fix shield guard on CSI node
This commit is contained in:
umagnus
parent
198bf7abbc
commit
75586fb172
Binary file not shown.
@ -61,6 +61,9 @@ spec:
|
||||
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: node-driver-registrar
|
||||
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
|
||||
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
|
||||
@ -93,11 +96,17 @@ spec:
|
||||
- name: registration-dir
|
||||
mountPath: /registration
|
||||
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: nfs
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add: ["SYS_ADMIN"]
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: true
|
||||
readOnlyRootFilesystem: true
|
||||
{{- if hasPrefix "/" .Values.image.nfs.repository }}
|
||||
|
||||
Binary file not shown.
@ -61,6 +61,9 @@ spec:
|
||||
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: node-driver-registrar
|
||||
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
|
||||
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
|
||||
@ -93,11 +96,17 @@ spec:
|
||||
- name: registration-dir
|
||||
mountPath: /registration
|
||||
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: nfs
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add: ["SYS_ADMIN"]
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: true
|
||||
readOnlyRootFilesystem: true
|
||||
{{- if hasPrefix "/" .Values.image.nfs.repository }}
|
||||
|
||||
Binary file not shown.
@ -61,6 +61,9 @@ spec:
|
||||
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: node-driver-registrar
|
||||
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
|
||||
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
|
||||
@ -93,11 +96,17 @@ spec:
|
||||
- name: registration-dir
|
||||
mountPath: /registration
|
||||
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: nfs
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add: ["SYS_ADMIN"]
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: true
|
||||
readOnlyRootFilesystem: true
|
||||
{{- if hasPrefix "/" .Values.image.nfs.repository }}
|
||||
|
||||
@ -45,6 +45,10 @@ spec:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: node-driver-registrar
|
||||
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
||||
args:
|
||||
@ -77,11 +81,17 @@ spec:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: nfs
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add: ["SYS_ADMIN"]
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: true
|
||||
image: gcr.io/k8s-staging-sig-storage/nfsplugin:canary
|
||||
args:
|
||||
|
||||
@ -45,6 +45,10 @@ spec:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: node-driver-registrar
|
||||
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
||||
args:
|
||||
@ -77,11 +81,17 @@ spec:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: nfs
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add: ["SYS_ADMIN"]
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: true
|
||||
image: registry.k8s.io/sig-storage/nfsplugin:v4.6.0
|
||||
args:
|
||||
|
||||
@ -45,6 +45,10 @@ spec:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: node-driver-registrar
|
||||
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
||||
args:
|
||||
@ -77,11 +81,17 @@ spec:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
- name: nfs
|
||||
securityContext:
|
||||
privileged: true
|
||||
capabilities:
|
||||
add: ["SYS_ADMIN"]
|
||||
drop:
|
||||
- ALL
|
||||
allowPrivilegeEscalation: true
|
||||
image: registry.k8s.io/sig-storage/nfsplugin:v4.7.0
|
||||
args:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user