From 8374fa929a505e6f6fba8f0c1b0cb2fdb44c7d47 Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Fri, 17 Sep 2021 14:04:13 +0530
Subject: [PATCH] helm:  reduce the PSP permission for cephfs deployment

cephfs deployment doesnot need extra permission like
privileged,Capabilities and reduce unwanted volumes.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 charts/ceph-csi-cephfs/templates/provisioner-psp.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml b/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml
index 17f7ca03e..fceecd01d 100644
--- a/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml
+++ b/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml
@@ -10,12 +10,8 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-    - 'SYS_ADMIN'
   fsGroup:
     rule: RunAsAny
-  privileged: true
   runAsUser:
     rule: RunAsAny
   seLinux:
@@ -27,7 +23,6 @@ spec:
     - 'emptyDir'
     - 'projected'
     - 'secret'
-    - 'downwardAPI'
     - 'hostPath'
   allowedHostPaths:
     - pathPrefix: '/dev'