581 lines
24 KiB
YAML
581 lines
24 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ .Release.Name }}-controller
|
|
namespace: {{ .Release.Namespace }}
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ .Release.Name }}-controller
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["events"]
|
|
verbs: ["list", "watch", "create", "update", "patch"]
|
|
- apiGroups: [""]
|
|
resources: ["nodes"]
|
|
{{- if hasKey .Values "podmon" }}
|
|
{{- if eq .Values.podmon.enabled true }}
|
|
verbs: ["get", "list", "watch", "patch"]
|
|
{{- else }}
|
|
verbs: ["get", "list", "watch"]
|
|
{{- end }}
|
|
{{- end }}
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumes"]
|
|
verbs: ["get", "list", "watch", "create", "delete", "update"]
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumeclaims"]
|
|
verbs: ["get", "list", "watch", "update"]
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
{{- if hasKey .Values "podmon" }}
|
|
{{- if eq .Values.podmon.enabled true }}
|
|
verbs: ["get", "list", "watch", "update", "delete"]
|
|
{{- else }}
|
|
verbs: ["get", "list", "watch"]
|
|
{{- end }}
|
|
{{- end }}
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["storageclasses"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["volumeattachments"]
|
|
{{- if hasKey .Values "podmon" }}
|
|
{{- if eq .Values.podmon.enabled true }}
|
|
verbs: ["get", "list", "watch", "update", "patch", "delete"]
|
|
{{- else }}
|
|
verbs: ["get", "list", "watch", "update", "patch"]
|
|
{{- end }}
|
|
{{- end }}
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["volumeattachments/status"]
|
|
verbs: ["patch"]
|
|
- apiGroups: ["csi.storage.k8s.io"]
|
|
resources: ["csinodeinfos"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["csinodes"]
|
|
verbs: ["get", "list", "watch", "update"]
|
|
# below for snapshotter
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "list"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotclasses"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotcontents"]
|
|
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshots"]
|
|
verbs: ["get", "list", "watch", "update"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshots/status"]
|
|
verbs: ["update", "patch"]
|
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
|
resources: ["volumesnapshotcontents/status"]
|
|
verbs: ["update"]
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources: ["customresourcedefinitions"]
|
|
verbs: ["create", "list", "watch", "delete"]
|
|
# below for resizer
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumes"]
|
|
verbs: ["update", "patch"]
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumeclaims/status"]
|
|
verbs: ["update", "patch"]
|
|
- apiGroups: ["coordination.k8s.io"]
|
|
resources: ["leases"]
|
|
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
|
# below for dell-csi-replicator
|
|
{{- if hasKey .Values.controller "replication" }}
|
|
{{- if eq .Values.controller.replication.enabled true}}
|
|
- apiGroups: ["replication.storage.dell.com"]
|
|
resources: ["dellcsireplicationgroups"]
|
|
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
|
|
- apiGroups: ["replication.storage.dell.com"]
|
|
resources: ["dellcsireplicationgroups/status"]
|
|
verbs: ["get", "patch", "update"]
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["create", "delete", "get", "list", "watch", "update", "patch"]
|
|
{{- end}}
|
|
{{- end}}
|
|
{{- if eq (include "csi-isilon.isStorageCapacitySupported" .) "true" }}
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["csistoragecapacities"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["replicasets"]
|
|
verbs: ["get"]
|
|
{{- end }}
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ .Release.Name }}-controller
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ .Release.Name }}-controller
|
|
namespace: {{ .Release.Namespace }}
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: {{ .Release.Name }}-controller
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: {{ .Release.Name }}-controller
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- if hasKey .Values "authorization" }}
|
|
{{- if eq .Values.authorization.enabled true }}
