deploy: configurable podSecurityContexts in ceph-csi-rbd

Signed-off-by: 1602077 <62025739+1602077@users.noreply.github.com>
This commit is contained in:
1602077 2024-06-06 10:23:10 +02:00 committed by mergify[bot]
parent ea42a0e873
commit 6b21263efd
5 changed files with 9 additions and 0 deletions

View File

@ -5,5 +5,6 @@
## Features ## Features
- deploy: podSecurityContexts can be configured for ceph-csi-cephfs chart in [PR](https://github.com/ceph/ceph-csi/pull/4664). - deploy: podSecurityContexts can be configured for ceph-csi-cephfs chart in [PR](https://github.com/ceph/ceph-csi/pull/4664).
- deploy: podSecurityContexts can be configured for ceph-csi-rbd chart in [PR](https://github.com/ceph/ceph-csi/pull/4668)
## NOTE ## NOTE

View File

@ -131,6 +131,7 @@ charts and their default values.
| `nodeplugin.plugin.image.repository` | Nodeplugin image repository URL | `quay.io/cephcsi/cephcsi` | | `nodeplugin.plugin.image.repository` | Nodeplugin image repository URL | `quay.io/cephcsi/cephcsi` |
| `nodeplugin.plugin.image.tag` | Image tag | `canary` | | `nodeplugin.plugin.image.tag` | Image tag | `canary` |
| `nodeplugin.plugin.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `nodeplugin.plugin.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `nodeplugin.podSecurityContext` | Specifies pod-level security context. | `{}` |
| `nodeplugin.nodeSelector` | Kubernetes `nodeSelector` to add to the Daemonset | `{}` | | `nodeplugin.nodeSelector` | Kubernetes `nodeSelector` to add to the Daemonset | `{}` |
| `nodeplugin.tolerations` | List of Kubernetes `tolerations` to add to the Daemonset | `{}` | | `nodeplugin.tolerations` | List of Kubernetes `tolerations` to add to the Daemonset | `{}` |
| `nodeplugin.podSecurityPolicy.enabled` | If true, create & use [Pod Security Policy resources](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). | `false` | | `nodeplugin.podSecurityPolicy.enabled` | If true, create & use [Pod Security Policy resources](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). | `false` |
@ -154,6 +155,7 @@ charts and their default values.
| `provisioner.provisioner.image.tag` | Specifies image tag | `v4.0.1` | | `provisioner.provisioner.image.tag` | Specifies image tag | `v4.0.1` |
| `provisioner.provisioner.image.pullPolicy` | Specifies pull policy | `IfNotPresent` | | `provisioner.provisioner.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
| `provisioner.provisioner.image.extraArgs` | Specifies extra arguments for the provisioner sidecar | `[]` | | `provisioner.provisioner.image.extraArgs` | Specifies extra arguments for the provisioner sidecar | `[]` |
| `provisioner.podSecurityContext` | Specifies pod-level security context. | `{}` |
| `provisioner.snapshotter.args.enableVolumeGroupSnapshots` | enables the creation of volume group snapshots | `false` | | `provisioner.snapshotter.args.enableVolumeGroupSnapshots` | enables the creation of volume group snapshots | `false` |
| `provisioner.attacher.image.repository` | Specifies the csi-attacher image repository URL | `registry.k8s.io/sig-storage/csi-attacher` | | `provisioner.attacher.image.repository` | Specifies the csi-attacher image repository URL | `registry.k8s.io/sig-storage/csi-attacher` |
| `provisioner.attacher.image.tag` | Specifies image tag | `v4.5.` | | `provisioner.attacher.image.tag` | Specifies image tag | `v4.5.` |

View File

@ -28,6 +28,7 @@ spec:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
{{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }} {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec: spec:
securityContext: {{ toYaml .Values.nodeplugin.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }} serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true

View File

@ -57,6 +57,7 @@ spec:
{{ toYaml .Values.provisioner.affinity | indent 8 -}} {{ toYaml .Values.provisioner.affinity | indent 8 -}}
{{- end -}} {{- end -}}
{{- end }} {{- end }}
securityContext: {{ toYaml .Values.provisioner.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }} serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
hostNetwork: {{ .Values.provisioner.enableHostNetwork }} hostNetwork: {{ .Values.provisioner.enableHostNetwork }}
{{- if .Values.provisioner.priorityClassName }} {{- if .Values.provisioner.priorityClassName }}

View File

@ -156,6 +156,8 @@ nodeplugin:
affinity: {} affinity: {}
podSecurityContext: {}
provisioner: provisioner:
name: provisioner name: provisioner
replicaCount: 3 replicaCount: 3
@ -295,6 +297,8 @@ provisioner:
affinity: {} affinity: {}
podSecurityContext: {}
topology: topology:
# Specifies whether topology based provisioning support should # Specifies whether topology based provisioning support should
# be exposed by CSI # be exposed by CSI