diff --git a/charts/latest/azurefile-csi-driver-v0.0.0.tgz b/charts/latest/azurefile-csi-driver-v0.0.0.tgz index b46a55aeff..ec8ff39c03 100644 Binary files a/charts/latest/azurefile-csi-driver-v0.0.0.tgz and b/charts/latest/azurefile-csi-driver-v0.0.0.tgz differ diff --git a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml index 43477641c0..3986749279 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-azurefile-controller.yaml @@ -88,6 +88,10 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter {{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}" @@ -106,6 +110,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer {{- if hasPrefix "/" .Values.image.csiResizer.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" @@ -128,6 +136,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -148,6 +160,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}" @@ -223,6 +239,10 @@ spec: readOnly: true {{- end }} resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml b/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml index 4f6d4d1376..4d83a4b7f3 100644 --- a/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml +++ b/charts/latest/azurefile-csi-driver/templates/csi-snapshot-controller.yaml @@ -71,4 +71,8 @@ spec: - "--leader-election-namespace={{ .Release.Namespace }}" resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }} imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }} + securityContext: + capabilities: + drop: + - ALL {{- end -}} diff --git a/charts/v1.29.5/azurefile-csi-driver-v1.29.5.tgz b/charts/v1.29.5/azurefile-csi-driver-v1.29.5.tgz index 763e428e21..781979c0c9 100644 Binary files a/charts/v1.29.5/azurefile-csi-driver-v1.29.5.tgz and b/charts/v1.29.5/azurefile-csi-driver-v1.29.5.tgz differ diff --git a/charts/v1.29.5/azurefile-csi-driver/templates/csi-azurefile-controller.yaml b/charts/v1.29.5/azurefile-csi-driver/templates/csi-azurefile-controller.yaml index 35f3a13bf1..cb3946e9db 100644 --- a/charts/v1.29.5/azurefile-csi-driver/templates/csi-azurefile-controller.yaml +++ b/charts/v1.29.5/azurefile-csi-driver/templates/csi-azurefile-controller.yaml @@ -86,6 +86,10 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter {{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}" @@ -104,6 +108,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer {{- if hasPrefix "/" .Values.image.csiResizer.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" @@ -126,6 +134,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -146,6 +158,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}" @@ -219,6 +235,10 @@ spec: readOnly: true {{- end }} resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/charts/v1.29.5/azurefile-csi-driver/templates/csi-snapshot-controller.yaml b/charts/v1.29.5/azurefile-csi-driver/templates/csi-snapshot-controller.yaml index d84398364d..d9e8e6f248 100644 --- a/charts/v1.29.5/azurefile-csi-driver/templates/csi-snapshot-controller.yaml +++ b/charts/v1.29.5/azurefile-csi-driver/templates/csi-snapshot-controller.yaml @@ -71,4 +71,8 @@ spec: - "--leader-election-namespace={{ .Release.Namespace }}" resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }} imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }} + securityContext: + capabilities: + drop: + - ALL {{- end -}} diff --git a/charts/v1.30.2/azurefile-csi-driver-v1.30.2.tgz b/charts/v1.30.2/azurefile-csi-driver-v1.30.2.tgz index a83522eb46..d459db0dbe 100644 Binary files a/charts/v1.30.2/azurefile-csi-driver-v1.30.2.tgz and b/charts/v1.30.2/azurefile-csi-driver-v1.30.2.tgz differ diff --git a/charts/v1.30.2/azurefile-csi-driver/templates/csi-azurefile-controller.yaml b/charts/v1.30.2/azurefile-csi-driver/templates/csi-azurefile-controller.yaml index 43477641c0..3986749279 100644 --- a/charts/v1.30.2/azurefile-csi-driver/templates/csi-azurefile-controller.yaml +++ b/charts/v1.30.2/azurefile-csi-driver/templates/csi-azurefile-controller.yaml @@ -88,6 +88,10 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter {{- if hasPrefix "/" .Values.snapshot.image.csiSnapshotter.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.snapshot.image.csiSnapshotter.repository }}:{{ .Values.snapshot.image.csiSnapshotter.tag }}" @@ -106,6 +110,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiSnapshotter | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer {{- if hasPrefix "/" .Values.image.csiResizer.