File tree Expand file tree Collapse file tree 5 files changed +66
-0
lines changed
blob-csi-driver/templates Expand file tree Collapse file tree 5 files changed +66
-0
lines changed Original file line number Diff line number Diff line change 8282 - mountPath : /csi
8383 name : socket-dir
8484 resources : {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
85+ securityContext :
86+ capabilities :
87+ drop :
88+ - ALL
8589 - name : liveness-probe
8690{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
8791 image : " {{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
@@ -101,6 +105,10 @@ spec:
101105 - name : socket-dir
102106 mountPath : /csi
103107 resources : {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
108+ securityContext :
109+ capabilities :
110+ drop :
111+ - ALL
104112 - name : blob
105113{{- if hasPrefix "/" .Values.image.blob.repository }}
106114 image : " {{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
@@ -182,6 +190,10 @@ spec:
182190 readOnly : true
183191 {{- end }}
184192 resources : {{- toYaml .Values.controller.resources.blob | nindent 12 }}
193+ securityContext :
194+ capabilities :
195+ drop :
196+ - ALL
185197 - name : csi-resizer
186198{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
187199 image : " {{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
@@ -202,6 +214,10 @@ spec:
202214 - name : socket-dir
203215 mountPath : /csi
204216 resources : {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
217+ securityContext :
218+ capabilities :
219+ drop :
220+ - ALL
205221 volumes :
206222 - name : socket-dir
207223 emptyDir : {}
Original file line number Diff line number Diff line change 7878 - " /blobfuse-proxy/init.sh"
7979 securityContext :
8080 privileged : true
81+ capabilities :
82+ drop :
83+ - ALL
8184 env :
8285 - name : DEBIAN_FRONTEND
8386 value : " noninteractive"
@@ -123,6 +126,10 @@ spec:
123126 - --health-port={{ .Values.node.livenessProbe.healthPort }}
124127 - --v=2
125128 resources : {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
129+ securityContext :
130+ capabilities :
131+ drop :
132+ - ALL
126133 - name : node-driver-registrar
127134{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
128135 image : " {{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@@ -152,6 +159,10 @@ spec:
152159 - name : registration-dir
153160 mountPath : /registration
154161 resources : {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
162+ securityContext :
163+ capabilities :
164+ drop :
165+ - ALL
155166 - name : blob
156167{{- if hasPrefix "/" .Values.image.blob.repository }}
157168 image : " {{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
@@ -218,6 +229,9 @@ spec:
218229 imagePullPolicy : {{ .Values.image.blob.pullPolicy }}
219230 securityContext :
220231 privileged : true
232+ capabilities :
233+ drop :
234+ - ALL
221235 volumeMounts :
222236 - mountPath : /csi
223237 name : socket-dir
@@ -261,6 +275,9 @@ spec:
261275 imagePullPolicy : {{ .Values.image.blob.pullPolicy }}
262276 securityContext :
263277 privileged : true
278+ capabilities :
279+ drop :
280+ - ALL
264281 resources : {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }}
265282 volumeMounts :
266283 - mountPath : /opt/microsoft/aznfs/data
Original file line number Diff line number Diff line change 5757 requests :
5858 cpu : 10m
5959 memory : 20Mi
60+ securityContext :
61+ capabilities :
62+ drop :
63+ - ALL
6064 - name : liveness-probe
6165 image : mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0
6266 args :
7276 requests :
7377 cpu : 10m
7478 memory : 20Mi
79+ securityContext :
80+ capabilities :
81+ drop :
82+ - ALL
7583 - name : blob
7684 image : mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1
7785 imagePullPolicy : IfNotPresent
@@ -113,6 +121,10 @@ spec:
113121 requests :
114122 cpu : 10m
115123 memory : 20Mi
124+ securityContext :
125+ capabilities :
126+ drop :
127+ - ALL
116128 - name : csi-resizer
117129 image : mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.10.1
118130 args :
@@ -133,6 +145,10 @@ spec:
133145 requests :
134146 cpu : 10m
135147 memory : 20Mi
148+ securityContext :
149+ capabilities :
150+ drop :
151+ - ALL
136152 volumes :
137153 - name : socket-dir
138154 emptyDir : {}
Original file line number Diff line number Diff line change 4646 - " /blobfuse-proxy/init.sh"
4747 securityContext :
4848 privileged : true
49+ capabilities :
50+ drop :
51+ - ALL
4952 env :
5053 - name : DEBIAN_FRONTEND
5154 value : " noninteractive"
8992 requests :
9093 cpu : 10m
9194 memory : 20Mi
95+ securityContext :
96+ capabilities :
97+ drop :
98+ - ALL
9299 - name : node-driver-registrar
93100 image : mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.10.1
94101 args :
@@ -119,6 +126,10 @@ spec:
119126 requests :
120127 cpu : 10m
121128 memory : 20Mi
129+ securityContext :
130+ capabilities :
131+ drop :
132+ - ALL
122133 - name : blob
123134 image : mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1
124135 imagePullPolicy : IfNotPresent
@@ -158,6 +169,9 @@ spec:
158169 fieldPath : spec.nodeName
159170 securityContext :
160171 privileged : true
172+ capabilities :
173+ drop :
174+ - ALL
161175 volumeMounts :
162176 - mountPath : /csi
163177 name : socket-dir
@@ -186,6 +200,9 @@ spec:
186200 imagePullPolicy : IfNotPresent
187201 securityContext :
188202 privileged : true
203+ capabilities :
204+ drop :
205+ - ALL
189206 resources :
190207 limits :
191208 memory : 100Mi
You can’t perform that action at this time.
0 commit comments