Merge pull request #9236 from leseb/fix-9234

core: fix openshift security context

cluster/examples/kubernetes/ceph/operator-openshift.yaml

@@ -18,7 +18,7 @@ allowHostNetwork: false
 # set to true if running rook with the provider as host
 allowHostPorts: false
 priority:
-allowedCapabilities: []
+allowedCapabilities: ["MKNOD"]
 allowHostIPC: true
 readOnlyRootFilesystem: false
 requiredDropCapabilities: []

pkg/apis/ceph.rook.io/v1/scc.go

@@ -42,6 +42,7 @@ func NewSecurityContextConstraints(name, namespace string) *secv1.SecurityContex
 		AllowHostIPC:             true,
 		AllowHostNetwork:         false,
 		AllowHostPorts:           false,
+		AllowedCapabilities:      []corev1.Capability{"MKNOD"},
 		RequiredDropCapabilities: []corev1.Capability{},
 		DefaultAddCapabilities:   []corev1.Capability{},
 		RunAsUser: secv1.RunAsUserStrategyOptions{