apiVersion: v1
kind: ServiceAccount
imagePullSecrets:
- name: {{ .Release.Name }}-creds
metadata:
  name: {{ .Release.Name }}-node
  namespace: {{ .Release.Namespace }}

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ .Release.Name }}-node
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["create", "delete", "get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["persistentvolumesclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: {{ .Release.Name }}-node
subjects:
  - kind: ServiceAccount
    name: {{ .Release.Name }}-node
    namespace: {{ .Release.Namespace }}
roleRef:
  kind: ClusterRole
  name: {{ .Release.Name }}-node
  apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: {{ .Release.Name }}-node
  namespace: {{ .Release.Namespace }}
spec:
  selector:
    matchLabels:
      app: {{ .Release.Name }}-node
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}-node
    spec:
      serviceAccountName: {{ .Release.Name }}-node
      hostNetwork: true
      containers:
        - name: wekafs
          securityContext:
            privileged: true
          image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }}
          imagePullPolicy: Always
          args:
            - "--v=5"
            - "--drivername=$(CSI_DRIVER_NAME)"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--nodeid=$(KUBE_NODE_NAME)"
            - "--dynamic-path=$(CSI_DYNAMIC_PATH)"
            - "--csimode=$(X_CSI_MODE)"
          ports:
            - containerPort: 9898
              name: healthz
              protocol: TCP
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            timeoutSeconds: 3
            periodSeconds: 2
          env:
            - name: CSI_DRIVER_NAME
              value: {{ required "Provide CSI Driver Name"  .Values.csiDriverName }}
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name: CSI_DYNAMIC_PATH
              value: {{ required "Provide CSI Driver Dynamic Volume Creation Path"  .Values.dynamicProvisionPath }}
            - name: X_CSI_MODE
              value: node
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
            - mountPath: /var/lib/kubelet/pods
              mountPropagation: Bidirectional
              name: mountpoint-dir
            - mountPath: /var/lib/kubelet/plugins
              mountPropagation: Bidirectional
              name: plugins-dir
            - mountPath: /var/lib/csi-wekafs-data
              name: csi-data-dir
            - mountPath: /dev
              name: dev-dir

        - name: liveness-probe
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
          image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }}
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--health-port=$(HEALTH_PORT)"
          env:
            - name: ADDRESS
              value: unix:///csi/csi.sock
            - name: HEALTH_PORT
              value: "9898"

        - name: csi-registrar
          image: {{ required "Provide the csi node registrar sidecar container image." .Values.images.registrarsidecar }}
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi-wekafs/csi.sock"
          securityContext:
            privileged: true
          env:
            - name: ADDRESS
              value: unix:///csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
            - mountPath: /registration
              name: registration-dir
            - mountPath: /var/lib/csi-wekafs-data
              name: csi-data-dir
      {{- with .Values.nodePluginTolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - hostPath:
            path: /var/lib/kubelet/plugins/csi-wekafs
            type: DirectoryOrCreate
          name: socket-dir
        - hostPath:
            path: /var/lib/kubelet/pods
            type: DirectoryOrCreate
          name: mountpoint-dir
        - hostPath:
            path: /var/lib/kubelet/plugins_registry
            type: Directory
          name: registration-dir
        - hostPath:
            path: /var/lib/kubelet/plugins
            type: Directory
          name: plugins-dir
        - hostPath:
            # 'path' is where PV data is persisted on host.
            # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot
            path: /var/lib/csi-wekafs-data/
            type: DirectoryOrCreate
          name: csi-data-dir
        - hostPath:
            path: /dev
            type: Directory
          name: dev-dir