|
|
annotations:
|
|
com.dell.karavi-authorization-proxy: "true"
|
|
{{ end }}
|
|
{{ end }}
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: {{ .Release.Name }}-controller
|
|
{{- if lt (.Values.controller.controllerCount | toString | atoi ) 1 -}}
|
|
{{- fail "value for .Values.controller.controllerCount should be atleast 1" }}
|
|
{{- else }}
|
|
replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }}
|
|
{{- end }}
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ .Release.Name }}-controller
|
|
spec:
|
|
serviceAccount: {{ .Release.Name }}-controller
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- {{ .Release.Name }}-controller
|
|
topologyKey: kubernetes.io/hostname
|
|
{{ if .Values.controller.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
|
|
{{ end }}
|
|
{{ if .Values.controller.tolerations }}
|
|
tolerations:
|
|
{{- toYaml .Values.controller.tolerations | nindent 8 }}
|
|
{{ end }}
|
|
containers:
|
|
{{- $encModes := list false }}
|
|
{{- if eq .Values.encryption.enabled true }}
|
|
{{- $encModes = list false true }}
|
|
{{- end }}
|
|
{{- range $encrypted := $encModes }}
|
|
{{- with $ }}
|
|
{{- $driverSock := "csi.sock" }}
|
|
{{- $csiSidecarSuffix := "" }}
|
|
{{- if $encrypted }}
|
|
{{- $driverSock = "csi-sec.sock" }}
|
|
{{- $csiSidecarSuffix = "-sec" }}
|
|
{{- end }}
|
|
{{- $driverSockPath := printf "/var/run/csi/%s" $driverSock }}
|
|
{{- if not $encrypted }}
|
|
{{- if hasKey .Values "podmon" }}
|
|
{{- if eq .Values.podmon.enabled true }}
|
|
- name: podmon
|
|
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
|
|
env:
|
|
- name: MY_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: MY_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: MY_POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
- name: csi-isilon-config-params
|
|
mountPath: /csi-isilon-config-params
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if hasKey .Values.controller "replication" }}
|
|
{{- if eq .Values.controller.replication.enabled true}}
|
|
- name: dell-csi-replicator
|
|
image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--leader-election=true"
|
|
- "--worker-threads=2"
|
|
- "--retry-interval-start=1s"
|
|
- "--retry-interval-max=300s"
|
|
- "--timeout=300s"
|
|
- "--context-prefix={{ .Values.controller.replication.replicationContextPrefix}}"
|
|
- "--prefix={{ .Values.controller.replication.replicationPrefix}}"
|
|
env:
|
|
- name: X_CSI_REPLICATION_CONFIG_DIR
|
|
value: /csi-isilon-config-params
|
|
- name: X_CSI_REPLICATION_CONFIG_FILE_NAME
|
|
value: driver-config-params.yaml
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
- name: csi-isilon-config-params
|
|
mountPath: /csi-isilon-config-params
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if hasKey .Values.controller "resizer" }}
|
|
{{- if eq .Values.controller.resizer.enabled true }}
|
|
- name: resizer{{ $csiSidecarSuffix }}
|
|
image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--leader-election"
|
|
- "--timeout=120s"
|
|
- "--v=5"
|
|
{{- if hasKey .Values.controller "leaderElection" }}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
|
|
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
|
|
{{end}}
|
|
{{end}}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
{{ end }}
|
|
{{ end }}
|
|
- name: csi-metadata-retriever {{ $csiSidecarSuffix }}
|
|
image: {{ required "Must provide the CSI metadata retriever container image." .Values.images.metadataretriever }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--timeout=120s"
|
|
- "--v=5"
|
|
command: [ "/csi-metadata-retriever" ]
|
|
env:
|
|
- name: CSI_RETRIEVER_ENDPOINT
|
|
value: /var/run/csi/csi_retriever.sock
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
- name: attacher{{ $csiSidecarSuffix }}
|
|
image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--v=5"
|
|
- "--leader-election"
|
|
- "--timeout=180s"
|
|
{{- if hasKey .Values.controller "leaderElection" }}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
|
|
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
|
|
{{end}}
|
|
{{end}}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
{{- if not $encrypted }}
