mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-30 10:10:21 +00:00
b50d8596ea
When running the kubernetes cluster with one single privileged
PodSecurityPolicy which is allowing everything the nodeplugin
daemonset can fail to start. To be precise the problem is the
defaultAllowPrivilegeEscalation: false configuration in the PSP.
Containers of the nodeplugin daemonset won't start when they
have privileged: true but no allowPrivilegeEscalation in their
container securityContext.
Kubernetes will not schedule if this mismatch exists cannot set
allowPrivilegeEscalation to false and privileged to true:
Signed-off-by: Silvan Loser <silvan.loser@hotmail.ch>
Signed-off-by: Silvan Loser <33911078+losil@users.noreply.github.com>
(cherry picked from commit
|
||
---|---|---|
.. | ||
csi-config-map.yaml | ||
csi-nodeplugin-psp.yaml | ||
csi-nodeplugin-rbac.yaml | ||
csi-provisioner-psp.yaml | ||
csi-provisioner-rbac.yaml | ||
csi-rbdplugin-provisioner.yaml | ||
csi-rbdplugin.yaml | ||
csidriver.yaml |