From 1818529a4cc6f20653ce7de3db3d4644fd0f1896 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Fri, 22 Apr 2022 11:50:23 +0200
Subject: [PATCH] deploy: allow hostPort 29653 for NFS node-plugin

This should address the following failure when Pod Security Policies are
enabled:

> FailedCreate: Error creating: pods "csi-nfs-node-" is forbidden:
> PodSecurityPolicy: unable to admit pod: spec.containers[2].hostPort:
> Invalid value: 29653: Host port 29653 is not allowed to be used.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 deploy/nfs/kubernetes/csi-nodeplugin-psp.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deploy/nfs/kubernetes/csi-nodeplugin-psp.yaml b/deploy/nfs/kubernetes/csi-nodeplugin-psp.yaml
index 9444c9644..1ae0398ff 100644
--- a/deploy/nfs/kubernetes/csi-nodeplugin-psp.yaml
+++ b/deploy/nfs/kubernetes/csi-nodeplugin-psp.yaml
@@ -43,7 +43,9 @@ spec:
       readOnly: false
     - pathPrefix: '/var/lib/kubelet/plugins'
       readOnly: false
-
+  hostPorts:
+    - min: 29653
+      max: 29653
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1