph auth key corresponding to ID above>` |
| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` |
### Command Line ### Command Line

4
charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml
View File

@ -112,9 +112,11 @@ spec:
name: host-mount name: host-mount
- mountPath: /sys - mountPath: /sys
name: host-sys name: host-sys
{{- if .Values.selinuxMount }}
- mountPath: /etc/selinux - mountPath: /etc/selinux
name: etc-selinux name: etc-selinux
readOnly: true readOnly: true
{{- end }}
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
@ -176,9 +178,11 @@ spec:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: /sys path: /sys
{{- if .Values.selinuxMount }}
- name: etc-selinux - name: etc-selinux
hostPath: hostPath:
path: /etc/selinux path: /etc/selinux
{{- end }}
- name: host-mount - name: host-mount
hostPath: hostPath:
path: /run/mount path: /run/mount

2
charts/ceph-csi-cephfs/templates/nodeplugin-psp.yaml
View File

@ -40,8 +40,10 @@ spec:
readOnly: false readOnly: false
- pathPrefix: '/sys' - pathPrefix: '/sys'
readOnly: false readOnly: false
{{- if .Values.selinuxMount }}
- pathPrefix: '/etc/selinux' - pathPrefix: '/etc/selinux'
readOnly: true readOnly: true
{{- end }}
- pathPrefix: '/lib/modules' - pathPrefix: '/lib/modules'
readOnly: true readOnly: true
- pathPrefix: '{{ .Values.kubeletDir }}' - pathPrefix: '{{ .Values.kubeletDir }}'

4
charts/ceph-csi-cephfs/values.yaml
View File

@ -201,6 +201,10 @@ provisioner:
podSecurityPolicy: podSecurityPolicy:
enabled: false enabled: false
# Mount the host /etc/selinux inside pods to support
# selinux-enabled filesystems
selinuxMount: true
topology: topology:
# Specifies whether topology based provisioning support should # Specifies whether topology based provisioning support should
# be exposed by CSI # be exposed by CSI

1
charts/ceph-csi-rbd/README.md
View File

@ -175,6 +175,7 @@ charts and their default values.
| `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` | | `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` |
| `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` | | `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` |
| `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` | | `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` |
| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` |
### Command Line ### Command Line

4
charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
View File

@ -109,9 +109,11 @@ spec:
name: host-mount name: host-mount
- mountPath: /sys - mountPath: /sys
name: host-sys name: host-sys
{{- if .Values.selinuxMount }}
- mountPath: /etc/selinux - mountPath: /etc/selinux
name: etc-selinux name: etc-selinux
readOnly: true readOnly: true
{{- end }}
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
@ -193,9 +195,11 @@ spec:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: /sys path: /sys
{{- if .Values.selinuxMount }}
- name: etc-selinux - name: etc-selinux
hostPath: hostPath:
path: /etc/selinux path: /etc/selinux
{{- end }}
- name: lib-modules - name: lib-modules
hostPath: hostPath:
path: /lib/modules path: /lib/modules

2
charts/ceph-csi-rbd/templates/nodeplugin-psp.yaml
View File

@ -40,8 +40,10 @@ spec:
readOnly: false readOnly: false
- pathPrefix: '/sys' - pathPrefix: '/sys'
readOnly: false readOnly: false
{{- if .Values.selinuxMount }}
- pathPrefix: '/etc/selinux' - pathPrefix: '/etc/selinux'
readOnly: true readOnly: true
{{- end }}
- pathPrefix: '/lib/modules' - pathPrefix: '/lib/modules'
readOnly: true readOnly: true
- pathPrefix: '{{ .Values.cephLogDirHostPath }}' - pathPrefix: '{{ .Values.cephLogDirHostPath }}'

4
charts/ceph-csi-rbd/values.yaml
View File

@ -399,6 +399,10 @@ storageClass:
# mountOptions: # mountOptions:
# - discard # - discard
# Mount the host /etc/selinux inside pods to support
# selinux-enabled filesystems
selinuxMount: true
secret: secret:
# Specifies whether the secret should be created # Specifies whether the secret should be created
create: false create: false