mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
06c4477ff9
When running the kubernetes cluster with one single privileged PodSecurityPolicy which is allowing everything the nodeplugin daemonset can fail to start. To be precise the problem is the defaultAllowPrivilegeEscalation: false configuration in the PSP. Containers of the nodeplugin daemonset won't start when they have privileged: true but no allowPrivilegeEscalation in their container securityContext. Kubernetes will not schedule if this mismatch exists cannot set allowPrivilegeEscalation to false and privileged to true Signed-off-by: Silvan Loser <silvan.loser@hotmail.ch> Signed-off-by: Silvan Loser <33911078+losil@users.noreply.github.com> |
||
---|---|---|
.. | ||
_helpers.tpl | ||
ceph-conf.yaml | ||
csidriver-crd.yaml | ||
csiplugin-configmap.yaml | ||
nodeplugin-clusterrole.yaml | ||
nodeplugin-clusterrolebinding.yaml | ||
nodeplugin-daemonset.yaml | ||
nodeplugin-http-service.yaml | ||
nodeplugin-psp.yaml | ||
nodeplugin-role.yaml | ||
nodeplugin-rolebinding.yaml | ||
nodeplugin-serviceaccount.yaml | ||
NOTES.txt | ||
provisioner-clusterrole.yaml | ||
provisioner-clusterrolebinding.yaml | ||
provisioner-deployment.yaml | ||
provisioner-http-service.yaml | ||
provisioner-psp.yaml | ||
provisioner-role.yaml | ||
provisioner-rolebinding.yaml | ||
provisioner-serviceaccount.yaml | ||
secret.yaml | ||
storageclass.yaml |