From ef0d2106bab0bcce9d7ad74b288f37d97459a231 Mon Sep 17 00:00:00 2001 From: maximus13th Date: Thu, 4 Jan 2024 19:02:05 +0200 Subject: [PATCH] cephfs: allow modify fsGroupPolicy for csidriver allow to change value of fsGroupPolicy parameter for CSI Driver spec Signed-off-by: maximus13th (cherry picked from commit 51decb097c25561f9f615e4795d972db9cc8f784) --- .../templates/csidriver-crd.yaml | 2 +- charts/ceph-csi-cephfs/values.yaml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml b/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml index 20fa59fdb..50b2e5fef 100644 --- a/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml +++ b/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml @@ -5,5 +5,5 @@ metadata: spec: attachRequired: false podInfoOnMount: false - fsGroupPolicy: File + fsGroupPolicy: {{ default "File" .Values.CSIDriver.fsGroupPolicy }} seLinuxMount: true diff --git a/charts/ceph-csi-cephfs/values.yaml b/charts/ceph-csi-cephfs/values.yaml index a64fe18a4..27d03d987 100644 --- a/charts/ceph-csi-cephfs/values.yaml +++ b/charts/ceph-csi-cephfs/values.yaml @@ -41,6 +41,23 @@ logLevel: 5 # sidecarLogLevel is the variable for Kubernetes sidecar container's log level sidecarLogLevel: 1 +# Set fsGroupPolicy for CSI Driver object spec +# https://kubernetes-csi.github.io/docs/support-fsgroup.html +# The following modes are supported: +# - None: Indicates that volumes will be mounted with no modifications, as the +# CSI volume driver does not support these operations. +# - File: Indicates that the CSI volume driver supports volume ownership and +# permission change via fsGroup, and Kubernetes may use fsGroup to change +# permissions and ownership of the volume to match user requested fsGroup in +# the pod's SecurityPolicy regardless of fstype or access mode. +# - ReadWriteOnceWithFSType: Indicates that volumes will be examined to +# determine if volume ownership and permissions should be modified to match +# the pod's security policy. +# Changes will only occur if the fsType is defined and the persistent volume's +# accessModes contains ReadWriteOnce. +CSIDriver: + fsGroupPolicy: "File" + nodeplugin: name: nodeplugin # if you are using ceph-fuse client set this value to OnDelete