mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-10 08:20:23 +00:00
50d884bad3
removed unwanted extra arguments from the helm templates and added a single value kubeletDir to make the kubelet root-dir configurable. previously used variables like socketDir,registrationDir and pluginDir is removed now because if we have the kubelet path we can derive all other required path for cephcsi to work properly. fixes: #1475 Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
46 lines
1.1 KiB
YAML
46 lines
1.1 KiB
YAML
{{- if .Values.nodeplugin.podSecurityPolicy.enabled -}}
|
|
apiVersion: policy/v1beta1
|
|
kind: PodSecurityPolicy
|
|
metadata:
|
|
name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
|
|
labels:
|
|
app: {{ include "ceph-csi-cephfs.fullname" . }}
|
|
chart: {{ include "ceph-csi-cephfs.chart" . }}
|
|
component: {{ .Values.nodeplugin.name }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
spec:
|
|
allowPrivilegeEscalation: true
|
|
allowedCapabilities:
|
|
- 'SYS_ADMIN'
|
|
fsGroup:
|
|
rule: RunAsAny
|
|
privileged: true
|
|
hostNetwork: true
|
|
hostPID: true
|
|
runAsUser:
|
|
rule: RunAsAny
|
|
seLinux:
|
|
rule: RunAsAny
|
|
supplementalGroups:
|
|
rule: RunAsAny
|
|
volumes:
|
|
- 'configMap'
|
|
- 'emptyDir'
|
|
- 'projected'
|
|
- 'secret'
|
|
- 'downwardAPI'
|
|
- 'hostPath'
|
|
allowedHostPaths:
|
|
- pathPrefix: '/dev'
|
|
readOnly: false
|
|
- pathPrefix: '/run/mount'
|
|
readOnly: false
|
|
- pathPrefix: '/sys'
|
|
readOnly: false
|
|
- pathPrefix: '/lib/modules'
|
|
readOnly: true
|
|
- pathPrefix: '{{ .Values.kubeletDir }}'
|
|
readOnly: false
|
|
{{- end }}
|