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" @@ -128,6 +136,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -148,6 +160,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: azurefile {{- if hasPrefix "/" .Values.image.azurefile.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.azurefile.repository }}:{{ .Values.image.azurefile.tag }}" @@ -223,6 +239,10 @@ spec: readOnly: true {{- end }} resources: {{- toYaml .Values.controller.resources.azurefile | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/charts/v1.30.2/azurefile-csi-driver/templates/csi-snapshot-controller.yaml b/charts/v1.30.2/azurefile-csi-driver/templates/csi-snapshot-controller.yaml index 4f6d4d1376..4d83a4b7f3 100644 --- a/charts/v1.30.2/azurefile-csi-driver/templates/csi-snapshot-controller.yaml +++ b/charts/v1.30.2/azurefile-csi-driver/templates/csi-snapshot-controller.yaml @@ -71,4 +71,8 @@ spec: - "--leader-election-namespace={{ .Release.Namespace }}" resources: {{- toYaml .Values.snapshot.snapshotController.resources | nindent 12 }} imagePullPolicy: {{ .Values.snapshot.image.csiSnapshotController.pullPolicy }} + securityContext: + capabilities: + drop: + - ALL {{- end -}} diff --git a/deploy/csi-azurefile-controller.yaml b/deploy/csi-azurefile-controller.yaml index 328f1c2bc4..06a04bdebd 100644 --- a/deploy/csi-azurefile-controller.yaml +++ b/deploy/csi-azurefile-controller.yaml @@ -54,6 +54,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v7.0.2 args: @@ -73,6 +77,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.10.1 args: @@ -95,6 +103,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0 args: @@ -111,6 +123,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/k8s/csi/azurefile-csi:latest imagePullPolicy: IfNotPresent @@ -154,6 +170,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/deploy/csi-snapshot-controller.yaml b/deploy/csi-snapshot-controller.yaml index 19bf39cee7..d528458e05 100644 --- a/deploy/csi-snapshot-controller.yaml +++ b/deploy/csi-snapshot-controller.yaml @@ -53,3 +53,7 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL diff --git a/deploy/v1.29.5/csi-azurefile-controller.yaml b/deploy/v1.29.5/csi-azurefile-controller.yaml index ddb17f9179..0ec35504b3 100644 --- a/deploy/v1.29.5/csi-azurefile-controller.yaml +++ b/deploy/v1.29.5/csi-azurefile-controller.yaml @@ -54,6 +54,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v6.3.1 args: @@ -73,6 +77,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0 args: @@ -95,6 +103,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 args: @@ -111,6 +123,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.5 imagePullPolicy: IfNotPresent @@ -152,6 +168,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/deploy/v1.29.5/csi-snapshot-controller.yaml b/deploy/v1.29.5/csi-snapshot-controller.yaml index 39d916a5a7..023a25a127 100644 --- a/deploy/v1.29.5/csi-snapshot-controller.yaml +++ b/deploy/v1.29.5/csi-snapshot-controller.yaml @@ -53,3 +53,7 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL diff --git a/deploy/v1.30.2/csi-azurefile-controller.yaml b/deploy/v1.30.2/csi-azurefile-controller.yaml index 73394bf300..f655a2140e 100644 --- a/deploy/v1.30.2/csi-azurefile-controller.yaml +++ b/deploy/v1.30.2/csi-azurefile-controller.yaml @@ -54,6 +54,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-snapshotter image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v7.0.2 args: @@ -73,6 +77,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.10.1 args: @@ -95,6 +103,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0 args: @@ -111,6 +123,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: azurefile image: mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.30.2 imagePullPolicy: IfNotPresent @@ -154,6 +170,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {} diff --git a/deploy/v1.30.2/csi-snapshot-controller.yaml b/deploy/v1.30.2/csi-snapshot-controller.yaml index 19bf39cee7..d528458e05 100644 --- a/deploy/v1.30.2/csi-snapshot-controller.yaml +++ b/deploy/v1.30.2/csi-snapshot-controller.yaml @@ -53,3 +53,7 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL