rancher-charts/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-depl...

# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: Deployment
apiVersion: apps/v1
metadata:
  name: vsphere-csi-controller
  namespace: {{ .Release.Namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vsphere-csi-controller
  template:
    metadata:
      labels:
        app: vsphere-csi-controller
        role: vsphere-csi
    spec:
      {{- if .Values.csiController.nodeSelector }}
      nodeSelector:
      {{- with .Values.csiController.nodeSelector }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- else }}
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              # RKE node selector label
              - key: node-role.kubernetes.io/controlplane
                operator: In
                values:
                - "true"
            - matchExpressions:
              # RKE2 node selector label
              - key: node-role.kubernetes.io/control-plane
                operator: In
                values:
                - "true"
      {{- end }}
      serviceAccountName: vsphere-csi-controller
      tolerations:
        # Rancher specific change: These tolerations are intentionally different from upstream to avoid lessening the scope to only NoSchedule with a specific key
        # - key: node-role.kubernetes.io/master
        #   operator: Exists
        #   effect: NoSchedule
        - operator: "Exists"
          effect: NoSchedule
        - operator: "Exists"
          effect: NoExecute
        # uncomment below toleration if you need an aggressive pod eviction in case when
        # node becomes not-ready or unreachable. Default is 300 seconds if not specified.
        #- key: node.kubernetes.io/not-ready
        #  operator: Exists
        #  effect: NoExecute
        #  tolerationSeconds: 30
        #- key: node.kubernetes.io/unreachable
        #  operator: Exists
        #  effect: NoExecute
        #  tolerationSeconds: 30
      dnsPolicy: "Default"
      containers:
        - name: csi-attacher
          image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}"
          args:
            - "--v=4"
            - "--timeout=300s"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
{{- if .Values.csiController.csiResizer.enabled }}
        - name: csi-resizer
          image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}"
          args:
            - "--v=4"
            - "--timeout=300s"
            - "--handle-volume-inuse-error=false"
            - "--csi-address=$(ADDRESS)"
            - "--kube-api-qps=100"
            - "--kube-api-burst=100"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
{{- end }}
        - name: vsphere-csi-controller
          image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}"
          args:
            - "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
            - "--fss-namespace=$(CSI_NAMESPACE)"
          imagePullPolicy: "Always"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: X_CSI_MODE
              value: "controller"
            - name: VSPHERE_CSI_CONFIG
              value: "/etc/cloud/csi-vsphere.conf"
            - name: LOGGER_LEVEL
              value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
            - name: INCLUSTER_CLIENT_QPS
              value: "100"
            - name: INCLUSTER_CLIENT_BURST
              value: "100"
            - name: CSI_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT
              value: 3m
          volumeMounts:
            - mountPath: /etc/cloud
              name: vsphere-config-volume
              readOnly: true
            - mountPath: /csi
              name: socket-dir
          ports:
            - name: healthz
              containerPort: 9808
              protocol: TCP
            - name: prometheus
              containerPort: 2112
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            timeoutSeconds: 3
            periodSeconds: 5
            failureThreshold: 3
        - name: liveness-probe
          image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}"
          args:
            - "--v=4"
            - "--csi-address=/csi/csi.sock"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
        - name: vsphere-syncer
          image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}"
          args:
            - "--leader-election"
            - "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
            - "--fss-namespace=$(CSI_NAMESPACE)"
          imagePullPolicy: "Always"
          ports:
            - containerPort: 2113
              name: prometheus
              protocol: TCP
          env:
            - name: FULL_SYNC_INTERVAL_MINUTES
              value: "30"
            - name: VSPHERE_CSI_CONFIG
              value: "/etc/cloud/csi-vsphere.conf"
            - name: LOGGER_LEVEL
              value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
            - name: INCLUSTER_CLIENT_QPS
