From 051af3b2572784cbb8a4e5ce98d006000601867a Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Fri, 17 Sep 2021 14:01:36 +0530
Subject: [PATCH] deploy: reduce the PSP permission for cephfs deployment

cephfs deployment doesnot need extra permission like
privileged,Capabilities and remove unwanted volumes.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 deploy/cephfs/kubernetes/csi-provisioner-psp.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml b/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
index ee465ef30..82ba30874 100644
--- a/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
+++ b/deploy/cephfs/kubernetes/csi-provisioner-psp.yaml
@@ -4,12 +4,8 @@ kind: PodSecurityPolicy
 metadata:
   name: cephfs-csi-provisioner-psp
 spec:
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-    - 'SYS_ADMIN'
   fsGroup:
     rule: RunAsAny
-  privileged: true
   runAsUser:
     rule: RunAsAny
   seLinux:
@@ -21,7 +17,6 @@ spec:
     - 'emptyDir'
     - 'projected'
     - 'secret'
-    - 'downwardAPI'
     - 'hostPath'
   allowedHostPaths:
     - pathPrefix: '/dev'