update security context for CSI Node DS

boddumanohar · boddumanohar · commit df509eb54bed · 2025-07-24T16:06:39.000+05:30
diff --git a/charts/spdk-csi/latest/spdk-csi/templates/node.yaml b/charts/spdk-csi/latest/spdk-csi/templates/node.yaml
@@ -71,10 +71,15 @@ spec:
           mountPath: /registration
       - name: csi-node
         securityContext:
-          privileged: true
+          runAsUser: 0
+          runAsGroup: 0
+          allowPrivilegeEscalation: false
           capabilities:
+            drop: ["ALL"]
             add: ["SYS_ADMIN", "SYS_MODULE"]
-          allowPrivilegeEscalation: true
+          readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         image: "{{ .Values.image.csi.repository }}:{{ .Values.image.csi.tag }}"
         imagePullPolicy: {{ .Values.image.csi.pullPolicy }}
         args:
