github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/csi-s3/templates/csi-s3.yaml (about) 1 {{- if not .Values.multiCSI -}} 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: csi-s3 6 namespace: {{ .Release.Namespace }} 7 --- 8 kind: ClusterRole 9 apiVersion: rbac.authorization.k8s.io/v1 10 metadata: 11 name: csi-s3 12 rules: 13 - apiGroups: [""] 14 resources: ["secrets"] 15 verbs: ["get", "list"] 16 - apiGroups: [""] 17 resources: ["nodes"] 18 verbs: ["get", "list", "update"] 19 - apiGroups: [""] 20 resources: ["namespaces"] 21 verbs: ["get", "list"] 22 - apiGroups: [""] 23 resources: ["persistentvolumes"] 24 verbs: ["get", "list", "watch", "update"] 25 - apiGroups: ["storage.k8s.io"] 26 resources: ["volumeattachments"] 27 verbs: ["get", "list", "watch", "update"] 28 --- 29 kind: ClusterRoleBinding 30 apiVersion: rbac.authorization.k8s.io/v1 31 metadata: 32 name: csi-s3 33 subjects: 34 - kind: ServiceAccount 35 name: csi-s3 36 namespace: {{ .Release.Namespace }} 37 roleRef: 38 kind: ClusterRole 39 name: csi-s3 40 apiGroup: rbac.authorization.k8s.io 41 --- 42 kind: DaemonSet 43 apiVersion: apps/v1 44 metadata: 45 name: csi-s3 46 namespace: {{ .Release.Namespace }} 47 spec: 48 selector: 49 matchLabels: 50 app: csi-s3 51 template: 52 metadata: 53 labels: 54 app: csi-s3 55 spec: 56 serviceAccount: csi-s3 57 {{- with .Values.daemonsetTolerations }} 58 tolerations: 59 {{- toYaml . | nindent 8 }} 60 {{- end }} 61 hostNetwork: true 62 dnsPolicy: ClusterFirstWithHostNet 63 containers: 64 - name: driver-registrar 65 image: "{{ template "csi-s3.imageFullName" (dict "image" .Values.images.registrar "root" .) }}" 66 args: 67 - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" 68 - "--v=4" 69 - "--csi-address=$(ADDRESS)" 70 env: 71 - name: ADDRESS 72 value: /csi/csi.sock 73 - name: DRIVER_REG_SOCK_PATH 74 value: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi/csi.sock 75 - name: KUBE_NODE_NAME 76 valueFrom: 77 fieldRef: 78 fieldPath: spec.nodeName 79 volumeMounts: 80 - name: plugin-dir 81 mountPath: /csi 82 - name: registration-dir 83 mountPath: /registration/ 84 - name: csi-s3 85 securityContext: 86 privileged: true 87 capabilities: 88 add: ["SYS_ADMIN"] 89 allowPrivilegeEscalation: true 90 image: "{{ template "csi-s3.imageFullName" (dict "image" .Values.images.csi "root" .) }}" 91 imagePullPolicy: "{{ template "csi-s3.imagePullPolicy" (dict "image" .Values.images.csi "root" .) }}" 92 args: 93 - "--endpoint=$(CSI_ENDPOINT)" 94 - "--nodeid=$(NODE_ID)" 95 - "--v=4" 96 env: 97 - name: CSI_ENDPOINT 98 value: unix:///csi/csi.sock 99 - name: NODE_ID 100 valueFrom: 101 fieldRef: 102 fieldPath: spec.nodeName 103 volumeMounts: 104 - name: plugin-dir 105 mountPath: /csi 106 - name: pods-mount-dir 107 mountPath: {{ .Values.kubeletPath }}/pods 108 mountPropagation: "Bidirectional" 109 - name: fuse-device 110 mountPath: /dev/fuse 111 volumes: 112 - name: registration-dir 113 hostPath: 114 path: {{ .Values.kubeletPath }}/plugins_registry/ 115 type: DirectoryOrCreate 116 - name: plugin-dir 117 hostPath: 118 path: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi 119 type: DirectoryOrCreate 120 - name: pods-mount-dir 121 hostPath: 122 path: {{ .Values.kubeletPath }}/pods 123 type: Directory 124 - name: fuse-device 125 hostPath: 126 path: /dev/fuse 127 {{- end -}}