added podSecurityPolicy to allow access to hostPath

Author: rrayst

ldp/deploy/rbac/clusterrole.yaml

@@ -18,4 +18,8 @@ rules:
     verbs: ["list", "watch", "create", "update", "patch"]
   - apiGroups: [""]
     resources: ["nodes"]
-    verbs: ["list", "watch", "get"]
+    verbs: ["list", "watch", "get"]
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames: ['local-directory-provisioner']

ldp/deploy/rbac/podsecuritypolicy.yaml

@@ -0,0 +1,19 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: local-directory-provisioner
+spec:
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+  volumes:
+    - projected
+    - secret
+    - hostPath
+  allowedHostPaths:
+    - pathPrefix: /mnt/ssd