From 0d3462b163d8d25afd7318446b722db1e26055c8 Mon Sep 17 00:00:00 2001
From: Yuichiro Ueno <ueno@preferred.jp>
Date: Thu, 16 Dec 2021 12:36:27 +0900
Subject: [PATCH] osd: add CAP_MKNOD to PSP

This commit adds CAP_MKNOD to PodSecurityPolicy to allow OSD-prepare job
creating pods under PSP-enabled Kubernetes cluster.

Signed-off-by: Yuichiro Ueno <ueno@preferred.jp>
(cherry picked from commit bae6351a39b287968a6dbae6a1b2aab70b1388dc)
---
 build/rbac/rbac.yaml                       | 1 +
 deploy/charts/rook-ceph/templates/psp.yaml | 1 +
 deploy/examples/common.yaml                | 1 +
 3 files changed, 3 insertions(+)

diff --git a/build/rbac/rbac.yaml b/build/rbac/rbac.yaml
index ae76b78c39e5..ab502c7feedf 100644
--- a/build/rbac/rbac.yaml
+++ b/build/rbac/rbac.yaml
@@ -702,6 +702,7 @@ spec:
   allowedCapabilities:
     # required by CSI
     - SYS_ADMIN
+    - MKNOD
   fsGroup:
     rule: RunAsAny
   # runAsUser, supplementalGroups - Rook needs to run some pods as root
diff --git a/deploy/charts/rook-ceph/templates/psp.yaml b/deploy/charts/rook-ceph/templates/psp.yaml
index e609c5f53b53..f0924be50b29 100644
--- a/deploy/charts/rook-ceph/templates/psp.yaml
+++ b/deploy/charts/rook-ceph/templates/psp.yaml
@@ -21,6 +21,7 @@ spec:
   allowedCapabilities:
     # required by CSI
     - SYS_ADMIN
+    - MKNOD
   fsGroup:
     rule: RunAsAny
   # runAsUser, supplementalGroups - Rook needs to run some pods as root
diff --git a/deploy/examples/common.yaml b/deploy/examples/common.yaml
index 6fae3544d47f..8f7977bb5cf3 100644
--- a/deploy/examples/common.yaml
+++ b/deploy/examples/common.yaml
@@ -718,6 +718,7 @@ spec:
   allowedCapabilities:
     # required by CSI
     - SYS_ADMIN
+    - MKNOD
   fsGroup:
     rule: RunAsAny
   # runAsUser, supplementalGroups - Rook needs to run some pods as root