diff --git a/cssensor-crio-ds.yml b/cssensor-crio-ds.yml index 37957e5..47d3c32 100644 --- a/cssensor-crio-ds.yml +++ b/cssensor-crio-ds.yml @@ -141,11 +141,13 @@ items: name: persistent-volume - mountPath: /usr/local/qualys/qpa/data/conf/agent-data name: agent-volume + - mountPath: /var/lib/containers/storage + name: container-storage # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud #- mountPath: /etc/qualys/qpa/cert/custom-ca.crt # name: proxy-cert-path securityContext: - allowPrivilegeEscalation: false + privileged: true volumes: - name: socket-volume hostPath: @@ -159,6 +161,9 @@ items: hostPath: path: /etc/qualys type: DirectoryOrCreate + - name: container-storage + hostPath: + path: /var/lib/containers/storage # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud #- name: proxy-cert-path # hostPath: diff --git a/cssensor-openshift-crio-ds.yml b/cssensor-openshift-crio-ds.yml index d03cdbf..736a1fd 100644 --- a/cssensor-openshift-crio-ds.yml +++ b/cssensor-openshift-crio-ds.yml @@ -89,7 +89,7 @@ items: allowHostIPC: false allowHostPID: false allowHostPorts: false - allowPrivilegedContainer: false + allowPrivilegedContainer: true readOnlyRootFilesystem: false runAsUser: type: RunAsAny @@ -158,11 +158,13 @@ items: name: persistent-volume - mountPath: /usr/local/qualys/qpa/data/conf/agent-data name: agent-volume + - mountPath: /var/lib/containers/storage + name: container-storage # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud #- mountPath: /etc/qualys/qpa/cert/custom-ca.crt # name: proxy-cert-path securityContext: - allowPrivilegeEscalation: false + privileged: true volumes: - name: socket-volume hostPath: @@ -176,6 +178,9 @@ items: hostPath: path: /etc/qualys type: DirectoryOrCreate + - name: container-storage + hostPath: + path: /var/lib/containers/storage # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud #- name: proxy-cert-path # hostPath: diff --git a/cssensor-openshift-crio-ds_pv_pvc.yml b/cssensor-openshift-crio-ds_pv_pvc.yml index 7aaca7a..c29cd72 100644 --- a/cssensor-openshift-crio-ds_pv_pvc.yml +++ b/cssensor-openshift-crio-ds_pv_pvc.yml @@ -113,7 +113,7 @@ items: allowHostIPC: false allowHostPID: false allowHostPorts: false - allowPrivilegedContainer: false + allowPrivilegedContainer: true readOnlyRootFilesystem: false runAsUser: type: RunAsAny @@ -182,11 +182,13 @@ items: name: persistent-volume - mountPath: /usr/local/qualys/qpa/data/conf/agent-data name: agent-volume + - mountPath: /var/lib/containers/storage + name: container-storage # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud #- mountPath: /etc/qualys/qpa/cert/custom-ca.crt # name: proxy-cert-path securityContext: - allowPrivilegeEscalation: false + privileged: true volumes: - name: socket-volume hostPath: @@ -199,6 +201,9 @@ items: hostPath: path: /etc/qualys type: DirectoryOrCreate + - name: container-storage + hostPath: + path: /var/lib/containers/storage # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud #- name: proxy-cert-path # hostPath: diff --git a/helm-chart-scripts/cssensor-chart-crio-ds/templates/cssensor-crio-ds.yml b/helm-chart-scripts/cssensor-chart-crio-ds/templates/cssensor-crio-ds.yml index 3c1a127..fa3573e 100644 --- a/helm-chart-scripts/cssensor-chart-crio-ds/templates/cssensor-crio-ds.yml +++ b/helm-chart-scripts/cssensor-chart-crio-ds/templates/cssensor-crio-ds.yml @@ -159,8 +159,10 @@ items: - mountPath: /etc/qualys/qpa/cert/custom-ca.crt name: proxy-cert-path {{- end }} + - mountPath: /var/lib/containers/storage + name: container-storage securityContext: - allowPrivilegeEscalation: false + privileged: true volumes: - name: socket-volume hostPath: @@ -183,4 +185,7 @@ items: path: {{.Values.qualys.proxycertpath}} type: File {{- end }} + - name: container-storage + hostPath: + path: /var/lib/containers/storage hostNetwork: true diff --git a/helm-chart-scripts/cssensor-chart-openshift-crio-ds/templates/cssensor-openshift-crio-ds.yaml b/helm-chart-scripts/cssensor-chart-openshift-crio-ds/templates/cssensor-openshift-crio-ds.yaml index a34521a..f2742dc 100644 --- a/helm-chart-scripts/cssensor-chart-openshift-crio-ds/templates/cssensor-openshift-crio-ds.yaml +++ b/helm-chart-scripts/cssensor-chart-openshift-crio-ds/templates/cssensor-openshift-crio-ds.yaml @@ -85,7 +85,7 @@ items: allowHostIPC: false allowHostPID: false allowHostPorts: false - allowPrivilegedContainer: false + allowPrivilegedContainer: true readOnlyRootFilesystem: false runAsUser: type: RunAsAny @@ -171,13 +171,15 @@ items: {{- end }} - mountPath: /usr/local/qualys/qpa/data/conf/agent-data name: agent-volume + - mountPath: /var/lib/containers/storage + name: container-storage {{- if .Values.qualys.proxycert }} # uncomment(and indent properly) below section if proxy(with CA cert) required to connect Qualys Cloud - mountPath: /etc/qualys/qpa/cert/custom-ca.crt name: proxy-cert-path {{- end }} securityContext: - allowPrivilegeEscalation: false + privileged: true volumes: - name: socket-volume hostPath: @@ -200,4 +202,7 @@ items: path: {{.Values.qualys.proxycertpath}} type: File {{- end }} + - name: container-storage + hostPath: + path: /var/lib/containers/storage hostNetwork: true