From 2421aebdfd77b682409c36a7cd3ececa1dda6bfa Mon Sep 17 00:00:00 2001
From: hanenMizouni <hanen.mizouni@outscale.com>
Date: Wed, 23 Oct 2024 11:55:15 +0000
Subject: [PATCH] update securityContext in containers to handle luks volume

Signed-off-by: hanenMizouni <hanen.mizouni@outscale.com>
---
 osc-bsu-csi-driver/values.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/osc-bsu-csi-driver/values.yaml b/osc-bsu-csi-driver/values.yaml
index 44a4615e..1f05397b 100644
--- a/osc-bsu-csi-driver/values.yaml
+++ b/osc-bsu-csi-driver/values.yaml
@@ -219,8 +219,12 @@ node:
   tolerations: []
   # Privileged containers always run as `Unconfined`, which means that they are not restricted by a seccomp profile.
   containerSecurityContext:
-    readOnlyRootFilesystem: true
+    readOnlyRootFilesystem: false  # Allow write operations needed for volume management
     privileged: true
+    allowPrivilegeEscalation: true  # Ensure privileges can be escalated for volume management if needed
+    seccompProfile:
+      type: Unconfined     # temporarily disable seccomp restrictions to allow necessary system calls for LUKS volumes
+serviceAccount:
 serviceAccount:
   controller:
     # -- Annotations to add to the Controller ServiceAccount