kubernetes-csi/csi-driver-nfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enable securityContext.seccompProfile, set system-cluster-critical

Browse Source
This commit is contained in:
andyzhangx 2023-04-08 13:09:42 +00:00
parent 3f5c5660c4
commit 847601bb28
7 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
charts/latest/csi-driver-nfs-v0.0.0.tgz
View File

Binary file not shown.

3
charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml
View File

@ -40,6 +40,9 @@ spec:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}
{{- end }} {{- end }}
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
{{- with .Values.controller.tolerations }} {{- with .Values.controller.tolerations }}
tolerations: tolerations:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}

4
charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml
View File

@ -25,6 +25,10 @@ spec:
hostNetwork: true # original nfs connection would be broken without hostNetwork setting hostNetwork: true # original nfs connection would be broken without hostNetwork setting
dnsPolicy: {{ .Values.controller.dnsPolicy }} dnsPolicy: {{ .Values.controller.dnsPolicy }}
serviceAccountName: csi-nfs-node-sa serviceAccountName: csi-nfs-node-sa
priorityClassName: system-node-critical
securityContext:
seccompProfile:
type: RuntimeDefault
{{- with .Values.node.affinity }} {{- with .Values.node.affinity }}
affinity: affinity:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}

4
charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml
View File

@ -40,6 +40,10 @@ spec:
app: {{ .Values.externalSnapshotter.name }} app: {{ .Values.externalSnapshotter.name }}
spec: spec:
serviceAccountName: {{ .Values.externalSnapshotter.name }} serviceAccountName: {{ .Values.externalSnapshotter.name }}
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: {{ .Values.externalSnapshotter.name }} - name: {{ .Values.externalSnapshotter.name }}
image: {{ .Values.image.externalSnapshotter.repository }}:{{ .Values.image.externalSnapshotter.tag }} image: {{ .Values.image.externalSnapshotter.repository }}:{{ .Values.image.externalSnapshotter.tag }}

3
deploy/csi-nfs-controller.yaml
View File

@ -20,6 +20,9 @@ spec:
nodeSelector: nodeSelector:
kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
tolerations: tolerations:
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Exists" operator: "Exists"

4
deploy/csi-nfs-node.yaml
View File

@ -20,6 +20,10 @@ spec:
hostNetwork: true # original nfs connection would be broken without hostNetwork setting hostNetwork: true # original nfs connection would be broken without hostNetwork setting
dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst
serviceAccountName: csi-nfs-node-sa serviceAccountName: csi-nfs-node-sa
priorityClassName: system-node-critical
securityContext:
seccompProfile:
type: RuntimeDefault
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
tolerations: tolerations:

4
deploy/csi-snapshot-controller.yaml
View File

@ -31,6 +31,10 @@ spec:
app: snapshot-controller app: snapshot-controller
spec: spec:
serviceAccountName: snapshot-controller serviceAccountName: snapshot-controller
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: snapshot-controller - name: snapshot-controller
image: registry.k8s.io/sig-storage/snapshot-controller:v6.1.0 image: registry.k8s.io/sig-storage/snapshot-controller:v6.1.0