outscale / osc-bsu-csi-driver

Apache License 2.0
8 stars 18 forks source link

fix PV will be encrypted failing due to restictive securityContext #835

Closed outscale-hmi closed 1 month ago

outscale-hmi commented 1 month ago

Problem Summary:

After adding the securityContext to both the controller and node, the pod was no longer able to mount or access the LUKS-encrypted volumes. This issue was traced to restrictive security settings that prevented necessary operations such as mounting, decrypting, and interacting with the LUKS-encrypted block devices.

Cause:

The restrictive security context blocked certain operations required by the CSI driver or the pod itself to manage the encrypted volumes. In particular, settings like allowPrivilegeEscalation: false and seccompProfile: RuntimeDefault were blocking essential system calls or preventing the pod from escalating privileges when needed.

Changes Made:

To resolve the issue, the following changes were applied:

These changes allow the pod and node to successfully mount and interact with the LUKS-encrypted volumes by ensuring that no critical operations are blocked by the security context.