github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/csi-s3/templates/provisioner.yaml (about) 1 {{- if not .Values.multiCSI -}} 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: csi-provisioner-sa-{{ .Values.csiName }} 6 namespace: {{ .Release.Namespace }} 7 --- 8 kind: ClusterRole 9 apiVersion: rbac.authorization.k8s.io/v1 10 metadata: 11 name: external-provisioner-runner-{{ .Values.csiName }} 12 rules: 13 - apiGroups: [""] 14 resources: ["secrets"] 15 verbs: ["get", "list"] 16 - apiGroups: [""] 17 resources: ["persistentvolumes"] 18 verbs: ["get", "list", "watch", "create", "delete"] 19 - apiGroups: [""] 20 resources: ["persistentvolumeclaims"] 21 verbs: ["get", "list", "watch", "update"] 22 - apiGroups: ["storage.k8s.io"] 23 resources: ["storageclasses"] 24 verbs: ["get", "list", "watch"] 25 - apiGroups: [""] 26 resources: ["events"] 27 verbs: ["list", "watch", "create", "update", "patch"] 28 --- 29 kind: ClusterRoleBinding 30 apiVersion: rbac.authorization.k8s.io/v1 31 metadata: 32 name: csi-provisioner-role-{{ .Values.csiName }} 33 subjects: 34 - kind: ServiceAccount 35 name: csi-provisioner-sa-{{ .Values.csiName }} 36 namespace: {{ .Release.Namespace }} 37 roleRef: 38 kind: ClusterRole 39 name: external-provisioner-runner-{{ .Values.csiName }} 40 apiGroup: rbac.authorization.k8s.io 41 --- 42 kind: Service 43 apiVersion: v1 44 metadata: 45 name: csi-provisioner-s3 46 namespace: {{ .Release.Namespace }} 47 labels: 48 app: csi-provisioner-s3 49 spec: 50 selector: 51 app: csi-provisioner-s3 52 ports: 53 - name: csi-s3-dummy 54 port: 65535 55 --- 56 kind: StatefulSet 57 apiVersion: apps/v1 58 metadata: 59 name: csi-provisioner-s3 60 namespace: {{ .Release.Namespace }} 61 spec: 62 serviceName: "csi-provisioner-s3" 63 replicas: 1 64 selector: 65 matchLabels: 66 app: csi-provisioner-s3 67 template: 68 metadata: 69 labels: 70 app: csi-provisioner-s3 71 spec: 72 serviceAccount: csi-provisioner-sa-{{ .Values.csiName }} 73 {{- with .Values.affinity }} 74 affinity: 75 {{- toYaml . | nindent 8 }} 76 {{- end }} 77 {{- with .Values.tolerations }} 78 tolerations: 79 {{- toYaml . | nindent 8 }} 80 {{- end }} 81 containers: 82 - name: csi-provisioner 83 image: "{{ template "csi-s3.imageFullName" (dict "image" .Values.images.provisioner "root" .) }}" 84 args: 85 - "--csi-address=$(ADDRESS)" 86 - "--v=4" 87 env: 88 - name: ADDRESS 89 value: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi/csi.sock 90 imagePullPolicy: "{{ template "csi-s3.imagePullPolicy" (dict "image" .Values.images.provisioner "root" .) }}" 91 volumeMounts: 92 - name: socket-dir 93 mountPath: {{ .Values.kubeletPath }}/plugins/ru.yandex.s3.csi 94 - name: csi-s3 95 image: "{{ template "csi-s3.imageFullName" (dict "image" .Values.images.csi "root" .) }}" 96 imagePullPolicy: "{{ template "csi-s3.imagePullPolicy" (dict "image" .Values.images.csi "root" .) }}" 97 args: 98 - "--endpoint=$(CSI_ENDPOINT)" 99 - "--nodeid=$(NODE_ID)" 100 - "--v=4" 101 env: 102 - name: CSI_ENDPOINT 103 value: unix://{{ .Values.kubeletPath }}/kubelet/plugins/ru.yandex.s3.csi/csi.sock 104 - name: NODE_ID 105 valueFrom: 106 fieldRef: 107 fieldPath: spec.nodeName 108 volumeMounts: 109 - name: socket-dir 110 mountPath: {{ .Values.kubeletPath }}/kubelet/plugins/ru.yandex.s3.csi 111 volumes: 112 - name: socket-dir 113 emptyDir: {} 114 {{- end -}}