github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/csi-s3/templates/attacher.yaml

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/csi-s3/templates/attacher.yaml (about)

     1  {{- if not .Values.multiCSI -}}
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    name: csi-attacher-sa-{{ .Values.csiName }}
     6    namespace: {{ .Release.Namespace }}
     7  ---
     8  kind: ClusterRole
     9  apiVersion: rbac.authorization.k8s.io/v1
    10  metadata:
    11    name: external-attacher-runner-{{ .Values.csiName }}
    12  rules:
    13    - apiGroups: [""]
    14      resources: ["secrets"]
    15      verbs: ["get", "list"]
    16    - apiGroups: [""]
    17      resources: ["events"]
    18      verbs: ["get", "list", "watch", "update"]
    19    - apiGroups: [""]
    20      resources: ["persistentvolumes"]
    21      verbs: ["get", "list", "watch", "update"]
    22    - apiGroups: [""]
    23      resources: ["nodes"]
    24      verbs: ["get", "list", "watch"]
    25    - apiGroups: ["storage.k8s.io"]
    26      resources: ["csinodes"]
    27      verbs: ["get", "list", "watch"]
    28    - apiGroups: ["storage.k8s.io"]
    29      resources: ["volumeattachments"]
    30      verbs: ["get", "list", "watch", "update", "patch"]
    31    - apiGroups: ["storage.k8s.io"]
    32      resources: ["volumeattachments/status"]
    33      verbs: ["patch"]
    34  ---
    35  kind: ClusterRoleBinding
    36  apiVersion: rbac.authorization.k8s.io/v1
    37  metadata:
    38    name: csi-attacher-role-{{ .Values.csiName }}
    39  subjects:
    40    - kind: ServiceAccount
    41      name: csi-attacher-sa-{{ .Values.csiName }}
    42      namespace: {{ .Release.Namespace }}
    43  roleRef:
    44    kind: ClusterRole
    45    name: external-attacher-runner-{{ .Values.csiName }}
    46    apiGroup: rbac.authorization.k8s.io
    47  ---
    48  # needed for StatefulSet
    49  kind: Service
    50  apiVersion: v1
    51  metadata:
    52    name: csi-attacher-s3
    53    namespace: {{ .Release.Namespace }}
    54    labels:
    55      app: csi-attacher-s3
    56  spec:
    57    selector:
    58      app: csi-attacher-s3
    59    ports:
    60      - name: csi-s3-dummy
    61        port: 65535
    62  ---
    63  kind: StatefulSet
    64  apiVersion: apps/v1
    65  metadata:
    66    name: csi-attacher-s3
    67    namespace: {{ .Release.Namespace }}
    68  spec:
    69    serviceName: "csi-attacher-s3"
    70    replicas: 1
    71    selector:
    72      matchLabels:
    73        app: csi-attacher-s3
    74    template:
    75      metadata:
    76        labels:
    77          app: csi-attacher-s3
    78      spec:
    79        serviceAccount: csi-attacher-sa-{{ .Values.csiName }}
    80        {{- with .Values.affinity }}
    81        affinity:
    82          {{- toYaml . | nindent 8 }}
    83        {{- end }}
    84        {{- with .Values.tolerations }}
    85        tolerations:
    86          {{- toYaml . | nindent 8 }}
    87        {{- end }}
    88        containers:
    89          - name: csi-attacher
    90            image: "{{ template "csi-s3.imageFullName" (dict "image" .Values.images.attacher "root" .) }}"
    91            args:
    92              - "--v=4"
    93              - "--csi-address=$(ADDRESS)"
    94            env:
    95              - name: ADDRESS
    96                value: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi/csi.sock
    97            imagePullPolicy: "{{ template "csi-s3.imagePullPolicy" (dict "image" .Values.images.attacher "root" .) }}"
    98            volumeMounts:
    99              - name: socket-dir
   100                mountPath: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi
   101        volumes:
   102          - name: socket-dir
   103            hostPath:
   104              path: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi
   105              type: DirectoryOrCreate
   106  {{- end -}}