{{- if or (eq (.Values.selinuxSupport | default "off") "enforced") (eq (.Values.selinuxSupport | toString) "mixed") }} kind: DaemonSet apiVersion: apps/v1 metadata: name: {{ .Release.Name }}-node-selinux namespace: {{ .Release.Namespace }} spec: selector: matchLabels: app: {{ .Release.Name }}-node template: metadata: labels: app: {{ .Release.Name }}-node component: {{ .Release.Name }}-node-selinux release: {{ .Release.Name }} {{- if .Values.metrics.enabled }} annotations: prometheus.io/scrape: 'true' prometheus.io/path: '/metrics' prometheus.io/port: '{{ .Values.metrics.port | default 9090 }}' {{- end }} spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: {{ .Values.selinuxNodeLabel }} operator: In values: - "true" {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8}} {{- end }} serviceAccountName: {{ .Release.Name }}-node {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} hostNetwork: true containers: - name: wekafs securityContext: privileged: true image: {{ .Values.images.csidriver }}:v{{ .Values.images.csidriverTag }} imagePullPolicy: Always args: - "--v={{ .Values.logLevel | default 5 }}" - "--drivername=$(CSI_DRIVER_NAME)" - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--dynamic-path=$(CSI_DYNAMIC_PATH)" - "--csimode=$(X_CSI_MODE)" - "--newvolumeprefix={{ .Values.pluginConfig.objectNaming.volumePrefix | default "csivol-" | trunc 7 }}" - "--newsnapshotprefix={{ .Values.pluginConfig.objectNaming.snapshotPrefix | default "csisnp-" | trunc 7 }}" - "--seedsnapshotprefix={{ .Values.pluginConfig.objectNaming.seedSnapshotPrefix | default "csisnp-seed-" | trunc 12 }}" - "--selinux-support" {{- if .Values.tracingUrl }} - "--tracingurl={{ .Values.tracingUrl }}" {{- end }} {{- if .Values.metrics.enabled }} - "--enablemetrics" - "--metricsport={{ .Values.metrics.port | default 9090 }}" {{- end }} {{- if .Values.pluginConfig.allowInsecureHttps }} - "--allowinsecurehttps" {{- end }} {{- if .Values.useJsonLogging }} - "--usejsonlogging" {{- end }} {{- if .Values.pluginConfig.mutuallyExclusiveMountOptions }} {{- range .Values.pluginConfig.mutuallyExclusiveMountOptions }} - "--mutuallyexclusivemountoptions={{ . }}" {{- end }} {{- end }} {{- if .Values.node.grpcRequestTimeoutSeconds }} - "--grpcrequesttimeoutseconds={{ .Values.node.grpcRequestTimeoutSeconds | default "5" }}" {{- end }} {{- if .Values.node.concurrency }} - "--concurrency.nodePublishVolume={{ .Values.node.concurrency.nodePublishVolume | default "1" }}" - "--concurrency.nodeUnpublishVolume={{ .Values.node.concurrency.nodeUnpublishVolume | default "1" }}" {{- end }} ports: - containerPort: 9898 name: healthz protocol: TCP {{- if .Values.metrics.enabled }} - containerPort: {{ .Values.metrics.port }} name: metrics protocol: TCP {{- end }} livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 2 env: - name: CSI_DRIVER_NAME value: {{ required "Provide CSI Driver Name" .Values.csiDriverName }} - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_DYNAMIC_PATH value: {{ required "Provide CSI Driver Dynamic Volume Creation Path" .Values.dynamicProvisionPath }} - name: X_CSI_MODE value: node volumeMounts: - mountPath: /csi name: socket-dir - mountPath: {{ .Values.kubeletPath | default "/var/lib/kubelet" }}/pods mountPropagation: Bidirectional name: mountpoint-dir - mountPath: {{ .Values.kubeletPath | default "/var/lib/kubelet" }}/plugins mountPropagation: Bidirectional name: plugins-dir - mountPath: /var/lib/csi-wekafs-data name: csi-data-dir - mountPath: /dev name: dev-dir {{- if .Values.legacyVolumeSecretName }} - mountPath: /legacy-volume-access name: legacy-volume-access readOnly: true {{- end }} - name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir image: {{ required "Provide Liveness Probe image." .Values.images.livenessprobesidecar }} args: - "--v={{ .Values.logLevel | default 5 }}" - "--csi-address=$(ADDRESS)" - "--health-port=$(HEALTH_PORT)" env: - name: ADDRESS value: unix:///csi/csi.sock - name: HEALTH_PORT value: "9898" - name: csi-registrar image: {{ required "Provide the csi node registrar sidecar container image." .Values.images.registrarsidecar }} args: - "--v={{ .Values.logLevel | default 5 }}" - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(KUBELET_REGISTRATION_PATH)" - "--timeout=60s" - "--health-port=9809" ports: - containerPort: 9809 name: healthz livenessProbe: httpGet: port: healthz path: /healthz initialDelaySeconds: 5 timeoutSeconds: 5 securityContext: privileged: true env: - name: ADDRESS value: unix:///csi/csi.sock - name: KUBELET_REGISTRATION_PATH value: "{{ (.Values.kubeletPath | default "/var/lib/kubelet") | toString }}/plugins/csi-wekafs-node/csi.sock" volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /registration name: registration-dir - mountPath: /var/lib/csi-wekafs-data name: csi-data-dir {{- with .Values.nodePluginTolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - hostPath: path: {{ .Values.kubeletPath | default "/var/lib/kubelet" }}/pods type: DirectoryOrCreate name: mountpoint-dir - hostPath: path: {{ .Values.kubeletPath | default "/var/lib/kubelet" }}/plugins_registry type: Directory name: registration-dir - hostPath: path: {{ .Values.kubeletPath | default "/var/lib/kubelet" }}/plugins type: Directory name: plugins-dir - hostPath: path: {{ .Values.kubeletPath | default "/var/lib/kubelet" }}/plugins/csi-wekafs-node type: DirectoryOrCreate name: socket-dir - hostPath: # 'path' is where PV data is persisted on host. # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot path: /var/lib/csi-wekafs-data/ type: DirectoryOrCreate name: csi-data-dir - hostPath: path: /dev type: Directory name: dev-dir {{- if .Values.legacyVolumeSecretName }} - name: legacy-volume-access secret: secretName: {{ .Values.legacyVolumeSecretName }} {{- end }} {{- end }}