[ceph-osd] Change var crash mount propagation to HostToContainer

- As it will be a security violation to mount anything under /var partition to pods , changing the mount propagation to HostToContainer Change-Id: If7a27304507a9d1bcb9efcef4fc1146f77080a4f
2021-08-04 18:34:33 +00:00 · 2021-08-04 18:34:33 +00:00 · 7117c93772
commit 7117c93772
parent 8d00380469
3 changed files with 5 additions and 1 deletions
--- a/ceph-osd/Chart.yaml
+++ b/ceph-osd/Chart.yaml
@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph OSD
 name: ceph-osd
-version: 0.1.27
+version: 0.1.28
 home: https://github.com/ceph/ceph
 ...
--- a/ceph-osd/templates/daemonset-osd.yaml
+++ b/ceph-osd/templates/daemonset-osd.yaml
@ -138,6 +138,7 @@ spec:
              readOnly: false
            - name: pod-var-crash
              mountPath: /var/crash
              mountPropagation: HostToContainer
              readOnly: false
        - name: ceph-log-ownership
 {{ tuple $envAll "ceph_osd" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -283,6 +284,7 @@ spec:
              readOnly: false
            - name: pod-var-crash
              mountPath: /var/crash
              mountPropagation: HostToContainer
              readOnly: false
      containers:
        - name: log-runner
@ -449,6 +451,7 @@ spec:
              readOnly: false
            - name: pod-var-crash
              mountPath: /var/crash
              mountPropagation: HostToContainer
              readOnly: false
      volumes:
        - name: pod-tmp
--- a/releasenotes/notes/ceph-osd.yaml
+++ b/releasenotes/notes/ceph-osd.yaml
@ -28,4 +28,5 @@ ceph-osd:
  - 0.1.25 Export crash dumps when Ceph daemons crash
  - 0.1.26 Mount /var/crash inside ceph-osd pods
  - 0.1.27 Limit Ceph OSD Container Security Contexts
  - 0.1.28 Change var crash mount propagation to HostToContainer
 ...