diff --git a/charts/latest/csi-driver-smb-v0.0.0.tgz b/charts/latest/csi-driver-smb-v0.0.0.tgz index 6a0a322c1d5..7421639b0d8 100644 Binary files a/charts/latest/csi-driver-smb-v0.0.0.tgz and b/charts/latest/csi-driver-smb-v0.0.0.tgz differ diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml index b033b151c97..0a4e93b0675 100755 --- a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml +++ b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml @@ -57,6 +57,10 @@ spec: value: unix://C:\\csi\\csi.sock imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -91,6 +95,10 @@ spec: - name: registration-dir mountPath: C:\registration resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -141,6 +149,10 @@ spec: - name: csi-proxy-smb-pipe-v1beta1 mountPath: \\.\pipe\csi-proxy-smb-v1beta1 resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml index 6865e227ada..086079f6104 100755 --- a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml +++ b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml @@ -65,6 +65,9 @@ spec: resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -95,6 +98,10 @@ spec: - name: registration-dir mountPath: /registration resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -129,6 +136,9 @@ spec: securityContext: readOnlyRootFilesystem: true privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz b/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz index 99523feee91..228af00ba3d 100644 Binary files a/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz and b/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz differ diff --git a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node-windows.yaml b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node-windows.yaml index b033b151c97..0a4e93b0675 100644 --- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node-windows.yaml +++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node-windows.yaml @@ -57,6 +57,10 @@ spec: value: unix://C:\\csi\\csi.sock imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -91,6 +95,10 @@ spec: - name: registration-dir mountPath: C:\registration resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -141,6 +149,10 @@ spec: - name: csi-proxy-smb-pipe-v1beta1 mountPath: \\.\pipe\csi-proxy-smb-v1beta1 resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node.yaml b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node.yaml index 13e8ef72797..03b61dbae44 100644 --- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node.yaml +++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node.yaml @@ -65,6 +65,9 @@ spec: resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -95,6 +98,10 @@ spec: - name: registration-dir mountPath: /registration resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -131,6 +138,9 @@ spec: securityContext: readOnlyRootFilesystem: true privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz b/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz index a837b42547a..46d3fd30910 100644 Binary files a/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz and b/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz differ diff --git a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node-windows.yaml b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node-windows.yaml index b033b151c97..0a4e93b0675 100644 --- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node-windows.yaml +++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node-windows.yaml @@ -57,6 +57,10 @@ spec: value: unix://C:\\csi\\csi.sock imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -91,6 +95,10 @@ spec: - name: registration-dir mountPath: C:\registration resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -141,6 +149,10 @@ spec: - name: csi-proxy-smb-pipe-v1beta1 mountPath: \\.\pipe\csi-proxy-smb-v1beta1 resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node.yaml b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node.yaml index 6865e227ada..086079f6104 100644 --- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node.yaml +++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node.yaml @@ -65,6 +65,9 @@ spec: resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }} securityContext: readOnlyRootFilesystem: true + capabilities: + drop: + - ALL - name: node-driver-registrar {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" @@ -95,6 +98,10 @@ spec: - name: registration-dir mountPath: /registration resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: smb {{- if hasPrefix "/" .Values.image.smb.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}" @@ -129,6 +136,9 @@ spec: securityContext: readOnlyRootFilesystem: true privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/csi-smb-node-windows.yaml b/deploy/csi-smb-node-windows.yaml index 491e9a852cd..d624b1ff819 100644 --- a/deploy/csi-smb-node-windows.yaml +++ b/deploy/csi-smb-node-windows.yaml @@ -48,6 +48,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 args: @@ -84,6 +88,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: gcr.io/k8s-staging-sig-storage/smbplugin:canary imagePullPolicy: IfNotPresent @@ -133,6 +141,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/deploy/csi-smb-node.yaml b/deploy/csi-smb-node.yaml index f60b595e697..29448d7c643 100644 --- a/deploy/csi-smb-node.yaml +++ b/deploy/csi-smb-node.yaml @@ -45,6 +45,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 args: @@ -75,6 +79,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: gcr.io/k8s-staging-sig-storage/smbplugin:canary imagePullPolicy: IfNotPresent @@ -101,6 +109,9 @@ spec: fieldPath: spec.nodeName securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/v1.13.0/csi-smb-node-windows.yaml b/deploy/v1.13.0/csi-smb-node-windows.yaml index b23df27f5b3..9de16bb18c6 100644 --- a/deploy/v1.13.0/csi-smb-node-windows.yaml +++ b/deploy/v1.13.0/csi-smb-node-windows.yaml @@ -48,6 +48,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0 args: @@ -84,6 +88,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: registry.k8s.io/sig-storage/smbplugin:v1.13.0 imagePullPolicy: IfNotPresent @@ -133,6 +141,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/deploy/v1.13.0/csi-smb-node.yaml b/deploy/v1.13.0/csi-smb-node.yaml index 9568115ab3d..2d5aab2fdbe 100644 --- a/deploy/v1.13.0/csi-smb-node.yaml +++ b/deploy/v1.13.0/csi-smb-node.yaml @@ -45,6 +45,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0 args: @@ -75,6 +79,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: registry.k8s.io/sig-storage/smbplugin:v1.13.0 imagePullPolicy: IfNotPresent @@ -104,6 +112,9 @@ spec: fieldPath: spec.nodeName securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir diff --git a/deploy/v1.14.0/csi-smb-node-windows.yaml b/deploy/v1.14.0/csi-smb-node-windows.yaml index cca8e8b7855..c5a8a012346 100644 --- a/deploy/v1.14.0/csi-smb-node-windows.yaml +++ b/deploy/v1.14.0/csi-smb-node-windows.yaml @@ -48,6 +48,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 args: @@ -84,6 +88,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: registry.k8s.io/sig-storage/smbplugin:v1.14.0 imagePullPolicy: IfNotPresent @@ -133,6 +141,10 @@ spec: requests: cpu: 10m memory: 40Mi + securityContext: + capabilities: + drop: + - ALL volumes: - name: csi-proxy-fs-pipe-v1 hostPath: diff --git a/deploy/v1.14.0/csi-smb-node.yaml b/deploy/v1.14.0/csi-smb-node.yaml index dda90baef69..d7e2f3a010e 100644 --- a/deploy/v1.14.0/csi-smb-node.yaml +++ b/deploy/v1.14.0/csi-smb-node.yaml @@ -45,6 +45,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 args: @@ -75,6 +79,10 @@ spec: requests: cpu: 10m memory: 20Mi + securityContext: + capabilities: + drop: + - ALL - name: smb image: registry.k8s.io/sig-storage/smbplugin:v1.14.0 imagePullPolicy: IfNotPresent @@ -101,6 +109,9 @@ spec: fieldPath: spec.nodeName securityContext: privileged: true + capabilities: + drop: + - ALL volumeMounts: - mountPath: /csi name: socket-dir