github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Run sidecars for csi-mock as privileged

Browse Source 
The driver and provisioner runs as privileged, so make all the other
sidecar containers privileged too.

This helps on system with SELinux, non-privileged container can't access
socket of a privileged one.
This commit is contained in:
Jan Safranek 2019-06-27 13:39:14 +02:00
parent 376a2cb344
commit d6077c717d
3 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/e2e/testing-manifests/storage-csi/mock/csi-mock-cluster-driver-registrar.yaml
View File

@ -24,6 +24,8 @@ spec:
- name: ADDRESS - name: ADDRESS
value: /csi/csi.sock value: /csi/csi.sock
imagePullPolicy: Always imagePullPolicy: Always
securityContext:
privileged: true
volumeMounts: volumeMounts:
- mountPath: /csi - mountPath: /csi
name: socket-dir name: socket-dir

2
test/e2e/testing-manifests/storage-csi/mock/csi-mock-driver-attacher.yaml
View File

@ -23,6 +23,8 @@ spec:
- name: ADDRESS - name: ADDRESS
value: /csi/csi.sock value: /csi/csi.sock
imagePullPolicy: Always imagePullPolicy: Always
securityContext:
privileged: true
volumeMounts: volumeMounts:
- mountPath: /csi - mountPath: /csi
name: socket-dir name: socket-dir

2
test/e2e/testing-manifests/storage-csi/mock/csi-mock-driver-resizer.yaml
View File

@ -23,6 +23,8 @@ spec:
- name: ADDRESS - name: ADDRESS
value: /csi/csi.sock value: /csi/csi.sock
imagePullPolicy: Always imagePullPolicy: Always
securityContext:
privileged: true
volumeMounts: volumeMounts:
- mountPath: /csi - mountPath: /csi
name: socket-dir name: socket-dir