Allow volumes to sync with restricted. (#41)

* Added volumetypes to PSP to prevent issue spinning pods as described at: giantswarm/roadmap#259 (comment). * Forgot changelog..
giantswarm · Feb 28, 2023 · cadd3b8 · cadd3b8
1 parent 9e20605
commit cadd3b8
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,8 +9,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
 - add the use of the runtime/default seccomp profile.
 
+### Changed
+
+- Allowed more volumes in the PSP, to sync with restricted PSP and prevent pod run issues.
+
 ## [0.1.2] - 2022-08-05
 
 ## [0.1.1] - 2022-06-28

diff --git a/helm/deletion-blocker-operator/templates/psp.yaml b/helm/deletion-blocker-operator/templates/psp.yaml
@@ -24,6 +24,13 @@ spec:
  rule: RunAsAny
  supplementalGroups:
  rule: RunAsAny
+ volumes:
+ - emptyDir
+ - secret
+ - downwardAPI
+ - configMap
+ - persistentVolumeClaim
+ - projected
  allowPrivilegeEscalation: false
  hostNetwork: false
  hostIPC: false