File tree Expand file tree Collapse file tree 5 files changed +63
-0
lines changed
blob-csi-driver/templates Expand file tree Collapse file tree 5 files changed +63
-0
lines changed Original file line number Diff line number Diff line change 8181 - mountPath : /csi
8282 name : socket-dir
8383 resources : {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
84+ securityContext :
85+ capabilities :
86+ drop :
87+ - ALL
8488 - name : liveness-probe
8589{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
8690 image : " {{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
@@ -96,6 +100,10 @@ spec:
96100 - name : socket-dir
97101 mountPath : /csi
98102 resources : {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
103+ securityContext :
104+ capabilities :
105+ drop :
106+ - ALL
99107 - name : blob
100108{{- if hasPrefix "/" .Values.image.blob.repository }}
101109 image : " {{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
@@ -170,6 +178,10 @@ spec:
170178 readOnly : true
171179 {{- end }}
172180 resources : {{- toYaml .Values.controller.resources.blob | nindent 12 }}
181+ securityContext :
182+ capabilities :
183+ drop :
184+ - ALL
173185 - name : csi-resizer
174186{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
175187 image : " {{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
@@ -190,6 +202,10 @@ spec:
190202 - name : socket-dir
191203 mountPath : /csi
192204 resources : {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
205+ securityContext :
206+ capabilities :
207+ drop :
208+ - ALL
193209 volumes :
194210 - name : socket-dir
195211 emptyDir : {}
Original file line number Diff line number Diff line change 7979 - " /blobfuse-proxy/init.sh"
8080 securityContext :
8181 privileged : true
82+ capabilities :
83+ drop :
84+ - ALL
8285 env :
8386 - name : DEBIAN_FRONTEND
8487 value : " noninteractive"
@@ -119,6 +122,10 @@ spec:
119122 - --health-port={{ .Values.node.livenessProbe.healthPort }}
120123 - --v=2
121124 resources : {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
125+ securityContext :
126+ capabilities :
127+ drop :
128+ - ALL
122129 - name : node-driver-registrar
123130{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
124131 image : " {{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@@ -148,6 +155,10 @@ spec:
148155 - name : registration-dir
149156 mountPath : /registration
150157 resources : {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
158+ securityContext :
159+ capabilities :
160+ drop :
161+ - ALL
151162 - name : blob
152163{{- if hasPrefix "/" .Values.image.blob.repository }}
153164 image : " {{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
@@ -216,6 +227,9 @@ spec:
216227 imagePullPolicy : {{ .Values.image.blob.pullPolicy }}
217228 securityContext :
218229 privileged : true
230+ capabilities :
231+ drop :
232+ - ALL
219233 volumeMounts :
220234 - mountPath : /csi
221235 name : socket-dir
@@ -259,6 +273,9 @@ spec:
259273 imagePullPolicy : {{ .Values.image.blob.pullPolicy }}
260274 securityContext :
261275 privileged : true
276+ capabilities :
277+ drop :
278+ - ALL
262279 resources : {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }}
263280 volumeMounts :
264281 - mountPath : /opt/microsoft/aznfs/data
Original file line number Diff line number Diff line change 5656 requests :
5757 cpu : 10m
5858 memory : 20Mi
59+ securityContext :
60+ capabilities :
61+ drop :
62+ - ALL
5963 - name : liveness-probe
6064 image : mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0
6165 args :
7175 requests :
7276 cpu : 10m
7377 memory : 20Mi
78+ securityContext :
79+ capabilities :
80+ drop :
81+ - ALL
7482 - name : blob
7583 image : mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.6
7684 imagePullPolicy : IfNotPresent
@@ -114,6 +122,10 @@ spec:
114122 requests :
115123 cpu : 10m
116124 memory : 20Mi
125+ securityContext :
126+ capabilities :
127+ drop :
128+ - ALL
117129 - name : csi-resizer
118130 image : mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0
119131 args :
@@ -134,6 +146,10 @@ spec:
134146 requests :
135147 cpu : 10m
136148 memory : 20Mi
149+ securityContext :
150+ capabilities :
151+ drop :
152+ - ALL
137153 volumes :
138154 - name : socket-dir
139155 emptyDir : {}
Original file line number Diff line number Diff line change 4646 - " /blobfuse-proxy/init.sh"
4747 securityContext :
4848 privileged : true
49+ capabilities :
50+ drop :
51+ - ALL
4952 env :
5053 - name : DEBIAN_FRONTEND
5154 value : " noninteractive"
8790 requests :
8891 cpu : 10m
8992 memory : 20Mi
93+ securityContext :
94+ capabilities :
95+ drop :
96+ - ALL
9097 - name : node-driver-registrar
9198 image : mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
9299 args :
@@ -117,6 +124,10 @@ spec:
117124 requests :
118125 cpu : 10m
119126 memory : 20Mi
127+ securityContext :
128+ capabilities :
129+ drop :
130+ - ALL
120131 - name : blob
121132 image : mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.6
122133 imagePullPolicy : IfNotPresent
@@ -157,6 +168,9 @@ spec:
157168 fieldPath : spec.nodeName
158169 securityContext :
159170 privileged : true
171+ capabilities :
172+ drop :
173+ - ALL
160174 volumeMounts :
161175 - mountPath : /csi
162176 name : socket-dir
You can’t perform that action at this time.
0 commit comments