diff --git a/cluster/addons/fluentd-gcp/podsecuritypolicies/event-exporter-psp.yaml b/cluster/addons/fluentd-gcp/podsecuritypolicies/event-exporter-psp.yaml index 319f3f5a091..fd2e147b686 100644 --- a/cluster/addons/fluentd-gcp/podsecuritypolicies/event-exporter-psp.yaml +++ b/cluster/addons/fluentd-gcp/podsecuritypolicies/event-exporter-psp.yaml @@ -19,6 +19,7 @@ spec: volumes: - 'hostPath' - 'secret' + - 'projected' # TODO: This only needs a hostPath to read /etc/ssl/certs, # but it should be able to just include these in the image. allowedHostPaths: diff --git a/cluster/addons/fluentd-gcp/podsecuritypolicies/fluentd-gcp-psp.yaml b/cluster/addons/fluentd-gcp/podsecuritypolicies/fluentd-gcp-psp.yaml index 495ea5a33b1..8c9f096db24 100644 --- a/cluster/addons/fluentd-gcp/podsecuritypolicies/fluentd-gcp-psp.yaml +++ b/cluster/addons/fluentd-gcp/podsecuritypolicies/fluentd-gcp-psp.yaml @@ -20,6 +20,7 @@ spec: - 'configMap' - 'hostPath' - 'secret' + - 'projected' allowedHostPaths: - pathPrefix: /var/log - pathPrefix: /var/lib/docker/containers diff --git a/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder.yaml b/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder.yaml index bcb51caa90d..e365833299c 100644 --- a/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder.yaml +++ b/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder.yaml @@ -15,6 +15,7 @@ spec: volumes: - 'nfs' - 'secret' # Required for service account credentials. + - 'projected' hostNetwork: false hostIPC: false hostPID: false diff --git a/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml b/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml index 85a49532883..3e8ae2622f2 100644 --- a/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml +++ b/cluster/gce/addons/podsecuritypolicies/unprivileged-addon.yaml @@ -39,6 +39,7 @@ spec: - 'emptyDir' - 'configMap' - 'secret' + - 'projected' hostNetwork: false hostIPC: false hostPID: false