k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-plugin.yaml (about) 1 # All of the individual sidecar RBAC roles get bound 2 # to this account. 3 kind: ServiceAccount 4 apiVersion: v1 5 metadata: 6 name: csi-hostpathplugin-sa 7 namespace: default 8 labels: 9 app.kubernetes.io/instance: hostpath.csi.k8s.io 10 app.kubernetes.io/part-of: csi-driver-host-path 11 app.kubernetes.io/name: csi-hostpathplugin 12 app.kubernetes.io/component: serviceaccount 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRoleBinding 16 metadata: 17 labels: 18 app.kubernetes.io/instance: hostpath.csi.k8s.io 19 app.kubernetes.io/part-of: csi-driver-host-path 20 app.kubernetes.io/name: csi-hostpathplugin 21 app.kubernetes.io/component: attacher-cluster-role 22 name: csi-hostpathplugin-attacher-cluster-role 23 roleRef: 24 apiGroup: rbac.authorization.k8s.io 25 kind: ClusterRole 26 name: external-attacher-runner 27 subjects: 28 - kind: ServiceAccount 29 name: csi-hostpathplugin-sa 30 namespace: default 31 --- 32 apiVersion: rbac.authorization.k8s.io/v1 33 kind: ClusterRoleBinding 34 metadata: 35 labels: 36 app.kubernetes.io/instance: hostpath.csi.k8s.io 37 app.kubernetes.io/part-of: csi-driver-host-path 38 app.kubernetes.io/name: csi-hostpathplugin 39 app.kubernetes.io/component: health-monitor-controller-cluster-role 40 name: csi-hostpathplugin-health-monitor-controller-cluster-role 41 roleRef: 42 apiGroup: rbac.authorization.k8s.io 43 kind: ClusterRole 44 name: external-health-monitor-controller-runner 45 subjects: 46 - kind: ServiceAccount 47 name: csi-hostpathplugin-sa 48 namespace: default 49 --- 50 apiVersion: rbac.authorization.k8s.io/v1 51 kind: ClusterRoleBinding 52 metadata: 53 labels: 54 app.kubernetes.io/instance: hostpath.csi.k8s.io 55 app.kubernetes.io/part-of: csi-driver-host-path 56 app.kubernetes.io/name: csi-hostpathplugin 57 app.kubernetes.io/component: provisioner-cluster-role 58 name: csi-hostpathplugin-provisioner-cluster-role 59 roleRef: 60 apiGroup: rbac.authorization.k8s.io 61 kind: ClusterRole 62 name: external-provisioner-runner 63 subjects: 64 - kind: ServiceAccount 65 name: csi-hostpathplugin-sa 66 namespace: default 67 --- 68 apiVersion: rbac.authorization.k8s.io/v1 69 kind: ClusterRoleBinding 70 metadata: 71 labels: 72 app.kubernetes.io/instance: hostpath.csi.k8s.io 73 app.kubernetes.io/part-of: csi-driver-host-path 74 app.kubernetes.io/name: csi-hostpathplugin 75 app.kubernetes.io/component: resizer-cluster-role 76 name: csi-hostpathplugin-resizer-cluster-role 77 roleRef: 78 apiGroup: rbac.authorization.k8s.io 79 kind: ClusterRole 80 name: external-resizer-runner 81 subjects: 82 - kind: ServiceAccount 83 name: csi-hostpathplugin-sa 84 namespace: default 85 --- 86 apiVersion: rbac.authorization.k8s.io/v1 87 kind: ClusterRoleBinding 88 metadata: 89 labels: 90 app.kubernetes.io/instance: hostpath.csi.k8s.io 91 app.kubernetes.io/part-of: csi-driver-host-path 92 app.kubernetes.io/name: csi-hostpathplugin 93 app.kubernetes.io/component: snapshotter-cluster-role 94 name: csi-hostpathplugin-snapshotter-cluster-role 95 roleRef: 96 apiGroup: rbac.authorization.k8s.io 97 kind: ClusterRole 98 name: external-snapshotter-runner 99 subjects: 100 - kind: ServiceAccount 101 name: csi-hostpathplugin-sa 102 namespace: default 103 --- 104 apiVersion: rbac.authorization.k8s.io/v1 105 kind: RoleBinding 106 metadata: 107 labels: 108 app.kubernetes.io/instance: hostpath.csi.k8s.io 109 app.kubernetes.io/part-of: csi-driver-host-path 110 app.kubernetes.io/name: csi-hostpathplugin 111 app.kubernetes.io/component: attacher-role 112 name: csi-hostpathplugin-attacher-role 113 roleRef: 114 apiGroup: rbac.authorization.k8s.io 115 kind: Role 116 name: external-attacher-cfg 117 subjects: 118 - kind: ServiceAccount 119 name: csi-hostpathplugin-sa 120 --- 121 apiVersion: rbac.authorization.k8s.io/v1 122 kind: RoleBinding 123 metadata: 124 labels: 125 app.kubernetes.io/instance: hostpath.csi.k8s.io 