Skip to content

Commit

Permalink
deploy: configurable podSecurityContexts in ceph-csi-cephfs
Browse files Browse the repository at this point in the history 
pod-level security contexts for nodeplugin daemonset and provisioner
deployment can be set via helm values.yaml

Signed-off-by: 1602077 <62025739+1602077@users.noreply.github.com>
  • Loading branch information
@1602077
1602077 committed Jun 5, 2024
1 parent 5809628 commit 20b0d8a
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions charts/ceph-csi-cephfs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ charts and their default values.
| `nodeplugin.plugin.image.repository` | Nodeplugin image repository URL | `quay.io/cephcsi/cephcsi` |
| `nodeplugin.plugin.image.tag` | Image tag | `canary` |
| `nodeplugin.plugin.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `nodeplugin.podSecurityContext` | Specifies pod-level security context. | `{}` |
| `nodeplugin.nodeSelector` | Kubernetes `nodeSelector` to add to the Daemonset | `{}` |
| `nodeplugin.tolerations` | List of Kubernetes `tolerations` to add to the Daemonset | `{}` |
| `nodeplugin.forcecephkernelclient` | Set to true to enable Ceph Kernel clients on kernel < 4.17 which support quotas | `true` |
Expand Down Expand Up @@ -163,6 +164,7 @@ charts and their default values.
| `provisioner.tolerations` | Specifies the tolerations for provisioner deployment | `{}` |
| `provisioner.affinity` | Specifies the affinity for provisioner deployment | `{}` |
| `provisioner.podSecurityPolicy.enabled` | Specifies whether podSecurityPolicy is enabled | `false` |
| `provisioner.podSecurityContext` | Specifies pod-level security context. | `{}` |
| `provisionerSocketFile` | The filename of the provisioner socket | `csi-provisioner.sock` |
| `pluginSocketFile` | The filename of the plugin socket | `csi.sock` |
| `readAffinity.enabled` | Enable read affinity for CephFS subvolumes. Recommended to set to true if running kernel 5.8 or newer. | `false` |
Expand Down
1 change: 1 addition & 0 deletions charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ spec:
heritage: {{ .Release.Service }}
{{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
spec:
securityContext: {{ toYaml .Values.nodeplugin.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }}
{{- if .Values.nodeplugin.priorityClassName }}
priorityClassName: {{ .Values.nodeplugin.priorityClassName }}
Expand Down
1 change: 1 addition & 0 deletions charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ spec:
{{ toYaml .Values.provisioner.affinity | indent 8 -}}
{{- end -}}
{{- end }}
securityContext: {{ toYaml .Values.provisioner.podSecurityContext | nindent 8 }}
serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }}
hostNetwork: {{ .Values.provisioner.enableHostNetwork }}
{{- if .Values.provisioner.priorityClassName }}
Expand Down
4 changes: 4 additions & 0 deletions charts/ceph-csi-cephfs/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,8 @@ nodeplugin:

affinity: {}

podSecurityContext: {}

# Set to true to enable Ceph Kernel clients
# on kernel < 4.17 which support quotas
# forcecephkernelclient: true
Expand Down Expand Up @@ -244,6 +246,8 @@ provisioner:

affinity: {}

podSecurityContext: {}

# readAffinity:
# Enable read affinity for CephFS subvolumes. Recommended to
# set to true if running kernel 5.8 or newer.
Expand Down

0 comments on commit 20b0d8a

Please sign in to comment.