kubernetes-csi/csi-driver-nfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add readOnlyRootFilesystem if possible

Browse Source 
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
This commit is contained in:
Jan Jansen 2023-03-06 11:22:34 +01:00
parent 7e59f2a38d
commit 2ba311b5ba
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml
View File

@ -61,6 +61,8 @@ spec:
- mountPath: /csi - mountPath: /csi
name: socket-dir name: socket-dir
resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
securityContext:
readOnlyRootFilesystem: true
- name: liveness-probe - name: liveness-probe
image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
args: args:
@ -73,6 +75,8 @@ spec:
- name: socket-dir - name: socket-dir
mountPath: /csi mountPath: /csi
resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
securityContext:
readOnlyRootFilesystem: true
- name: nfs - name: nfs
image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
securityContext: securityContext:
@ -80,6 +84,7 @@ spec:
capabilities: capabilities:
add: ["SYS_ADMIN"] add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
readOnlyRootFilesystem: true
imagePullPolicy: {{ .Values.image.nfs.pullPolicy }} imagePullPolicy: {{ .Values.image.nfs.pullPolicy }}
args: args:
- "--v={{ .Values.controller.logLevel }}" - "--v={{ .Values.controller.logLevel }}"

3
charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml
View File

@ -51,6 +51,8 @@ spec:
- name: socket-dir - name: socket-dir
mountPath: /csi mountPath: /csi
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
securityContext:
readOnlyRootFilesystem: true
- name: node-driver-registrar - name: node-driver-registrar
image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
livenessProbe: livenessProbe:
@ -85,6 +87,7 @@ spec:
capabilities: capabilities:
add: ["SYS_ADMIN"] add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
readOnlyRootFilesystem: true
image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
args : args :
- "--v={{ .Values.node.logLevel }}" - "--v={{ .Values.node.logLevel }}"