diff --git a/charts/latest/csi-driver-nfs-v0.0.0.tgz b/charts/latest/csi-driver-nfs-v0.0.0.tgz index ea01024f..e9dcd8dc 100644 Binary files a/charts/latest/csi-driver-nfs-v0.0.0.tgz and b/charts/latest/csi-driver-nfs-v0.0.0.tgz differ diff --git a/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml b/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml index 1f5b0c77..95403ccc 100644 --- a/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml +++ b/charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml @@ -40,6 +40,9 @@ spec: {{ toYaml . | indent 8 }} {{- end }} priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.controller.tolerations }} tolerations: {{ toYaml . | indent 8 }} diff --git a/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml b/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml index 7a50edb8..651b3f85 100644 --- a/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml +++ b/charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml @@ -25,6 +25,10 @@ spec: hostNetwork: true # original nfs connection would be broken without hostNetwork setting dnsPolicy: {{ .Values.controller.dnsPolicy }} serviceAccountName: csi-nfs-node-sa + priorityClassName: system-node-critical + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.node.affinity }} affinity: {{ toYaml . | indent 8 }} diff --git a/charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml b/charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml index 01ff7a60..512236c2 100644 --- a/charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml +++ b/charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml @@ -40,6 +40,10 @@ spec: app: {{ .Values.externalSnapshotter.name }} spec: serviceAccountName: {{ .Values.externalSnapshotter.name }} + priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault containers: - name: {{ .Values.externalSnapshotter.name }} image: {{ .Values.image.externalSnapshotter.repository }}:{{ .Values.image.externalSnapshotter.tag }} diff --git a/deploy/csi-nfs-controller.yaml b/deploy/csi-nfs-controller.yaml index 05fdfb46..0903b39a 100644 --- a/deploy/csi-nfs-controller.yaml +++ b/deploy/csi-nfs-controller.yaml @@ -20,6 +20,9 @@ spec: nodeSelector: kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" diff --git a/deploy/csi-nfs-node.yaml b/deploy/csi-nfs-node.yaml index b4754fd0..e8eb6f81 100644 --- a/deploy/csi-nfs-node.yaml +++ b/deploy/csi-nfs-node.yaml @@ -20,6 +20,10 @@ spec: hostNetwork: true # original nfs connection would be broken without hostNetwork setting dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst serviceAccountName: csi-nfs-node-sa + priorityClassName: system-node-critical + securityContext: + seccompProfile: + type: RuntimeDefault nodeSelector: kubernetes.io/os: linux tolerations: diff --git a/deploy/csi-snapshot-controller.yaml b/deploy/csi-snapshot-controller.yaml index cd5b8683..773bea6c 100644 --- a/deploy/csi-snapshot-controller.yaml +++ b/deploy/csi-snapshot-controller.yaml @@ -31,6 +31,10 @@ spec: app: snapshot-controller spec: serviceAccountName: snapshot-controller + priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault containers: - name: snapshot-controller image: registry.k8s.io/sig-storage/snapshot-controller:v6.1.0