Skip to content

Commit

Permalink
Fix shield guard issues for KSM
Browse files Browse the repository at this point in the history
  • Loading branch information
@umagnus
umagnus committed Jun 17, 2024
1 parent 3ace0a6 commit eefed91
Show file tree
Hide file tree
Showing 15 changed files with 144 additions and 0 deletions.
Binary file modified charts/latest/azurefile-csi-driver-v0.0.0.tgz
View file
Binary file not shown.
20 changes: 20 additions & 0 deletions charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,10 @@ spec:
- mountPath: /csi
name: socket-dir
resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: csi-snapshotter
{{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}"
Expand All @@ -106,6 +110,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: csi-resizer
{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
Expand All @@ -128,6 +136,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: liveness-probe
{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
Expand All @@ -148,6 +160,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: azurefile
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
Expand Down Expand Up @@ -223,6 +239,10 @@ spec:
readOnly: true
{{- end }}
resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
volumes:
- name: socket-dir
emptyDir: {}
Expand Down
4 changes: 4 additions & 0 deletions charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,4 +71,8 @@ spec:
- "--leader-election-namespace={{ .Release.Namespace }}"
resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }}
imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }}
securityContext:
capabilities:
drop:
- ALL
{{- end -}}
Binary file modified charts/v1.29.5/azurefile-csi-driver-v1.29.5.tgz
View file
Binary file not shown.
20 changes: 20 additions & 0 deletions charts/v1.29.5/azurefile-csi-driver/templates/csi-azurefile-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,10 @@ spec:
- mountPath: /csi
name: socket-dir
resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: csi-snapshotter
{{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}"
Expand All @@ -104,6 +108,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: csi-resizer
{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
Expand All @@ -126,6 +134,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: liveness-probe
{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
Expand All @@ -146,6 +158,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: azurefile
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
Expand Down Expand Up @@ -219,6 +235,10 @@ spec:
readOnly: true
{{- end }}
resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
volumes:
- name: socket-dir
emptyDir: {}
Expand Down
4 changes: 4 additions & 0 deletions charts/v1.29.5/azurefile-csi-driver/templates/csi-snapshot-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,4 +71,8 @@ spec:
- "--leader-election-namespace={{ .Release.Namespace }}"
resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }}
imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }}
securityContext:
capabilities:
drop:
- ALL
{{- end -}}
Binary file modified charts/v1.30.2/azurefile-csi-driver-v1.30.2.tgz
View file
Binary file not shown.
20 changes: 20 additions & 0 deletions charts/v1.30.2/azurefile-csi-driver/templates/csi-azurefile-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,10 @@ spec:
- mountPath: /csi
name: socket-dir
resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: csi-snapshotter
{{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}"
Expand All @@ -106,6 +110,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: csi-resizer
{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
Expand All @@ -128,6 +136,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: liveness-probe
{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
Expand All @@ -148,6 +160,10 @@ spec:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: azurefile
{{- if hasPrefix "/" .Values.image.azurefile.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}"
Expand Down Expand Up @@ -223,6 +239,10 @@ spec:
readOnly: true
{{- end }}
resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
volumes:
- name: socket-dir
emptyDir: {}
Expand Down
4 changes: 4 additions & 0 deletions charts/v1.30.2/azurefile-csi-driver/templates/csi-snapshot-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,4 +71,8 @@ spec:
- "--leader-election-namespace={{ .Release.Namespace }}"
resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }}
imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }}
securityContext:
capabilities:
drop:
- ALL
{{- end -}}
20 changes: 20 additions & 0 deletions deploy/csi-azurefile-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: csi-snapshotter
image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v7.0.2
args:
Expand All @@ -73,6 +77,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: csi-resizer
image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.10.1
args:
Expand All @@ -95,6 +103,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: liveness-probe
image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0
args:
Expand All @@ -111,6 +123,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: azurefile
image: mcr.microsoft.com/k8s/csi/azurefile-csi:latest
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -154,6 +170,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
volumes:
- name: socket-dir
emptyDir: {}
Expand Down
4 changes: 4 additions & 0 deletions deploy/csi-snapshot-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,7 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
20 changes: 20 additions & 0 deletions deploy/v1.29.5/csi-azurefile-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: csi-snapshotter
image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v6.3.1
args:
Expand All @@ -73,6 +77,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: csi-resizer
image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0
args:
Expand All @@ -95,6 +103,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: liveness-probe
image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0
args:
Expand All @@ -111,6 +123,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: azurefile
image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -152,6 +168,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
volumes:
- name: socket-dir
emptyDir: {}
Expand Down
4 changes: 4 additions & 0 deletions deploy/v1.29.5/csi-snapshot-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,7 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
20 changes: 20 additions & 0 deletions deploy/v1.30.2/csi-azurefile-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: csi-snapshotter
image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v7.0.2
args:
Expand All @@ -73,6 +77,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: csi-resizer
image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.10.1
args:
Expand All @@ -95,6 +103,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: liveness-probe
image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0
args:
Expand All @@ -111,6 +123,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: azurefile
image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.30.2
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -154,6 +170,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
volumes:
- name: socket-dir
emptyDir: {}
Expand Down
4 changes: 4 additions & 0 deletions deploy/v1.30.2/csi-snapshot-controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,7 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL

0 comments on commit eefed91

Please sign in to comment.