From 6f1066fd36d34a11b9a15b99f204af98f4c845c4 Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Fri, 17 Sep 2021 14:07:17 +0530
Subject: [PATCH] helm: reduce the PSP permission for rbd deployment

rbd deployment doesnot need extra permission like
privileged and extra volumes etc.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 charts/ceph-csi-rbd/templates/provisioner-psp.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/charts/ceph-csi-rbd/templates/provisioner-psp.yaml b/charts/ceph-csi-rbd/templates/provisioner-psp.yaml
index 594e81d81..111226e14 100644
--- a/charts/ceph-csi-rbd/templates/provisioner-psp.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-psp.yaml
@@ -10,12 +10,8 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-    - 'SYS_ADMIN'
   fsGroup:
     rule: RunAsAny
-  privileged: true
   runAsUser:
     rule: RunAsAny
   seLinux:
@@ -27,7 +23,6 @@ spec:
     - 'emptyDir'
     - 'projected'
     - 'secret'
-    - 'downwardAPI'
     - 'hostPath'
   allowedHostPaths:
     - pathPrefix: '/dev'