|
|
{{- if hasKey .Values.controller "healthMonitor" }}
|
|
{{- if eq .Values.controller.healthMonitor.enabled true }}
|
|
- name: external-health-monitor-controller
|
|
image: {{ required "Must provide the CSI external-health-monitor-controller container image." .Values.images.healthmonitor }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--v=5"
|
|
- "--leader-election"
|
|
- "--enable-node-watcher=true"
|
|
- "--monitor-interval={{ .Values.controller.healthMonitor.interval | default "60s" }}"
|
|
- "--timeout=180s"
|
|
- "--http-endpoint=:8080"
|
|
{{- if hasKey .Values.controller "leaderElection" }}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
|
|
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
|
|
{{end}}
|
|
{{end}}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
{{end}}
|
|
{{end}}
|
|
{{- end }}
|
|
- name: provisioner{{ $csiSidecarSuffix }}
|
|
image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--volume-name-prefix={{ required "Must provide a value to prefix to driver created volume names" .Values.controller.volumeNamePrefix }}"
|
|
- "--volume-name-uuid-length=10"
|
|
- "--worker-threads=5"
|
|
- "--timeout=120s"
|
|
- "--v=5"
|
|
- "--feature-gates=Topology=true"
|
|
- "--leader-election"
|
|
- "--extra-create-metadata"
|
|
- "--enable-capacity={{ (include "csi-isilon.isStorageCapacitySupported" .) | default false }}"
|
|
- "--capacity-ownerref-level=2"
|
|
- "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}"
|
|
{{- if hasKey .Values.controller "leaderElection" }}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
|
|
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
|
|
{{end}}
|
|
{{end}}
|
|
env:
|
|
- name: NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
{{- if hasKey .Values.controller "snapshot" }}
|
|
{{- if eq .Values.controller.snapshot.enabled true }}
|
|
- name: snapshotter{{ $csiSidecarSuffix }}
|
|
#image: quay.io/k8scsi/csi-snapshotter:v1.0.0
|
|
image: {{ required "Must provide the CSI snapshotter container image." .Values.images.snapshotter }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- "--csi-address={{ $driverSockPath }}"
|
|
- "--timeout=120s"
|
|
- "--v=5"
|
|
- "--snapshot-name-prefix={{ required "Must privided a Snapshot Name Prefix" .Values.controller.snapshot.snapNamePrefix }}"
|
|
- "--leader-election"
|
|
{{- if hasKey .Values.controller "leaderElection" }}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }}
|
|
- "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}"
|
|
{{end}}
|
|
{{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }}
|
|
- "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}"
|
|
{{end}}
|
|
{{end}}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
{{end}}
|
|
{{end}}
|
|
{{- if not $encrypted }}
|
|
- name: driver
|
|
image: {{ required "Must provide the Isilon driver image repository." .Values.images.driver }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
command: [ "/csi-isilon" ]
|
|
args:
|
|
- "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
|
|
env:
|
|
- name: CSI_ENDPOINT
|
|
value: "{{ $driverSockPath }}"
|
|
- name: CSI_RETRIEVER_ENDPOINT
|
|
value: /var/run/csi/csi_retriever.sock
|
|
- name: X_CSI_MODE
|
|
value: controller
|
|
- name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION
|
|
value: "{{ .Values.skipCertificateValidation }}"
|
|
- name: X_CSI_ISI_AUTH_TYPE
|
|
value: "{{ .Values.isiAuthType }}"
|
|
- name: X_CSI_VERBOSE
|
|
value: "{{ .Values.verbose }}"
|
|
- name: X_CSI_ISI_PORT
|
|
value: "{{ .Values.endpointPort }}"
|
|
- name: X_CSI_ISI_AUTOPROBE
|
|
value: "{{ .Values.autoProbe }}"
|
|
- name: X_CSI_ISI_QUOTA_ENABLED
|
|
value: "{{ .Values.enableQuota }}"
|
|
- name: X_CSI_ISI_ACCESS_ZONE
|
|
value: {{ .Values.isiAccessZone }}
|
|
- name: X_CSI_CUSTOM_TOPOLOGY_ENABLED
|
|
value: "{{ .Values.enableCustomTopology }}"
|
|
- name: X_CSI_ISI_PATH
|
|
value: {{ .Values.isiPath }}
|
|
- name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS
|
|
value: "{{ .Values.isiVolumePathPermissions }}"
|
|
- name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS
|
|
value: "{{ .Values.ignoreUnresolvableHosts }}"
|
|
- name: X_CSI_ISI_NO_PROBE_ON_START
