mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-20 07:29:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
77f5435c4c
ceph-csi/charts/ceph-csi-rbd/templates
History
Silvan Loser 059969b10b helm: allowPrivilegeEscalation: true in containerSecurityContext 
When running the kubernetes cluster with one single privileged
PodSecurityPolicy which is allowing everything the nodeplugin
daemonset can fail to start. To be precise the problem is the
defaultAllowPrivilegeEscalation: false configuration in the PSP.
 Containers of the nodeplugin daemonset won't start when they
have privileged: true but no allowPrivilegeEscalation in their
container securityContext.

Kubernetes will not schedule if this mismatch exists cannot set
allowPrivilegeEscalation to false and privileged to true

Signed-off-by: Silvan Loser <silvan.loser@hotmail.ch>
Signed-off-by: Silvan Loser <33911078+losil@users.noreply.github.com>
(cherry picked from commit 06c4477ff9)
2022-04-26 10:02:04 +00:00
..
_helpers.tpl refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
ceph-conf.yaml helm: make ceph.conf ConfigMap name configurable 2022-02-21 07:25:22 +00:00
csidriver-crd.yaml helm: correct the groupVersion of CSIDriver in the chart 2021-08-16 15:21:27 +00:00
csiplugin-configmap.yaml helm: csiplugin-configmap generates invalid configuation 2021-11-25 06:31:38 +00:00
encryptionkms-configmap.yaml Adds per volume encryption with Vault integration 2020-02-05 05:18:56 +00:00
nodeplugin-clusterrole.yaml deploy: add few more cluster-roles for rbd nodeplugin 2021-07-16 16:30:58 +00:00
nodeplugin-clusterrolebinding.yaml helm: Fix missing ClusterRoleBinding for nodeplugin ServiceAccount 2021-12-22 11:06:11 +00:00
nodeplugin-daemonset.yaml helm: allowPrivilegeEscalation: true in containerSecurityContext 2022-04-26 10:02:04 +00:00
nodeplugin-http-service.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
nodeplugin-psp.yaml helm: Add selinuxMount flag to enable/disable /etc/selinux host mount 2022-02-16 12:48:00 +00:00
nodeplugin-role.yaml Added PodSecurityPolicy support 2020-01-22 08:19:42 +00:00
nodeplugin-rolebinding.yaml Added PodSecurityPolicy support 2020-01-22 08:19:42 +00:00
nodeplugin-serviceaccount.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
NOTES.txt deploy: use "devel" branch instead of "master" 2021-03-01 10:51:30 +05:30
provisioner-clusterrole.yaml deploy: update csi-snapshotter sidecar to v5.0.1 2022-02-03 19:01:57 +00:00
provisioner-clusterrolebinding.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
provisioner-deployment.yaml rbd: modify oidc token file path according to FHS 3.0 2022-03-23 13:29:35 +00:00
provisioner-http-service.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
provisioner-psp.yaml helm: reduce the PSP permission for rbd deployment 2021-09-22 07:12:34 +00:00
provisioner-role.yaml deploy: update deployment template for new controller 2020-11-28 18:50:00 +00:00
provisioner-rolebinding.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
provisioner-serviceaccount.yaml refactor: Merge 1.13 and 1.14 Helm charts and improve charts 2019-09-27 05:49:18 +00:00
secret.yaml helm: Add csi secret template to ceph-csi-rbd 2021-07-06 10:55:41 +00:00
storageclass.yaml helm: remove namespace from storageclass yaml 2022-02-11 12:32:58 +00:00