              value: "100"
            - name: INCLUSTER_CLIENT_BURST
              value: "100"
            - name: CSI_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          volumeMounts:
            - mountPath: /etc/cloud
              name: vsphere-config-volume
              readOnly: true
        - name: csi-provisioner
          image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}"
          args:
            - "--v=4"
            - "--timeout=300s"
            - "--csi-address=$(ADDRESS)"
            - "--kube-api-qps=100"
            - "--kube-api-burst=100"
            - "--leader-election"
            - "--default-fstype=ext4"
            # needed only for topology aware setup
            #- "--feature-gates=Topology=true"
            #- "--strict-topology"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
      volumes:
      - name: vsphere-config-volume
        secret:
          secretName: {{ .Values.vCenter.configSecret.name }}
      - name: socket-dir
        emptyDir: {}
---
apiVersion: v1
data:
  "csi-migration": {{ .Values.csiMigration.enabled | quote }}
  "csi-auth-check": {{ .Values.csiAuthCheck.enabled | quote }}
  "online-volume-extend": {{ .Values.onlineVolumeExtend.enabled | quote }}
kind: ConfigMap
metadata:
  name: internal-feature-states.csi.vsphere.vmware.com
  namespace: {{ .Release.Namespace }}
---
apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
  name: csi.vsphere.vmware.com
spec:
  attachRequired: true
  podInfoOnMount: false
---
apiVersion: v1
kind: Service
metadata:
  name: vsphere-csi-controller
  namespace: {{ .Release.Namespace }}
  labels:
    app: vsphere-csi-controller
spec:
  ports:
    - name: ctlr
      port: 2112
      targetPort: 2112
      protocol: TCP
    - name: syncer
      port: 2113
      targetPort: 2113
      protocol: TCP
  selector:
    app: vsphere-csi-controller
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver`
			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
			`name: vsphere-csi-controller`
			`namespace: {{ .Release.Namespace }}`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: vsphere-csi-controller`
			`template:`
			`metadata:`
			`labels:`
			`app: vsphere-csi-controller`
			`role: vsphere-csi`
			`spec:`
			`{{- if .Values.csiController.nodeSelector }}`
Update node selector logic to use node affinity 2021-08-28 00:34:25 +00:00			`nodeSelector:`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`{{- with .Values.csiController.nodeSelector }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- else }}`
Update node selector logic to use node affinity 2021-08-28 00:34:25 +00:00			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`# RKE node selector label`
			`- key: node-role.kubernetes.io/controlplane`
			`operator: In`
			`values:`
			`- "true"`
			`- matchExpressions:`
			`# RKE2 node selector label`
			`- key: node-role.kubernetes.io/control-plane`
			`operator: In`
			`values:`
			`- "true"`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`{{- end }}`
Update node selector logic to use node affinity 2021-08-28 00:34:25 +00:00			`serviceAccountName: vsphere-csi-controller`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`tolerations:`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`# Rancher specific change: These tolerations are intentionally different from upstream to avoid lessening the scope to only NoSchedule with a specific key`
			`# - key: node-role.kubernetes.io/master`
			`# operator: Exists`
			`# effect: NoSchedule`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`- operator: "Exists"`
			`effect: NoSchedule`
			`- operator: "Exists"`
			`effect: NoExecute`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`# uncomment below toleration if you need an aggressive pod eviction in case when`
			`# node becomes not-ready or unreachable. Default is 300 seconds if not specified.`
			`#- key: node.kubernetes.io/not-ready`
			`# operator: Exists`
			`# effect: NoExecute`
			`# tolerationSeconds: 30`
			`#- key: node.kubernetes.io/unreachable`
			`# operator: Exists`
			`# effect: NoExecute`
			`# tolerationSeconds: 30`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`dnsPolicy: "Default"`
			`containers:`
			`- name: csi-attacher`
			`image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}"`
			`args:`
			`- "--v=4"`
			`- "--timeout=300s"`
			`- "--csi-address=$(ADDRESS)"`
			`- "--leader-election"`
			`env:`
			`- name: ADDRESS`
			`value: /csi/csi.sock`
			`volumeMounts:`
			`- mountPath: /csi`
			`name: socket-dir`
			`{{- if .Values.csiController.csiResizer.enabled }}`
			`- name: csi-resizer`
			`image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}"`
			`args:`
			`- "--v=4"`
			`- "--timeout=300s"`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`- "--handle-volume-inuse-error=false"`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`- "--csi-address=$(ADDRESS)"`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`- "--kube-api-qps=100"`
