{{- template "applyVersionOverrides" . -}} kind: Deployment apiVersion: apps/v1 metadata: name: vsphere-csi-controller namespace: {{ .Release.Namespace }} spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 0 selector: matchLabels: app: vsphere-csi-controller template: metadata: labels: app: vsphere-csi-controller role: vsphere-csi spec: serviceAccountName: vsphere-csi-controller {{- if .Values.csiController.nodeSelector }} nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} {{- with .Values.csiController.nodeSelector }} {{- toYaml . | nindent 8 }} {{- end }} {{- else }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: # RKE node selector label - key: node-role.kubernetes.io/controlplane operator: In values: - "true" - matchExpressions: # RKE2 node selector label - key: node-role.kubernetes.io/control-plane operator: In values: - "true" - matchExpressions: # Rancher node selector label - key: kubernetes.io/os operator: NotIn values: - "windows" {{- end }} {{- if .Values.csiController.tolerations }} tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} {{- with .Values.csiController.tolerations }} {{- toYaml . | nindent 8 }} {{- end }} {{- else }} tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints - key: node-role.kubernetes.io/controlplane effect: NoSchedule value: "true" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: Exists - key: node-role.kubernetes.io/etcd effect: NoExecute operator: Exists {{- end }} dnsPolicy: "Default" containers: - name: csi-attacher image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}" args: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" - "--leader-election" - "--kube-api-qps=100" - "--kube-api-burst=100" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir {{- if .Values.csiController.csiResizer.enabled }} - name: csi-resizer image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}" args: - "--v=4" - "--timeout=300s" - "--handle-volume-inuse-error=false" - "--csi-address=$(ADDRESS)" - "--kube-api-qps=100" - "--kube-api-burst=100" - "--leader-election" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir {{- end }} - name: vsphere-csi-controller image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}" args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" - "--use-gocsi=false" imagePullPolicy: "Always" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: X_CSI_MODE value: "controller" - name: X_CSI_SPEC_DISABLE_LEN_CHECK value: "true" - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT value: 3m - name: VSPHERE_CSI_CONFIG value: "/etc/cloud/csi-vsphere.conf" - name: LOGGER_LEVEL value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION - name: INCLUSTER_CLIENT_QPS value: "100" - name: INCLUSTER_CLIENT_BURST value: "100" - name: CSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume readOnly: true - mountPath: /csi name: socket-dir ports: - name: healthz containerPort: 9808 protocol: TCP - name: prometheus containerPort: 2112 protocol: TCP livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 5 failureThreshold: 3 - name: liveness-probe image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}" args: - "--v=4" - "--csi-address=/csi/csi.sock" volumeMounts: - name: socket-dir mountPath: /csi - name: vsphere-syncer image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}" args: - "--leader-election" - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" imagePullPolicy: "Always" ports: - containerPort: 2113 name: prometheus protocol: TCP env: - name: FULL_SYNC_INTERVAL_MINUTES value: "30" - name: VSPHERE_CSI_CONFIG value: "/etc/cloud/csi-vsphere.conf" - name: LOGGER_LEVEL value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION - name: INCLUSTER_CLIENT_QPS value: "100" - name: INCLUSTER_CLIENT_BURST value: "100" - name: CSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume readOnly: true - name: csi-provisioner image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}" args: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" - "--kube-api-qps=100" - "--kube-api-burst=100" - "--leader-election" - "--default-fstype=ext4" # needed only for topology aware setup #- "--feature-gates=Topology=true" #- "--strict-topology" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir volumes: - name: vsphere-config-volume secret: secretName: {{ .Values.vCenter.configSecret.name }} - name: socket-dir emptyDir: {}