deploy: reduce the PSP permission for rbd deployment

rbd deployment doesnot need extra permission like privileged,Capabilities and remove unwanted volumes. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-09-19 15:09:56 +00:00 · 2021-09-17 13:57:01 +05:30 · 2021-09-17 13:57:01 +05:30 · 9e88fd1eb7
commit 9e88fd1eb7
parent e5569f0547
1 changed files with 0 additions and 5 deletions
--- a/deploy/rbd/kubernetes/csi-provisioner-psp.yaml
+++ b/deploy/rbd/kubernetes/csi-provisioner-psp.yaml
@ -4,12 +4,8 @@ kind: PodSecurityPolicy
 metadata:
  name: rbd-csi-provisioner-psp
 spec:
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-    - 'SYS_ADMIN'
  fsGroup:
    rule: RunAsAny
-  privileged: true
  runAsUser:
    rule: RunAsAny
  seLinux:
@ -21,7 +17,6 @@ spec:
    - 'emptyDir'
    - 'projected'
    - 'secret'
-    - 'downwardAPI'
    - 'hostPath'
  allowedHostPaths:
    - pathPrefix: '/dev'