mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 15:09:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
a2059d5cb2
ceph-csi/deploy/rbd/kubernetes
History
Silvan Loser f2e0fa28fb deploy: allowPrivilegeEscalation: true in containerSecurityContext 
When running the kubernetes cluster with one single privileged
PodSecurityPolicy which is allowing everything the nodeplugin
daemonset can fail to start. To be precise the problem is the
defaultAllowPrivilegeEscalation: false configuration in the PSP.
 Containers of the nodeplugin daemonset won't start when they
have privileged: true but no allowPrivilegeEscalation in their
container securityContext.

Kubernetes will not schedule if this mismatch exists cannot set
allowPrivilegeEscalation to false and privileged to true:

Signed-off-by: Silvan Loser <silvan.loser@hotmail.ch>
Signed-off-by: Silvan Loser <33911078+losil@users.noreply.github.com>
2022-04-22 23:36:02 +00:00
..
csi-config-map.yaml build: remove unneeded empty YAML document from deployment artifacts 2021-10-15 16:08:59 +00:00
csi-nodeplugin-psp.yaml deploy: remove extra volumes from rbd plugin PSP 2021-09-22 07:12:34 +00:00
csi-nodeplugin-rbac.yaml deploy: rbd kubernetes manifests 2021-07-31 03:09:14 +00:00
csi-provisioner-psp.yaml deploy: reduce the PSP permission for rbd deployment 2021-09-22 07:12:34 +00:00
csi-provisioner-rbac.yaml deploy: update csi-snapshotter sidecar to v5.0.1 2022-02-03 19:01:57 +00:00
csi-rbdplugin-provisioner.yaml rbd: change the image registry for sidecars 2022-04-20 10:05:13 +00:00
csi-rbdplugin.yaml deploy: allowPrivilegeEscalation: true in containerSecurityContext 2022-04-22 23:36:02 +00:00
csidriver.yaml build: remove unneeded empty YAML document from deployment artifacts 2021-10-15 16:08:59 +00:00