diff --git a/charts/latest/csi-driver-smb-v0.0.0.tgz b/charts/latest/csi-driver-smb-v0.0.0.tgz index 92fcb3ff302..6a0a322c1d5 100644 Binary files a/charts/latest/csi-driver-smb-v0.0.0.tgz and b/charts/latest/csi-driver-smb-v0.0.0.tgz differ diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml index 5f86404efa5..3d2eda96d3e 100755 --- a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml +++ b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml @@ -74,6 +74,9 @@ spec: resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -92,6 +95,9 @@ spec: resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -124,6 +130,9 @@ spec: securityContext: privileged: true readOnlyRootFilesystem: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz b/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz index 70bdc9bdd0f..99523feee91 100644 Binary files a/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz and b/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz differ diff --git a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-controller.yaml index 74ee1df145b..6450b672983 100644 --- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-controller.yaml +++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-controller.yaml @@ -74,6 +74,9 @@ spec: resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -92,6 +95,9 @@ spec: resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -126,6 +132,9 @@ spec: securityContext: privileged: true readOnlyRootFilesystem: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz b/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz index eae8751c5d8..a837b42547a 100644 Binary files a/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz and b/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz differ diff --git a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-controller.yaml index 5f86404efa5..3d2eda96d3e 100644 --- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-controller.yaml +++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-controller.yaml @@ -74,6 +74,9 @@ spec: resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -92,6 +95,9 @@ spec: resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -124,6 +130,9 @@ spec: securityContext: privileged: true readOnlyRootFilesystem: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/csi-smb-controller.yaml b/deploy/csi-smb-controller.yaml index a7951c44e1a..2457ac5d708 100644 --- a/deploy/csi-smb-controller.yaml +++ b/deploy/csi-smb-controller.yaml @@ -55,6 +55,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: registry.k8s.io/sig-storage/livenessprobe:v2.12.0 args: @@ -72,6 +76,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: gcr.io/k8s-staging-sig-storage/smbplugin:canary imagePullPolicy: IfNotPresent @@ -97,6 +105,9 @@ spec: value: unix:///csi/csi.sock securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/v1.13.0/csi-smb-controller.yaml b/deploy/v1.13.0/csi-smb-controller.yaml index 94b6f34794f..b475448d10c 100644 --- a/deploy/v1.13.0/csi-smb-controller.yaml +++ b/deploy/v1.13.0/csi-smb-controller.yaml @@ -55,6 +55,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 args: @@ -72,6 +76,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: registry.k8s.io/sig-storage/smbplugin:v1.13.0 imagePullPolicy: IfNotPresent @@ -99,6 +107,9 @@ spec: value: unix:///csi/csi.sock securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/v1.14.0/csi-smb-controller.yaml b/deploy/v1.14.0/csi-smb-controller.yaml index 16b223a5561..a6b5d0e8f79 100644 --- a/deploy/v1.14.0/csi-smb-controller.yaml +++ b/deploy/v1.14.0/csi-smb-controller.yaml @@ -55,6 +55,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe image: registry.k8s.io/sig-storage/livenessprobe:v2.12.0 args: @@ -72,6 +76,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: registry.k8s.io/sig-storage/smbplugin:v1.14.0 imagePullPolicy: IfNotPresent @@ -97,6 +105,9 @@ spec: value: unix:///csi/csi.sock securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir