Home > database >  Using Mount Propagation bidirectional without Privileged Security context in kubernetes
Using Mount Propagation bidirectional without Privileged Security context in kubernetes

Time:05-08

I'm implementing support to a CSIDriver that uses Bidirectional Mount Propagation. This requires that the container be Privileged, but in this project, we are not allowed to use privileged containers.

There is any other way to do this? I've tried to use SYS_ADMIN capability, but it did not work.

    - name: spiffe-csi-driver
        image: ghcr.io/spiffe/spiffe-csi-driver:0.1.0
        imagePullPolicy: IfNotPresent
        args: [
          "-workload-api-socket-dir", "/spire-agent-socket",
          "-csi-socket-path", "/spiffe-csi/csi.sock",
        ]
        env:
          - name: MY_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
        volumeMounts:
          - mountPath: /spire-agent-socket
            name: spire-agent-socket
            readOnly: true
          - mountPath: /spiffe-csi
            name: spiffe-csi-socket-dir
          # The volume containing mount points for containers.
          - mountPath: /var/lib/kubelet/pods
            mountPropagation: Bidirectional
            name: mountpoint-dir
        securityContext:
          privileged: true # need to remove
          # capabilities: # this didn't work 
          #   add:
          #   - SYS_ADMIN

CodePudding user response:

According to K8s official documentation:

it is allowed only in privileged containers.

Page link:https//www.codepudding.com/database/399400.html

Prev:How to convert unicode with hex to String in dart / flutter
Next:Can someone explain me this bubble sort code?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding