183 lines
5.7 KiB
YAML
183 lines
5.7 KiB
YAML
|
apiVersion: v1
|
||
|
|
kind: ServiceAccount
|
||
|
|
imagePullSecrets:
|
||
|
|
- name: {{ .Release.Name }}-creds
|
||
|
|
metadata:
|
||
|
|
name: {{ .Release.Name }}-node
|
||
|
|
namespace: {{ .Release.Namespace }}
|
||
|
|
|
||
|
|
---
|
||
|
|
kind: ClusterRole
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
|
metadata:
|
||
|
|
name: {{ .Release.Name }}-node
|
||
|
|
rules:
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources: ["persistentvolumes"]
|
||
|
|
verbs: ["create", "delete", "get", "list", "watch", "update"]
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources: ["persistentvolumesclaims"]
|
||
|
|
verbs: ["get", "list", "watch", "update"]
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources: ["events"]
|
||
|
|
verbs: ["get", "list", "watch", "create", "update", "patch"]
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources: ["nodes"]
|
||
|
|
verbs: ["get", "list", "watch", "update", "patch"]
|
||
|
|
- apiGroups: ["storage.k8s.io"]
|
||
|
|
resources: ["volumeattachments"]
|
||
|
|
verbs: ["get", "list", "watch", "update"]
|
||
|
|
- apiGroups: ["storage.k8s.io"]
|
||
|
|
resources: ["storageclasses"]
|
||
|
|
verbs: ["get", "list", "watch"]
|
||
|
|
- apiGroups: ["storage.k8s.io"]
|
||
|
|
resources: ["volumeattachments"]
|
||
|
|
verbs: ["get", "list", "watch", "update"]
|
||
|
|
|
||
|
|
---
|
||
|
|
kind: ClusterRoleBinding
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
|
metadata:
|
||
|
|
name: {{ .Release.Name }}-node
|
||
|
|
subjects:
|
||
|
|
- kind: ServiceAccount
|
||
|
|
name: {{ .Release.Name }}-node
|
||
|
|
namespace: {{ .Release.Namespace }}
|
||
|
|
roleRef:
|
||
|
|
kind: ClusterRole
|
||
|
|
name: {{ .Release.Name }}-node
|
||
|
|
apiGroup: rbac.authorization.k8s.io
|
||
|
|
---
|
||
|
|
kind: DaemonSet
|
||
|
|
apiVersion: apps/v1
|
||
|
|
metadata:
|
||
|
|
name: {{ .Release.Name }}-node
|
||
|
|
namespace: {{ .Release.Namespace }}
|
||
|
|
spec:
|
||
|
|
selector:
|
||
|
|
matchLabels:
|
||
|
|
app: {{ .Release.Name }}-node
|
||
|
|
template:
|
||
|
|
metadata:
|
||
|
|
labels:
|
||
|
|
app: {{ .Release.Name }}-node
|
||
|
|
spec:
|
||
|
|
serviceAccountName: {{ .Release.Name }}-node
|
||
|
|
hostNetwork: true
|
||
|
|
containers:
|
||
|
|
- name: wekafs
|
||
|
|
securityContext:
|
||
|
|
privileged: true
|
||
|
|
image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }}
|
||
|
|
imagePullPolicy: Always
|
||
|
|
args:
|
||
|
|
- "--v=5"
|
||
|
|
- "--drivername=$(CSI_DRIVER_NAME)"
|
||
|
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||
|
|
- "--nodeid=$(KUBE_NODE_NAME)"
|
||
|
|
- "--dynamic-path=$(CSI_DYNAMIC_PATH)"
|
||
|
|
- "--csimode=$(X_CSI_MODE)"
|
||
|
|
ports:
|
||
|
|
- containerPort: 9898
|
||
|
|
name: healthz
|
||
|
|
protocol: TCP
|
||
|
|
livenessProbe:
|
||
|
|
failureThreshold: 5
|
||
|
|
httpGet:
|
||
|
|
path: /healthz
|
||
|
|
port: healthz
|
||
|
|
initialDelaySeconds: 10
|
||
|
|
timeoutSeconds: 3
|
||
|
|
periodSeconds: 2
|
||
|
|
env:
|
||
|
|
- name: CSI_DRIVER_NAME
|
||
|
|
value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }}
|
||
|
|
- name: CSI_ENDPOINT
|
||
|
|
value: unix:///csi/csi.sock
|
||
|
|
- name: KUBE_NODE_NAME
|
||
|
|
valueFrom:
|
||
|
|
fieldRef:
|
||
|
|
fieldPath: spec.nodeName
|
||
|
|
- name: CSI_DYNAMIC_PATH
|
||
|
|
value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }}
|
||
|
|
- name: X_CSI_MODE
|
||
|
|
value: node
|
||
|
|
volumeMounts:
|
||
|
|
- mountPath: /csi
|
||
|
|
name: socket-dir
|
||
|
|
- mountPath: /var/lib/kubelet/pods
|
||
|
|
mountPropagation: Bidirectional
|
||
|
|
name: mountpoint-dir
|
||
|
|
- mountPath: /var/lib/kubelet/plugins
|
||
|
|
mountPropagation: Bidirectional
|
||
|
|
name: plugins-dir
|
||
|
|
- mountPath: /var/lib/csi-wekafs-data
|
||
|
|
name: csi-data-dir
|
||
|
|
- mountPath: /dev
|
||
|
|
name: dev-dir
|
||
|
|
|
||
|
|
- name: liveness-probe
|
||
|
|
volumeMounts:
|
||
|
|
- mountPath: /csi
|
||
|
|
name: socket-dir
|
||
|
|
image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }}
|
||
|
|
args:
|
||
|
|
- "--v=5"
|
||
|
|
- "--csi-address=$(ADDRESS)"
|
||
|
|
- "--health-port=$(HEALTH_PORT)"
|
||
|
|
env:
|
||
|
|
- name: ADDRESS
|
||
|
|
value: unix:///csi/csi.sock
|
||
|
|
- name: HEALTH_PORT
|
||
|
|
value: "9898"
|
||
|
|
|
||
|
|
- name: csi-registrar
|
||
|
|
image: {{ required "Provide the csi node registrar sidecar container image." .Values.images.registrarsidecar }}
|
||
|
|
args:
|
||
|
|
- "--v=5"
|
||
|
|
- "--csi-address=$(ADDRESS)"
|
||
|
|
- "--kubelet-registration-path=/var/lib/kubelet/plugins/csi-wekafs/csi.sock"
|
||
|
|
securityContext:
|
||
|
|
privileged: true
|
||
|
|
env:
|
||
|
|
- name: ADDRESS
|
||
|
|
value: unix:///csi/csi.sock
|
||
|
|
volumeMounts:
|
||
|
|
- mountPath: /csi
|
||
|
|
name: socket-dir
|
||
|
|
- mountPath: /registration
|
||
|
|
name: registration-dir
|
||
|
|
- mountPath: /var/lib/csi-wekafs-data
|
||
|
|
name: csi-data-dir
|
||
|
|
{{- with .Values.nodePluginTolerations }}
|
||
|
|
tolerations:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
volumes:
|
||
|
|
- hostPath:
|
||
|
|
path: /var/lib/kubelet/plugins/csi-wekafs
|
||
|
|
type: DirectoryOrCreate
|
||
|
|
name: socket-dir
|
||
|
|
- hostPath:
|
||
|
|
path: /var/lib/kubelet/pods
|
||
|
|
type: DirectoryOrCreate
|
||
|
|
name: mountpoint-dir
|
||
|
|
- hostPath:
|
||
|
|
path: /var/lib/kubelet/plugins_registry
|
||
|
|
type: Directory
|
||
|
|
name: registration-dir
|
||
|
|
- hostPath:
|
||
|
|
path: /var/lib/kubelet/plugins
|
||
|
|
type: Directory
|
||
|
|
name: plugins-dir
|
||
|
|
- hostPath:
|
||
|
|
# 'path' is where PV data is persisted on host.
|
||
|
|
# using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot
|
||
|
|
path: /var/lib/csi-wekafs-data/
|
||
|
|
type: DirectoryOrCreate
|
||
|
|
name: csi-data-dir
|
||
|
|
- hostPath:
|
||
|
|
path: /dev
|
||
|
|
type: Directory
|
||
|
|
name: dev-dir
|