diff --git a/helm/README.md b/helm/README.md index edbceb677..e1a90a9b9 100644 --- a/helm/README.md +++ b/helm/README.md @@ -145,6 +145,7 @@ provisioner chart and their default values. | classes.[n].storageClass.provisioner | Specify provisioner of storage class. | str | `kubernetes.io/no-provisioner` | | podAnnotations | Annotations for each Pod in the DaemonSet. | map | `-` | | podLabels | Labels for each Pod in the DaemonSet. | map | `-` | +| hostPID | Host PID set in the linux daemonset container spec. When set to true allows a pod to have access to the host process ID namespace | bool | `false` | | image | Provisioner image. | str | `registry.k8s.io/sig-storage/local-volume-provisioner:v2.7.0` | | imagePullPolicy | Provisioner DaemonSet image pull policy. | str | `-` | | imagePullSecrets | Provisioner image pull secrets. | list | `-` | diff --git a/helm/generated_examples/additional-volumes.yaml b/helm/generated_examples/additional-volumes.yaml index 796818269..86917c034 100644 --- a/helm/generated_examples/additional-volumes.yaml +++ b/helm/generated_examples/additional-volumes.yaml @@ -104,6 +104,7 @@ spec: annotations: checksum/config: 997271ac2c9e49ae617e255f4d6e709709aa662e1049fef537e81f1b4d6b36a9 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-affinity.yaml b/helm/generated_examples/baremetal-affinity.yaml index c254d40f5..2c479aa71 100644 --- a/helm/generated_examples/baremetal-affinity.yaml +++ b/helm/generated_examples/baremetal-affinity.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-cleanbyjobs.yaml b/helm/generated_examples/baremetal-cleanbyjobs.yaml index 24f8c4333..ec10bf7a8 100644 --- a/helm/generated_examples/baremetal-cleanbyjobs.yaml +++ b/helm/generated_examples/baremetal-cleanbyjobs.yaml @@ -155,6 +155,7 @@ spec: annotations: checksum/config: b83faf15a16c9079bcd422cd130bbeef24dd946545b9e66f70eb6cfe7fd2036f spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-default-storage.yaml b/helm/generated_examples/baremetal-default-storage.yaml index 0f7c673d0..1b7712e8a 100644 --- a/helm/generated_examples/baremetal-default-storage.yaml +++ b/helm/generated_examples/baremetal-default-storage.yaml @@ -115,6 +115,7 @@ spec: annotations: checksum/config: b6d9b5373d0044b95f32c0a7bca03c3bfd69cab1e45ad38029cda321ff703452 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-nodeselector.yaml b/helm/generated_examples/baremetal-nodeselector.yaml index 6818b02a0..9a8db7164 100644 --- a/helm/generated_examples/baremetal-nodeselector.yaml +++ b/helm/generated_examples/baremetal-nodeselector.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-priority-critical.yaml b/helm/generated_examples/baremetal-priority-critical.yaml index 57e55412f..6d9a9e908 100644 --- a/helm/generated_examples/baremetal-priority-critical.yaml +++ b/helm/generated_examples/baremetal-priority-critical.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner priorityClassName: system-node-critical nodeSelector: diff --git a/helm/generated_examples/baremetal-priority-noncritical.yaml b/helm/generated_examples/baremetal-priority-noncritical.yaml index 24a5f613a..d545f90a3 100644 --- a/helm/generated_examples/baremetal-priority-noncritical.yaml +++ b/helm/generated_examples/baremetal-priority-noncritical.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner priorityClassName: priority-important nodeSelector: diff --git a/helm/generated_examples/baremetal-prometheus.yaml b/helm/generated_examples/baremetal-prometheus.yaml index 43a197486..a7b064786 100644 --- a/helm/generated_examples/baremetal-prometheus.yaml +++ b/helm/generated_examples/baremetal-prometheus.yaml @@ -137,6 +137,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-provisioner.yaml b/helm/generated_examples/baremetal-provisioner.yaml index 17c199da1..b9714f8d1 100644 --- a/helm/generated_examples/baremetal-provisioner.yaml +++ b/helm/generated_examples/baremetal-provisioner.yaml @@ -115,6 +115,7 @@ spec: annotations: checksum/config: ab47134c2d9ee94cf8fc7f8a5a8dc9e51c2ab005a6ce67ff013328751015dec8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-resyncperiod.yaml b/helm/generated_examples/baremetal-resyncperiod.yaml index d9387c8c5..74ed870a2 100644 --- a/helm/generated_examples/baremetal-resyncperiod.yaml +++ b/helm/generated_examples/baremetal-resyncperiod.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: 411fa024d9706715e0bb5b76a4549e8a4593abf40e873bc49aaea223649af713 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-tolerations.yaml b/helm/generated_examples/baremetal-tolerations.yaml index 6aed8d6fe..b469fa6ad 100644 --- a/helm/generated_examples/baremetal-tolerations.yaml +++ b/helm/generated_examples/baremetal-tolerations.yaml @@ -119,6 +119,7 @@ spec: annotations: checksum/config: bdea962be4bc6072011b44367cc56d21c61868009d4cb63b6415c1c27695ce96 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-with-resource-limits.yaml b/helm/generated_examples/baremetal-with-resource-limits.yaml index c1b5c2a58..c690ec410 100644 --- a/helm/generated_examples/baremetal-with-resource-limits.yaml +++ b/helm/generated_examples/baremetal-with-resource-limits.