deploy: setting RequiredDropCapabilities to ALL for ceph-csi scc #4767
Conversation
There was a problem hiding this comment.
It's ceph-csi scc
Line 12 in 3f5bbb9
deploy: is suited better for commit header
Can you please confirm you have tested the changes in openshift environment and everything works as expected ?
nixpanic
added
the
component/deployment
ShravaniVangur
changed the title
ShravaniVangur
force-pushed
the
updationOfSCC
branch
from
3f5bbb9
to
a9dea84
Compare
|
@Rakshith-R The following have been tested with the changes in this PR in the openshift environment:
|
Madhu-1
added
ci/skip/e2e
|
skipping e2e and multi-arch as its not required for this PR. |
|
@Mergifyio rebase |
This commit sets the RequiredDropCapabilities of ceph-csi to "ALL". Signed-off-by: ShravaniVangur <shravanivangur@gmail.com>
✅ Branch has been successfully rebased |
nixpanic
force-pushed
the
updationOfSCC
branch
from
a9dea84
to
0b15454
Compare
|
@Mergifyio queue |
✅ The pull request has been merged automaticallyThe pull request has been merged automatically at 0eabe32 |
|
/test ci/centos/k8s-e2e-external-storage/1.29 |
|
/test ci/centos/mini-e2e-helm/k8s-1.29 |
|
/test ci/centos/mini-e2e/k8s-1.29 |
|
/test ci/centos/upgrade-tests-cephfs |
|
/test ci/centos/k8s-e2e-external-storage/1.31 |
|
/test ci/centos/upgrade-tests-rbd |
|
/test ci/centos/mini-e2e-helm/k8s-1.31 |
|
/test ci/centos/mini-e2e/k8s-1.31 |
|
/test ci/centos/k8s-e2e-external-storage/1.30 |
|
/test ci/centos/mini-e2e-helm/k8s-1.30 |
|
/test ci/centos/mini-e2e/k8s-1.30 |
This commit sets the RequiredDropCapabilities of ceph-csi to "ALL".
Describe what this PR does
In line with the principle of least privilege, permissions should be granted with only the minimal access necessary to perform the required tasks. Previously, the security context constraints for ceph-csi did not have RequiredDropCapabilities set. This commit ensures that it is now set to "ALL".
$oc describe scc rook-ceph-csi | grep " Required Drop Capabilities"Required Drop Capabilities: ALL