diff --git a/charts/latest/blob-csi-driver-v0.0.0.tgz b/charts/latest/blob-csi-driver-v0.0.0.tgz index ba38d7f99..d3f552703 100644 Binary files a/charts/latest/blob-csi-driver-v0.0.0.tgz and b/charts/latest/blob-csi-driver-v0.0.0.tgz differ diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml index 3f0ffe6a9..4b609d16c 100644 --- a/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml +++ b/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml @@ -82,6 +82,10 @@ spec: - mountPath: /csi name: socket-dir resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: liveness-probe {{- if hasPrefix "/" .Values.image.livenessProbe.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" @@ -101,6 +105,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: blob {{- if hasPrefix "/" .Values.image.blob.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" @@ -182,6 +190,10 @@ spec: readOnly: true {{- end }} resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL - name: csi-resizer {{- if hasPrefix "/" .Values.image.csiResizer.repository }} image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" @@ -202,6 +214,10 @@ spec: - name: socket-dir mountPath: /csi resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL volumes: - name: socket-dir emptyDir: {}