126 app.kubernetes.io/part-of: csi-driver-host-path 127 app.kubernetes.io/name: csi-hostpathplugin 128 app.kubernetes.io/component: health-monitor-controller-role 129 name: csi-hostpathplugin-health-monitor-controller-role 130 roleRef: 131 apiGroup: rbac.authorization.k8s.io 132 kind: Role 133 name: external-health-monitor-controller-cfg 134 subjects: 135 - kind: ServiceAccount 136 name: csi-hostpathplugin-sa 137 --- 138 apiVersion: rbac.authorization.k8s.io/v1 139 kind: RoleBinding 140 metadata: 141 labels: 142 app.kubernetes.io/instance: hostpath.csi.k8s.io 143 app.kubernetes.io/part-of: csi-driver-host-path 144 app.kubernetes.io/name: csi-hostpathplugin 145 app.kubernetes.io/component: provisioner-role 146 name: csi-hostpathplugin-provisioner-role 147 roleRef: 148 apiGroup: rbac.authorization.k8s.io 149 kind: Role 150 name: external-provisioner-cfg 151 subjects: 152 - kind: ServiceAccount 153 name: csi-hostpathplugin-sa 154 --- 155 apiVersion: rbac.authorization.k8s.io/v1 156 kind: RoleBinding 157 metadata: 158 labels: 159 app.kubernetes.io/instance: hostpath.csi.k8s.io 160 app.kubernetes.io/part-of: csi-driver-host-path 161 app.kubernetes.io/name: csi-hostpathplugin 162 app.kubernetes.io/component: resizer-role 163 name: csi-hostpathplugin-resizer-role 164 roleRef: 165 apiGroup: rbac.authorization.k8s.io 166 kind: Role 167 name: external-resizer-cfg 168 subjects: 169 - kind: ServiceAccount 170 name: csi-hostpathplugin-sa 171 --- 172 apiVersion: rbac.authorization.k8s.io/v1 173 kind: RoleBinding 174 metadata: 175 labels: 176 app.kubernetes.io/instance: hostpath.csi.k8s.io 177 app.kubernetes.io/part-of: csi-driver-host-path 178 app.kubernetes.io/name: csi-hostpathplugin 179 app.kubernetes.io/component: snapshotter-role 180 name: csi-hostpathplugin-snapshotter-role 181 roleRef: 182 apiGroup: rbac.authorization.k8s.io 183 kind: Role 184 name: external-snapshotter-leaderelection 185 subjects: 186 - kind: ServiceAccount 187 name: csi-hostpathplugin-sa 188 --- 189 kind: StatefulSet 190 apiVersion: apps/v1 191 metadata: 192 name: csi-hostpathplugin 193 namespace: default 194 labels: 195 app.kubernetes.io/instance: hostpath.csi.k8s.io 196 app.kubernetes.io/part-of: csi-driver-host-path 197 app.kubernetes.io/name: csi-hostpathplugin 198 app.kubernetes.io/component: plugin 199 spec: 200 serviceName: "csi-hostpathplugin" 201 # One replica only: 202 # Host path driver only works when everything runs 203 # on a single node. 204 replicas: 1 205 selector: 206 matchLabels: 207 app.kubernetes.io/instance: hostpath.csi.k8s.io 208 app.kubernetes.io/part-of: csi-driver-host-path 209 app.kubernetes.io/name: csi-hostpathplugin 210 app.kubernetes.io/component: plugin 211 template: 212 metadata: 213 labels: 214 app.kubernetes.io/instance: hostpath.csi.k8s.io 215 app.kubernetes.io/part-of: csi-driver-host-path 216 app.kubernetes.io/name: csi-hostpathplugin 217 app.kubernetes.io/component: plugin 218 spec: 219 serviceAccountName: csi-hostpathplugin-sa 220 containers: 221 - name: hostpath 222 image: registry.k8s.io/sig-storage/hostpathplugin:v1.13.0 223 args: 224 - "--drivername=hostpath.csi.k8s.io" 225 - "--v=5" 226 - "--endpoint=$(CSI_ENDPOINT)" 227 - "--nodeid=$(KUBE_NODE_NAME)" 228 env: 229 - name: CSI_ENDPOINT 230 value: unix:///csi/csi.sock 231 - name: KUBE_NODE_NAME 232 valueFrom: 233 fieldRef: 234 apiVersion: v1 235 fieldPath: spec.nodeName 236 securityContext: 237 privileged: true 238 ports: 239 - containerPort: 9898 240 name: healthz 241 protocol: TCP 242 livenessProbe: 243 failureThreshold: 5 244 httpGet: 245 path: /healthz 246 port: healthz 247 initialDelaySeconds: 10 248 timeoutSeconds: 3 249 periodSeconds: 2 250 volumeMounts: 251 - mountPath: /csi 252 name: socket-dir 253 - mountPath: /var/lib/kubelet/pods 254 mountPropagation: Bidirectional 255 name: mountpoint-dir 256 - mountPath: /var/lib/kubelet/plugins 257 mountPropagation: Bidirectional 258 name: plugins-dir 