mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 23:19:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
06c4477ff9
ceph-csi/charts/ceph-csi-cephfs/templates
History
Silvan Loser 06c4477ff9 helm: allowPrivilegeEscalation: true in containerSecurityContext 
When running the kubernetes cluster with one single privileged
PodSecurityPolicy which is allowing everything the nodeplugin
daemonset can fail to start. To be precise the problem is the
defaultAllowPrivilegeEscalation: false configuration in the PSP.
 Containers of the nodeplugin daemonset won't start when they
have privileged: true but no allowPrivilegeEscalation in their
container securityContext.

Kubernetes will not schedule if this mismatch exists cannot set
allowPrivilegeEscalation to false and privileged to true

Signed-off-by: Silvan Loser <silvan.loser@hotmail.ch>
Signed-off-by: Silvan Loser <33911078+losil@users.noreply.github.com>
2022-04-22 23:36:02 +00:00
..
_helpers.tpl refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
ceph-conf.yaml helm: make ceph.conf ConfigMap name configurable 2022-02-21 07:25:22 +00:00
csidriver-crd.yaml cleanup: fix beta apiVersion for csidriver 2021-07-22 09:12:44 +00:00
csiplugin-configmap.yaml Support externally managed configmap. 2020-04-15 07:21:20 +00:00
nodeplugin-clusterrole.yaml deploy: remove unnecessary aggregate clusterroles 2020-08-19 09:30:17 +00:00
nodeplugin-clusterrolebinding.yaml Update Helm charts to support topology 2020-04-14 14:14:29 +00:00
nodeplugin-daemonset.yaml helm: allowPrivilegeEscalation: true in containerSecurityContext 2022-04-22 23:36:02 +00:00
nodeplugin-http-service.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
nodeplugin-psp.yaml helm: Add selinuxMount flag to enable/disable /etc/selinux host mount 2022-02-16 12:48:00 +00:00
nodeplugin-role.yaml Added PodSecurityPolicy support 2020-01-22 08:19:42 +00:00
nodeplugin-rolebinding.yaml Added PodSecurityPolicy support 2020-01-22 08:19:42 +00:00
nodeplugin-serviceaccount.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
NOTES.txt deploy: use "devel" branch instead of "master" 2021-03-01 10:51:30 +05:30
provisioner-clusterrole.yaml helm: remove kube version semver check for CSI cephfs resizer component 2022-03-09 06:07:49 +00:00
provisioner-clusterrolebinding.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
provisioner-deployment.yaml helm: remove kube version semver check for CSI cephfs resizer component 2022-03-09 06:07:49 +00:00
provisioner-http-service.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
provisioner-psp.yaml helm: reduce the PSP permission for cephfs deployment 2021-09-22 07:12:34 +00:00
provisioner-role.yaml Remove unwanted RBAC rules from ceph-csi 2020-02-13 21:36:27 +00:00
provisioner-rolebinding.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
provisioner-serviceaccount.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
secret.yaml helm: Add secret template to ceph-csi-cephfs 2021-07-06 10:55:41 +00:00
storageclass.yaml helm: remove namespace from storageclass yaml 2022-02-11 12:32:58 +00:00