-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deploy: setting RequiredDropCapabilities to ALL for ceph-csi scc #4767
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's ceph-csi scc
Line 12 in 3f5bbb9
name: "ceph-csi" |
deploy:
is suited better for commit header
Can you please confirm you have tested the changes in openshift environment and everything works as expected ?
3f5bbb9
to
a9dea84
Compare
@Rakshith-R The following have been tested with the changes in this PR in the openshift environment:
|
skipping e2e and multi-arch as its not required for this PR. |
@Mergifyio rebase |
This commit sets the RequiredDropCapabilities of ceph-csi to "ALL". Signed-off-by: ShravaniVangur <shravanivangur@gmail.com>
✅ Branch has been successfully rebased |
a9dea84
to
0b15454
Compare
@Mergifyio queue |
✅ The pull request has been merged automaticallyThe pull request has been merged automatically at 0eabe32 |
/test ci/centos/k8s-e2e-external-storage/1.29 |
/test ci/centos/mini-e2e-helm/k8s-1.29 |
/test ci/centos/mini-e2e/k8s-1.29 |
/test ci/centos/upgrade-tests-cephfs |
/test ci/centos/k8s-e2e-external-storage/1.31 |
/test ci/centos/upgrade-tests-rbd |
/test ci/centos/mini-e2e-helm/k8s-1.31 |
/test ci/centos/mini-e2e/k8s-1.31 |
/test ci/centos/k8s-e2e-external-storage/1.30 |
/test ci/centos/mini-e2e-helm/k8s-1.30 |
/test ci/centos/mini-e2e/k8s-1.30 |
This commit sets the RequiredDropCapabilities of ceph-csi to "ALL".
Describe what this PR does
In line with the principle of least privilege, permissions should be granted with only the minimal access necessary to perform the required tasks. Previously, the security context constraints for ceph-csi did not have RequiredDropCapabilities set. This commit ensures that it is now set to "ALL".
$oc describe scc rook-ceph-csi | grep " Required Drop Capabilities"
Required Drop Capabilities: ALL