[FR] Run the provider with the minimum number of permissions required. #967
Labels
enhancement
New feature or request
Comments
|
@aramase could you please take a look? |
|
@pierluigilenoci these helm configurations already exist https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer.yaml#L79-L90 is there anything else you are looking for? if not, are we okay to close this issue? |
|
@sozercan if the permissions included in the chart are the minimum number for the provider to work, I'm satisfied. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
PR #966 (Issue #787) is a workaround to get the software to work on K8s v1.25.
In this way, it doesn't run with the necessary restricted permissions.
All these "permissions" need to be moved into the
securityContextsat the pod/container level.Ref: https://github.com/Azure/secrets-store-csi-driver-provider-azure/blob/master/charts/csi-secrets-store-provider-azure/templates/podsecuritypolicy.yaml#L8-L23
[A clear and concise description of what you want to happen.]
I would like the software to run with the minimum number of permissions it needs to run.
One solution would be to put the
privilegedvalues in the chart as default.And the more
restrictivevalues as a comment (to make configuration easier).Or allow the choice between the two options via the
linux.privilegedvalue.Anything else you would like to add:
Nothing to add other than a big thank you to the maintainers.
Environment:
The text was updated successfully, but these errors were encountered: