Commit ee74a34 1 parent 164f4d3 commit ee74a34 Copy full SHA for ee74a34
File tree 11 files changed +114
-0
lines changed
azurefile-csi-driver/templates
11 files changed +114
-0
lines changed Original file line number Diff line number Diff line change @@ -104,6 +104,10 @@ spec:
104
104
- name : socket-dir
105
105
mountPath : /csi
106
106
resources : {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }}
107
+ securityContext :
108
+ capabilities :
109
+ drop :
110
+ - ALL
107
111
- name : csi-resizer
108
112
{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
109
113
image : " {{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
@@ -126,6 +130,10 @@ spec:
126
130
- name : socket-dir
127
131
mountPath : /csi
128
132
resources : {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
133
+ securityContext :
134
+ capabilities :
135
+ drop :
136
+ - ALL
129
137
- name : liveness-probe
130
138
{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
131
139
image : " {{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
@@ -146,6 +154,10 @@ spec:
146
154
- name : socket-dir
147
155
mountPath : /csi
148
156
resources : {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
157
+ securityContext :
158
+ capabilities :
159
+ drop :
160
+ - ALL
149
161
- name : azurefile
150
162
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
151
163
image : " {{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
@@ -219,6 +231,10 @@ spec:
219
231
readOnly : true
220
232
{{- end }}
221
233
resources : {{- toYaml .Values.controller.resources.azurefile | nindent 12 }}
234
+ securityContext :
235
+ capabilities :
236
+ drop :
237
+ - ALL
222
238
volumes :
223
239
- name : socket-dir
224
240
emptyDir : {}
Original file line number Diff line number Diff line change 76
76
- " powershell.exe"
77
77
- " -c"
78
78
- " New-Item -ItemType Directory -Path C:\\ var\\ lib\\ kubelet\\ plugins\\ {{ .Values.driver.name }}\\ -Force"
79
+ securityContext :
80
+ capabilities :
81
+ drop :
82
+ - ALL
79
83
containers :
80
84
- name : node-driver-registrar
81
85
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
@@ -103,6 +107,10 @@ spec:
103
107
fieldPath : spec.nodeName
104
108
imagePullPolicy : {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
105
109
resources : {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
110
+ securityContext :
111
+ capabilities :
112
+ drop :
113
+ - ALL
106
114
- name : azurefile
107
115
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
108
116
image : " {{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}-windows-hp"
@@ -149,4 +157,8 @@ spec:
149
157
fieldPath : spec.nodeName
150
158
imagePullPolicy : {{ .Values.image.pullPolicy }}
151
159
resources : {{- toYaml .Values.windows.resources.azurefile | nindent 12 }}
160
+ securityContext :
161
+ capabilities :
162
+ drop :
163
+ - ALL
152
164
{{- end -}}
Original file line number Diff line number Diff line change 80
80
value : unix://C:\\csi\\csi.sock
81
81
imagePullPolicy : {{ .Values.image.livenessProbe.pullPolicy }}
82
82
resources : {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
83
+ securityContext :
84
+ capabilities :
85
+ drop :
86
+ - ALL
83
87
- name : node-driver-registrar
84
88
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
85
89
image : " {{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@@ -118,6 +122,10 @@ spec:
118
122
- name : registration-dir
119
123
mountPath : C:\registration
120
124
resources : {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
125
+ securityContext :
126
+ capabilities :
127
+ drop :
128
+ - ALL
121
129
- name : azurefile
122
130
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
123
131
image : " {{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
@@ -193,6 +201,10 @@ spec:
193
201
- name : csi-proxy-smb-pipe-v1beta1
194
202
mountPath : \\.\pipe\csi-proxy-smb-v1beta1
195
203
resources : {{- toYaml .Values.windows.resources.azurefile | nindent 12 }}
204
+ securityContext :
205
+ capabilities :
206
+ drop :
207
+ - ALL
196
208
volumes :
197
209
- name : csi-proxy-fs-pipe-v1
198
210
hostPath :
Original file line number Diff line number Diff line change 82
82
- --v=2
83
83
imagePullPolicy : {{ .Values.image.livenessProbe.pullPolicy }}
84
84
resources : {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
85
+ securityContext :
86
+ capabilities :
87
+ drop :
88
+ - ALL
85
89
- name : node-driver-registrar
86
90
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
87
91
image : " {{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@@ -114,6 +118,10 @@ spec:
114
118
- name : registration-dir
115
119
mountPath : /registration
116
120
resources : {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
121
+ securityContext :
122
+ capabilities :
123
+ drop :
124
+ - ALL
117
125
- name : azurefile
118
126
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
119
127
image : " {{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
@@ -172,6 +180,9 @@ spec:
172
180
imagePullPolicy : {{ .Values.image.azurefile.pullPolicy }}
173
181
securityContext :
174
182
privileged : true
183
+ capabilities :
184
+ drop :
185
+ - ALL
175
186
volumeMounts :
176
187
- mountPath : /csi
177
188
name : socket-dir
Original file line number Diff line number Diff line change 71
71
- " --leader-election-namespace={{ .Release.Namespace }}"
72
72
resources : {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }}
73
73
imagePullPolicy : {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }}
74
+ securityContext :
75
+ capabilities :
76
+ drop :
77
+ - ALL
74
78
{{- end -}}
Original file line number Diff line number Diff line change 54
54
requests :
55
55
cpu : 10m
56
56
memory : 20Mi
57
+ securityContext :
58
+ capabilities :
59
+ drop :
60
+ - ALL
57
61
- name : csi-snapshotter
58
62
image : mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v6.3.1
59
63
args :
73
77
requests :
74
78
cpu : 10m
75
79
memory : 20Mi
80
+ securityContext :
81
+ capabilities :
82
+ drop :
83
+ - ALL
76
84
- name : csi-resizer
77
85
image : mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0
78
86
args :
@@ -95,6 +103,10 @@ spec:
95
103
requests :
96
104
cpu : 10m
97
105
memory : 20Mi
106
+ securityContext :
107
+ capabilities :
108
+ drop :
109
+ - ALL
98
110
- name : liveness-probe
99
111
image : mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0
100
112
args :
@@ -111,6 +123,10 @@ spec:
111
123
requests :
112
124
cpu : 10m
113
125
memory : 20Mi
126
+ securityContext :
127
+ capabilities :
128
+ drop :
129
+ - ALL
114
130
- name : azurefile
115
131
image : mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
116
132
imagePullPolicy : IfNotPresent
@@ -152,6 +168,10 @@ spec:
152
168
requests :
153
169
cpu : 10m
154
170
memory : 20Mi
171
+ securityContext :
172
+ capabilities :
173
+ drop :
174
+ - ALL
155
175
volumes :
156
176
- name : socket-dir
157
177
emptyDir : {}
Original file line number Diff line number Diff line change 49
49
- " powershell.exe"
50
50
- " -c"
51
51
- " New-Item -ItemType Directory -Path C:\\ var\\ lib\\ kubelet\\ plugins\\ file.csi.azure.com\\ -Force"
52
+ securityContext :
53
+ capabilities :
54
+ drop :
55
+ - ALL
52
56
containers :
53
57
- name : node-driver-registrar
54
58
image : mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
77
81
requests :
78
82
cpu : 30m
79
83
memory : 40Mi
84
+ securityContext :
85
+ capabilities :
86
+ drop :
87
+ - ALL
80
88
- name : azurefile
81
89
image : mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5-windows-hp
82
90
imagePullPolicy : IfNotPresent
@@ -108,3 +116,7 @@ spec:
108
116
requests :
109
117
cpu : 10m
110
118
memory : 40Mi
119
+ securityContext :
120
+ capabilities :
121
+ drop :
122
+ - ALL
Original file line number Diff line number Diff line change 57
57
requests :
58
58
cpu : 10m
59
59
memory : 40Mi
60
+ securityContext :
61
+ capabilities :
62
+ drop :
63
+ - ALL
60
64
- name : node-driver-registrar
61
65
image : mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
62
66
args :
93
97
requests :
94
98
cpu : 30m
95
99
memory : 40Mi
100
+ securityContext :
101
+ capabilities :
102
+ drop :
103
+ - ALL
96
104
- name : azurefile
97
105
image : mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
98
106
imagePullPolicy : IfNotPresent
@@ -150,6 +158,10 @@ spec:
150
158
requests :
151
159
cpu : 10m
152
160
memory : 40Mi
161
+ securityContext :
162
+ capabilities :
163
+ drop :
164
+ - ALL
153
165
volumes :
154
166
- name : csi-proxy-fs-pipe-v1
155
167
hostPath :
Original file line number Diff line number Diff line change 54
54
requests :
55
55
cpu : 10m
56
56
memory : 20Mi
57
+ securityContext :
58
+ capabilities :
59
+ drop :
60
+ - ALL
57
61
- name : node-driver-registrar
58
62
image : mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
59
63
args :
84
88
requests :
85
89
cpu : 10m
86
90
memory : 20Mi
91
+ securityContext :
92
+ capabilities :
93
+ drop :
94
+ - ALL
87
95
- name : azurefile
88
96
image : mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
89
97
imagePullPolicy : IfNotPresent
@@ -117,6 +125,9 @@ spec:
117
125
fieldPath : spec.nodeName
118
126
securityContext :
119
127
privileged : true
128
+ capabilities :
129
+ drop :
130
+ - ALL
120
131
volumeMounts :
121
132
- mountPath : /csi
122
133
name : socket-dir
Original file line number Diff line number Diff line change 53
53
requests :
54
54
cpu : 10m
55
55
memory : 20Mi
56
+ securityContext :
57
+ capabilities :
58
+ drop :
59
+ - ALL
You can’t perform that action at this time.
0 commit comments