Skip to content

Commit

Permalink
fix shield guard
Browse files Browse the repository at this point in the history
  • Loading branch information
@umagnus
umagnus committed Jun 18, 2024
1 parent 882c8b4 commit d8c2789
Show file tree
Hide file tree
Showing 9 changed files with 99 additions and 0 deletions.
Binary file modified charts/latest/blob-csi-driver-v0.0.0.tgz
View file
Binary file not shown.
17 changes: 17 additions & 0 deletions charts/latest/blob-csi-driver/templates/csi-blob-node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,9 @@ spec:
- "/blobfuse-proxy/init.sh"
securityContext:
privileged: true
capabilities:
drop:
- ALL
env:
- name: DEBIAN_FRONTEND
value: "noninteractive"
Expand Down Expand Up @@ -123,6 +126,10 @@ spec:
- --http-endpoint=localhost:{{ .Values.node.livenessProbe.healthPort }}
- --v=2
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: node-driver-registrar
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
Expand Down Expand Up @@ -152,6 +159,10 @@ spec:
- name: registration-dir
mountPath: /registration
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: blob
{{- if hasPrefix "/" .Values.image.blob.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
Expand Down Expand Up @@ -218,6 +229,9 @@ spec:
imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
securityContext:
privileged: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /csi
name: socket-dir
Expand Down Expand Up @@ -261,6 +275,9 @@ spec:
imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
securityContext:
privileged: true
capabilities:
drop:
- ALL
resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }}
volumeMounts:
- mountPath: /opt/microsoft/aznfs/data
Expand Down
Binary file modified charts/v1.22.6/blob-csi-driver-v1.22.6.tgz
View file
Binary file not shown.
17 changes: 17 additions & 0 deletions charts/v1.22.6/blob-csi-driver/templates/csi-blob-node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@ spec:
- "/blobfuse-proxy/init.sh"
securityContext:
privileged: true
capabilities:
drop:
- ALL
env:
- name: DEBIAN_FRONTEND
value: "noninteractive"
Expand Down Expand Up @@ -119,6 +122,10 @@ spec:
- --health-port={{ .Values.node.livenessProbe.healthPort }}
- --v=2
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: node-driver-registrar
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
Expand Down Expand Up @@ -148,6 +155,10 @@ spec:
- name: registration-dir
mountPath: /registration
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: blob
{{- if hasPrefix "/" .Values.image.blob.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
Expand Down Expand Up @@ -216,6 +227,9 @@ spec:
imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
securityContext:
privileged: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /csi
name: socket-dir
Expand Down Expand Up @@ -259,6 +273,9 @@ spec:
imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
securityContext:
privileged: true
capabilities:
drop:
- ALL
resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }}
volumeMounts:
- mountPath: /opt/microsoft/aznfs/data
Expand Down
Binary file modified charts/v1.24.1/blob-csi-driver-v1.24.1.tgz
View file
Binary file not shown.
17 changes: 17 additions & 0 deletions charts/v1.24.1/blob-csi-driver/templates/csi-blob-node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,9 @@ spec:
- "/blobfuse-proxy/init.sh"
securityContext:
privileged: true
capabilities:
drop:
- ALL
env:
- name: DEBIAN_FRONTEND
value: "noninteractive"
Expand Down Expand Up @@ -123,6 +126,10 @@ spec:
- --health-port={{ .Values.node.livenessProbe.healthPort }}
- --v=2
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: node-driver-registrar
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
Expand Down Expand Up @@ -152,6 +159,10 @@ spec:
- name: registration-dir
mountPath: /registration
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
securityContext:
capabilities:
drop:
- ALL
- name: blob
{{- if hasPrefix "/" .Values.image.blob.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
Expand Down Expand Up @@ -218,6 +229,9 @@ spec:
imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
securityContext:
privileged: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /csi
name: socket-dir
Expand Down Expand Up @@ -261,6 +275,9 @@ spec:
imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
securityContext:
privileged: true
capabilities:
drop:
- ALL
resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }}
volumeMounts:
- mountPath: /opt/microsoft/aznfs/data
Expand Down
17 changes: 17 additions & 0 deletions deploy/csi-blob-node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ spec:
- "/blobfuse-proxy/init.sh"
securityContext:
privileged: true
capabilities:
drop:
- ALL
env:
- name: DEBIAN_FRONTEND
value: "noninteractive"
Expand Down Expand Up @@ -89,6 +92,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: node-driver-registrar
image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.10.1
args:
Expand Down Expand Up @@ -119,6 +126,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: blob
image: mcr.microsoft.com/k8s/csi/blob-csi:latest
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -158,6 +169,9 @@ spec:
fieldPath: spec.nodeName
securityContext:
privileged: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /csi
name: socket-dir
Expand Down Expand Up @@ -186,6 +200,9 @@ spec:
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
capabilities:
drop:
- ALL
resources:
limits:
memory: 100Mi
Expand Down
14 changes: 14 additions & 0 deletions deploy/v1.22.6/csi-blob-node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ spec:
- "/blobfuse-proxy/init.sh"
securityContext:
privileged: true
capabilities:
drop:
- ALL
env:
- name: DEBIAN_FRONTEND
value: "noninteractive"
Expand Down Expand Up @@ -87,6 +90,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: node-driver-registrar
image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0
args:
Expand Down Expand Up @@ -117,6 +124,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: blob
image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.6
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -157,6 +168,9 @@ spec:
fieldPath: spec.nodeName
securityContext:
privileged: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /csi
name: socket-dir
Expand Down
17 changes: 17 additions & 0 deletions deploy/v1.24.1/csi-blob-node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ spec:
- "/blobfuse-proxy/init.sh"
securityContext:
privileged: true
capabilities:
drop:
- ALL
env:
- name: DEBIAN_FRONTEND
value: "noninteractive"
Expand Down Expand Up @@ -89,6 +92,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: node-driver-registrar
image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.10.1
args:
Expand Down Expand Up @@ -119,6 +126,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
capabilities:
drop:
- ALL
- name: blob
image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -158,6 +169,9 @@ spec:
fieldPath: spec.nodeName
securityContext:
privileged: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /csi
name: socket-dir
Expand Down Expand Up @@ -186,6 +200,9 @@ spec:
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
capabilities:
drop:
- ALL
resources:
limits:
memory: 100Mi
Expand Down

0 comments on commit d8c2789

Please sign in to comment.