Skip to content

Commit

Permalink
Backport #631
Browse files Browse the repository at this point in the history
Signed-off-by: Bella Khizgiyaev <[email protected]>
  • Loading branch information
bkhizgiy committed Nov 8, 2023
1 parent 79ac5e4 commit 73f5631
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions pkg/controller/provider/ova-setup.go
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,8 @@ func (r *Reconciler) makeOvaProviderPodSpec(pvcName string, providerName string)

nfsVolumeName := fmt.Sprintf("%s-%s", nfsVolumeNamePrefix, providerName)
ovaContainerName := fmt.Sprintf("%s-pod-%s", ovaServer, providerName)
allowPrivilegeEscalation := false
nonRoot := true

return core.PodSpec{
Containers: []core.Container{
Expand All @@ -206,6 +208,13 @@ func (r *Reconciler) makeOvaProviderPodSpec(pvcName string, providerName string)
MountPath: mountPath,
},
},
SecurityContext: &core.SecurityContext{
AllowPrivilegeEscalation: &allowPrivilegeEscalation,
RunAsNonRoot: &nonRoot,
Capabilities: &core.Capabilities{
Drop: []core.Capability{"ALL"},
},
},
},
},
Volumes: []core.Volume{
Expand Down

0 comments on commit 73f5631

Please sign in to comment.