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal-without-rbac.yaml b/helm/generated_examples/baremetal-without-rbac.yaml index e88c0b2f6..c68ce08c8 100644 --- a/helm/generated_examples/baremetal-without-rbac.yaml +++ b/helm/generated_examples/baremetal-without-rbac.yaml @@ -69,6 +69,7 @@ spec: annotations: checksum/config: ab47134c2d9ee94cf8fc7f8a5a8dc9e51c2ab005a6ce67ff013328751015dec8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/baremetal.yaml b/helm/generated_examples/baremetal.yaml index 74139a058..f0d492a03 100644 --- a/helm/generated_examples/baremetal.yaml +++ b/helm/generated_examples/baremetal.yaml @@ -116,6 +116,7 @@ spec: annotations: checksum/config: f81e575a8ce66fff1873e5bae2df0f963609f540da196b9a86c3146a94d284b8 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/development-gce.yaml b/helm/generated_examples/development-gce.yaml index 08b2c54f4..9466ff1bb 100644 --- a/helm/generated_examples/development-gce.yaml +++ b/helm/generated_examples/development-gce.yaml @@ -113,6 +113,7 @@ spec: annotations: checksum/config: 3ac145a21b1cd813079bd65a84010c8c39cb1513e676cf78e78f236461c6ae7e spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/development-gke.yaml b/helm/generated_examples/development-gke.yaml index 08b2c54f4..9466ff1bb 100644 --- a/helm/generated_examples/development-gke.yaml +++ b/helm/generated_examples/development-gke.yaml @@ -113,6 +113,7 @@ spec: annotations: checksum/config: 3ac145a21b1cd813079bd65a84010c8c39cb1513e676cf78e78f236461c6ae7e spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/eks-nvme-ssd.yaml b/helm/generated_examples/eks-nvme-ssd.yaml index a28977704..650c03602 100644 --- a/helm/generated_examples/eks-nvme-ssd.yaml +++ b/helm/generated_examples/eks-nvme-ssd.yaml @@ -112,6 +112,7 @@ spec: annotations: checksum/config: b110cd9aea997eefa707c673fe5efa712280f77f1e5af3ff591359246cba3d9e spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/gce-retain.yaml b/helm/generated_examples/gce-retain.yaml index 7916424ae..f93f595e3 100644 --- a/helm/generated_examples/gce-retain.yaml +++ b/helm/generated_examples/gce-retain.yaml @@ -130,6 +130,7 @@ spec: annotations: checksum/config: fc2f7f8aebef1f9b2f9727f6502b2a98fb7e6739e66c162a356b3e086fa6ce70 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/gce.yaml b/helm/generated_examples/gce.yaml index d447619bf..efdbe2095 100644 --- a/helm/generated_examples/gce.yaml +++ b/helm/generated_examples/gce.yaml @@ -130,6 +130,7 @@ spec: annotations: checksum/config: fc2f7f8aebef1f9b2f9727f6502b2a98fb7e6739e66c162a356b3e086fa6ce70 spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/gke-nvme-ssd-block-raid.yaml b/helm/generated_examples/gke-nvme-ssd-block-raid.yaml index 084572d8f..148c7dbf8 100644 --- a/helm/generated_examples/gke-nvme-ssd-block-raid.yaml +++ b/helm/generated_examples/gke-nvme-ssd-block-raid.yaml @@ -113,6 +113,7 @@ spec: annotations: checksum/config: d1ecfaa3b97cbc85da26d0c83192913ede08a624d630854de99db95c1a78a8bc spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/generated_examples/gke.yaml b/helm/generated_examples/gke.yaml index d52ea9b3f..ce22a4a1a 100644 --- a/helm/generated_examples/gke.yaml +++ b/helm/generated_examples/gke.yaml @@ -113,6 +113,7 @@ spec: annotations: checksum/config: 3ac145a21b1cd813079bd65a84010c8c39cb1513e676cf78e78f236461c6ae7e spec: + hostPID: false serviceAccountName: local-static-provisioner nodeSelector: kubernetes.io/os: linux diff --git a/helm/provisioner/templates/daemonset_linux.yaml b/helm/provisioner/templates/daemonset_linux.yaml index f3c8322f8..84c4470b0 100644 --- a/helm/provisioner/templates/daemonset_linux.yaml +++ b/helm/provisioner/templates/daemonset_linux.yaml @@ -28,6 +28,7 @@ spec: {{ .Values.podAnnotations | toYaml | trim | indent 8 }} {{- end }} spec: + hostPID: {{.Values.hostPID}} serviceAccountName: {{ template "provisioner.serviceAccountName" . }} {{- if .Values.priorityClassName }} priorityClassName: {{.Values.priorityClassName}} diff --git a/helm/provisioner/values.yaml b/helm/provisioner/values.yaml index 2987585dc..8541a98dc 100644 --- a/helm/provisioner/values.yaml +++ b/helm/provisioner/values.yaml @@ -149,6 +149,9 @@ resources: # If set to false, containers created by the Provisioner Daemonset will run without extra privileges. privileged: true +# Host PID set in the linux daemonset container spec. When set to true allows a pod to have access to the host process ID namespace +hostPID: false + # Any init containers can be configured here. # Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ initContainers: []