			`- "--kube-api-burst=100"`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`- "--leader-election"`
			`env:`
			`- name: ADDRESS`
			`value: /csi/csi.sock`
			`volumeMounts:`
			`- mountPath: /csi`
			`name: socket-dir`
			`{{- end }}`
			`- name: vsphere-csi-controller`
			`image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}"`
			`args:`
			`- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"`
			`- "--fss-namespace=$(CSI_NAMESPACE)"`
			`imagePullPolicy: "Always"`
			`env:`
			`- name: CSI_ENDPOINT`
			`value: unix:///csi/csi.sock`
			`- name: X_CSI_MODE`
			`value: "controller"`
			`- name: VSPHERE_CSI_CONFIG`
			`value: "/etc/cloud/csi-vsphere.conf"`
			`- name: LOGGER_LEVEL`
			`value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION`
			`- name: INCLUSTER_CLIENT_QPS`
			`value: "100"`
			`- name: INCLUSTER_CLIENT_BURST`
			`value: "100"`
			`- name: CSI_NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`- name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT`
			`value: 3m`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`volumeMounts:`
			`- mountPath: /etc/cloud`
			`name: vsphere-config-volume`
			`readOnly: true`
			`- mountPath: /csi`
			`name: socket-dir`
			`ports:`
			`- name: healthz`
			`containerPort: 9808`
			`protocol: TCP`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`- name: prometheus`
			`containerPort: 2112`
			`protocol: TCP`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`livenessProbe:`
			`httpGet:`
			`path: /healthz`
			`port: healthz`
			`initialDelaySeconds: 10`
			`timeoutSeconds: 3`
			`periodSeconds: 5`
			`failureThreshold: 3`
			`- name: liveness-probe`
			`image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}"`
			`args:`
			`- "--v=4"`
			`- "--csi-address=/csi/csi.sock"`
			`volumeMounts:`
			`- name: socket-dir`
			`mountPath: /csi`
			`- name: vsphere-syncer`
			`image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}"`
			`args:`
			`- "--leader-election"`
			`- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"`
			`- "--fss-namespace=$(CSI_NAMESPACE)"`
			`imagePullPolicy: "Always"`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`ports:`
			`- containerPort: 2113`
			`name: prometheus`
			`protocol: TCP`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`env:`
			`- name: FULL_SYNC_INTERVAL_MINUTES`
			`value: "30"`
			`- name: VSPHERE_CSI_CONFIG`
			`value: "/etc/cloud/csi-vsphere.conf"`
			`- name: LOGGER_LEVEL`
			`value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION`
			`- name: INCLUSTER_CLIENT_QPS`
			`value: "100"`
			`- name: INCLUSTER_CLIENT_BURST`
			`value: "100"`
			`- name: CSI_NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
			`volumeMounts:`
			`- mountPath: /etc/cloud`
			`name: vsphere-config-volume`
			`readOnly: true`
			`- name: csi-provisioner`
			`image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}"`
			`args:`
			`- "--v=4"`
			`- "--timeout=300s"`
			`- "--csi-address=$(ADDRESS)"`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`- "--kube-api-qps=100"`
			`- "--kube-api-burst=100"`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`- "--leader-election"`
			`- "--default-fstype=ext4"`
			`# needed only for topology aware setup`
			`#- "--feature-gates=Topology=true"`
			`#- "--strict-topology"`
			`env:`
			`- name: ADDRESS`
			`value: /csi/csi.sock`
			`volumeMounts:`
			`- mountPath: /csi`
			`name: socket-dir`
			`volumes:`
			`- name: vsphere-config-volume`
			`secret:`
			`secretName: {{ .Values.vCenter.configSecret.name }}`
			`- name: socket-dir`
			`emptyDir: {}`
			`---`
			`apiVersion: v1`
			`data:`
			`"csi-migration": {{ .Values.csiMigration.enabled \| quote }}`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`"csi-auth-check": {{ .Values.csiAuthCheck.enabled \| quote }}`
			`"online-volume-extend": {{ .Values.onlineVolumeExtend.enabled \| quote }}`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`kind: ConfigMap`
			`metadata:`
			`name: internal-feature-states.csi.vsphere.vmware.com`
			`namespace: {{ .Release.Namespace }}`
			`---`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1`
Checkout current packages from dev-v2.5-source ```bash git fetch upstream git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` 2021-05-17 22:30:18 +00:00			`kind: CSIDriver`
			`metadata:`
			`name: csi.vsphere.vmware.com`
			`spec:`
			`attachRequired: true`
			`podInfoOnMount: false`
			`---`
Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. 2021-05-17 22:34:49 +00:00			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: vsphere-csi-controller`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app: vsphere-csi-controller`
			`spec:`
			`ports:`
			`- name: ctlr`
			`port: 2112`
			`targetPort: 2112`
			`protocol: TCP`
			`- name: syncer`
			`port: 2113`
			`targetPort: 2113`
			`protocol: TCP`
			`selector:`
			`app: vsphere-csi-controller`