259 - mountPath: /csi-data-dir 260 name: csi-data-dir 261 - mountPath: /dev 262 name: dev-dir 263 264 - name: csi-external-health-monitor-controller 265 image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 266 args: 267 - "--v=5" 268 - "--csi-address=$(ADDRESS)" 269 - "--leader-election" 270 env: 271 - name: ADDRESS 272 value: /csi/csi.sock 273 imagePullPolicy: "IfNotPresent" 274 volumeMounts: 275 - name: socket-dir 276 mountPath: /csi 277 278 - name: node-driver-registrar 279 image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 280 args: 281 - --v=5 282 - --csi-address=/csi/csi.sock 283 - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-hostpath/csi.sock 284 securityContext: 285 # This is necessary only for systems with SELinux, where 286 # non-privileged sidecar containers cannot access unix domain socket 287 # created by privileged CSI driver container. 288 privileged: true 289 env: 290 - name: KUBE_NODE_NAME 291 valueFrom: 292 fieldRef: 293 apiVersion: v1 294 fieldPath: spec.nodeName 295 volumeMounts: 296 - mountPath: /csi 297 name: socket-dir 298 - mountPath: /registration 299 name: registration-dir 300 - mountPath: /csi-data-dir 301 name: csi-data-dir 302 303 - name: liveness-probe 304 volumeMounts: 305 - mountPath: /csi 306 name: socket-dir 307 image: registry.k8s.io/sig-storage/livenessprobe:v2.12.0 308 args: 309 - --csi-address=/csi/csi.sock 310 - --health-port=9898 311 312 - name: csi-attacher 313 image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 314 args: 315 - --v=5 316 - --csi-address=/csi/csi.sock 317 securityContext: 318 # This is necessary only for systems with SELinux, where 319 # non-privileged sidecar containers cannot access unix domain socket 320 # created by privileged CSI driver container. 321 privileged: true 322 volumeMounts: 323 - mountPath: /csi 324 name: socket-dir 325 326 - name: csi-provisioner 327 image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 328 args: 329 - -v=5 330 - --csi-address=/csi/csi.sock 331 - --feature-gates=Topology=true 332 # end csi-provisioner args 333 securityContext: 334 # This is necessary only for systems with SELinux, where 335 # non-privileged sidecar containers cannot access unix domain socket 336 # created by privileged CSI driver container. 337 privileged: true 338 volumeMounts: 339 - mountPath: /csi 340 name: socket-dir 341 342 - name: csi-resizer 343 image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 344 args: 345 - -v=5 346 - -csi-address=/csi/csi.sock 347 securityContext: 348 # This is necessary only for systems with SELinux, where 349 # non-privileged sidecar containers cannot access unix domain socket 350 # created by privileged CSI driver container. 351 privileged: true 352 volumeMounts: 353 - mountPath: /csi 354 name: socket-dir 355 356 - name: csi-snapshotter 357 image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 358 args: 359 - -v=5 360 - --csi-address=/csi/csi.sock 361 securityContext: 362 # This is necessary only for systems with SELinux, where 363 # non-privileged sidecar containers cannot access unix domain socket 364 # created by privileged CSI driver container. 365 privileged: true 366 volumeMounts: 367 - mountPath: /csi 368 name: socket-dir 369 370 volumes: 371 - hostPath: 372 path: /var/lib/kubelet/plugins/csi-hostpath 373 type: DirectoryOrCreate 374 name: socket-dir 375 - hostPath: 376 path: /var/lib/kubelet/pods 377 type: DirectoryOrCreate 378 name: mountpoint-dir 379 - hostPath: 380 path: /var/lib/kubelet/plugins_registry 381 type: Directory 382 name: registration-dir 383 - hostPath: 384 path: /var/lib/kubelet/plugins 385 type: Directory 386 name: plugins-dir 387 - hostPath: 388 # 'path' is where PV data is persisted on host. 389 # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot 390 path: /var/lib/csi-hostpath-data/ 391 type: DirectoryOrCreate 392 name: csi-data-dir 393 - hostPath: 394 path: /dev 395 type: Directory 396 name: dev-dir