|
|
value: "{{ .Values.noProbeOnStart }}"
|
|
- name: X_CSI_PODMON_ENABLED
|
|
value: "{{ .Values.podmon.enabled }}"
|
|
- name: X_CSI_PODMON_API_PORT
|
|
value: "{{ .Values.podmonAPIPort }}"
|
|
{{- if eq .Values.podmon.enabled true }}
|
|
{{- range $key, $value := .Values.podmon.controller.args }}
|
|
{{- if contains "--arrayConnectivityPollRate" $value }}
|
|
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
|
|
value: "{{ (split "=" $value)._1 }}"
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|
|
{{- if hasKey .Values.controller "replication" }}
|
|
{{- if eq .Values.controller.replication.enabled true}}
|
|
- name: X_CSI_REPLICATION_CONTEXT_PREFIX
|
|
value: {{ .Values.controller.replication.replicationContextPrefix | default "powerscale"}}
|
|
- name: X_CSI_REPLICATION_PREFIX
|
|
value: {{ .Values.controller.replication.replicationPrefix | default "replication.storage.dell.com"}}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if hasKey .Values.controller "healthMonitor" }}
|
|
{{- if eq .Values.controller.healthMonitor.enabled true }}
|
|
- name: X_CSI_HEALTH_MONITOR_ENABLED
|
|
value: "{{ .Values.controller.healthMonitor.enabled }}"
|
|
{{end}}
|
|
{{end}}
|
|
- name: X_CSI_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: SSL_CERT_DIR
|
|
value: /certs
|
|
- name: X_CSI_ISI_CONFIG_PATH
|
|
value: /isilon-configs/config
|
|
- name: X_CSI_MAX_PATH_LIMIT
|
|
value: "{{ .Values.maxPathLen }}"
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
- name: certs
|
|
mountPath: /certs
|
|
readOnly: true
|
|
- name: isilon-configs
|
|
mountPath: /isilon-configs
|
|
- name: csi-isilon-config-params
|
|
mountPath: /csi-isilon-config-params
|
|
{{- end }}
|
|
{{- if not $encrypted }}
|
|
{{- if hasKey .Values "authorization" }}
|
|
{{- if eq .Values.authorization.enabled true }}
|
|
- name: karavi-authorization-proxy
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }}
|
|
env:
|
|
- name: PROXY_HOST
|
|
value: "{{ .Values.authorization.proxyHost }}"
|
|
- name: SKIP_CERTIFICATE_VALIDATION
|
|
value: "{{ .Values.authorization.skipCertificateValidation }}"
|
|
- name: PLUGIN_IDENTIFIER
|
|
value: powerscale
|
|
- name: ACCESS_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: proxy-authz-tokens
|
|
key: access
|
|
- name: REFRESH_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: proxy-authz-tokens
|
|
key: refresh
|
|
volumeMounts:
|
|
- name: karavi-authorization-config
|
|
mountPath: /etc/karavi-authorization/config
|
|
- name: proxy-server-root-certificate
|
|
mountPath: /etc/karavi-authorization/root-certificates
|
|
- name: csi-isilon-config-params
|
|
mountPath: /etc/karavi-authorization
|
|
{{ end }}
|
|
{{ end }}
|
|
{{- end }}
|
|
{{- if $encrypted }}
|
|
- name: driver-sec
|
|
image: {{ .Values.images.encryption }}
|
|
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
|
args:
|
|
- --name={{ .Values.encryption.pluginName }}
|
|
- --nodeId=$(NODE_ID)
|
|
- "--endpoint=unix://var/run/csi/csi-sec.sock"
|
|
- "--targetEndpoint=unix://var/run/csi/csi.sock"
|
|
- --targetType=Isilon
|
|
- --controller
|
|
- --logLevel={{ .Values.encryption.logLevel }}
|
|
{{- range index .Values.encryption.extraArgs }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
env:
|
|
- name: NODE_ID
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/run/csi
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: socket-dir
|
|
emptyDir:
|
|
- name: certs
|
|
projected:
|
|
sources:
|
|
{{- range $i, $e := until (int .Values.certSecretCount ) }}
|
|
- secret:
|
|
name: {{ print $.Release.Name "-certs-" $e }}
|
|
items:
|
|
- key: cert-{{ $e }}
|
|
path: cert-{{ $e }}
|
|
{{- end }}
|
|
- name: isilon-configs
|
|
secret:
|
|
secretName: {{ .Release.Name }}-creds
|
|
- name: csi-isilon-config-params
|
|
configMap:
|
|
name: {{ .Release.Name }}-config-params
|
|
{{- if hasKey .Values "authorization" }}
|
|
{{- if eq .Values.authorization.enabled true }}
|
|
- name: karavi-authorization-config
|
|
secret:
|
|
secretName: karavi-authorization-config
|
|
- name: proxy-server-root-certificate
|
|
secret:
|
|
secretName: proxy-server-root-certificate
|
|
{{ end }}
|
|
{{ end }}
|