Add hostPID for linux daemonset container

kubernetes-sigs · Dec 30, 2024 · 33cda76 · 33cda76
1 parent 16fc083
commit 33cda76
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 0 deletions.
diff --git a/helm/README.md b/helm/README.md
@@ -145,6 +145,7 @@ provisioner chart and their default values.
 | classes.[n].storageClass.provisioner    | Specify provisioner of storage class.                                                                                          | str      | `kubernetes.io/no-provisioner`                                |
 | podAnnotations                          | Annotations for each Pod in the DaemonSet.                                                                                     | map      | `-`                                                           |
 | podLabels                               | Labels for each Pod in the DaemonSet.                                                                                          | map      | `-`                                                           |
+| hostPID                                 | Host PID set in the linux daemonset container spec. When set to true allows a pod to have access to the host process ID namespace | bool     | `false`                                                       |
 | image                                   | Provisioner image.                                                                                                             | str      | `registry.k8s.io/sig-storage/local-volume-provisioner:v2.7.0` |
 | imagePullPolicy                         | Provisioner DaemonSet image pull policy.                                                                                       | str      | `-`                                                           |
 | imagePullSecrets                        | Provisioner image pull secrets.                                                                                                | list     | `-`                                                           |

diff --git a/helm/generated_examples/additional-volumes.yaml b/helm/generated_examples/additional-volumes.yaml
@@ -104,6 +104,7 @@ spec:
       annotations:
         checksum/config: 997271ac2c9e49ae617e255f4d6e709709aa662e1049fef537e81f1b4d6b36a9
     spec:
+      hostPID: false
       serviceAccountName: local-static-provisioner
       nodeSelector:
         kubernetes.io/os: linux

diff --git a/helm/provisioner/templates/daemonset_linux.yaml b/helm/provisioner/templates/daemonset_linux.yaml
@@ -28,6 +28,7 @@ spec:
 {{ .Values.podAnnotations | toYaml | trim | indent 8 }}
 {{- end }}
     spec:
+      hostPID: {{.Values.hostPID}}
       serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
 {{- if .Values.priorityClassName }}
       priorityClassName: {{.Values.priorityClassName}}

diff --git a/helm/provisioner/values.yaml b/helm/provisioner/values.yaml
@@ -149,6 +149,9 @@ resources:
 # If set to false, containers created by the Provisioner Daemonset will run without extra privileges.
 privileged: true
 
+# Host PID set in the linux daemonset container spec. When set to true allows a pod to have access to the host process ID namespace
+hostPID: false
+
 # Any init containers can be configured here.
 # Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
 initContainers: []