You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Within the trident-controller deployment, all containers except the csi-resizer have a securityContext specified, which contains a capabilities: drop all. There is no obvious reason why the csi-resizer sidecar should not be able to run with the same securityContext to follow least-privilege best practises. It looks like it might be an oversight that this sidecar does not have it set?
Environment
Provide accurate information about the environment to help us reproduce the issue.
Trident version: 24.10
Expected behavior
In a standard deployment of Trident, the csi-resizer container should also include a securityContext that drops unneeded privileges, such as
securityContext:
capabilities:
drop:
- all
The text was updated successfully, but these errors were encountered:
Describe the bug
Within the trident-controller deployment, all containers except the csi-resizer have a securityContext specified, which contains a capabilities: drop all. There is no obvious reason why the csi-resizer sidecar should not be able to run with the same securityContext to follow least-privilege best practises. It looks like it might be an oversight that this sidecar does not have it set?
Environment
Provide accurate information about the environment to help us reproduce the issue.
Expected behavior
In a standard deployment of Trident, the csi-resizer container should also include a securityContext that drops unneeded privileges, such as
The text was updated successfully, but these errors were encountered: