sigs.k8s.io/cluster-api-provider-aws@v1.5.5/test/e2e/data/infrastructure-aws/kustomize_sources/external-csi/aws-ebs-csi-external.yaml (about) 1 apiVersion: v1 2 kind: Secret 3 metadata: 4 name: aws-secret 5 namespace: kube-system 6 stringData: 7 key_id: "" 8 access_key: "" 9 --- 10 apiVersion: v1 11 kind: ServiceAccount 12 metadata: 13 labels: 14 app.kubernetes.io/name: aws-ebs-csi-driver 15 name: ebs-csi-controller-sa 16 namespace: kube-system 17 --- 18 apiVersion: v1 19 kind: ServiceAccount 20 metadata: 21 labels: 22 app.kubernetes.io/name: aws-ebs-csi-driver 23 name: ebs-csi-node-sa 24 namespace: kube-system 25 --- 26 apiVersion: rbac.authorization.k8s.io/v1 27 kind: ClusterRole 28 metadata: 29 labels: 30 app.kubernetes.io/name: aws-ebs-csi-driver 31 name: ebs-external-attacher-role 32 rules: 33 - apiGroups: 34 - "" 35 resources: 36 - persistentvolumes 37 verbs: 38 - get 39 - list 40 - watch 41 - update 42 - patch 43 - apiGroups: 44 - "" 45 resources: 46 - nodes 47 verbs: 48 - get 49 - list 50 - watch 51 - apiGroups: 52 - csi.storage.k8s.io 53 resources: 54 - csinodeinfos 55 verbs: 56 - get 57 - list 58 - watch 59 - apiGroups: 60 - storage.k8s.io 61 resources: 62 - volumeattachments 63 verbs: 64 - get 65 - list 66 - watch 67 - update 68 - patch 69 - apiGroups: 70 - storage.k8s.io 71 resources: 72 - volumeattachments/status 73 verbs: 74 - patch 75 --- 76 apiVersion: rbac.authorization.k8s.io/v1 77 kind: ClusterRole 78 metadata: 79 labels: 80 app.kubernetes.io/name: aws-ebs-csi-driver 81 name: ebs-external-provisioner-role 82 rules: 83 - apiGroups: 84 - "" 85 resources: 86 - persistentvolumes 87 verbs: 88 - get 89 - list 90 - watch 91 - create 92 - delete 93 - apiGroups: 94 - "" 95 resources: 96 - persistentvolumeclaims 97 verbs: 98 - get 99 - list 100 - watch 101 - update 102 - apiGroups: 103 - storage.k8s.io 104 resources: 105 - storageclasses 106 verbs: 107 - get 108 - list 109 - watch 110 - apiGroups: 111 - "" 112 resources: 113 - events 114 verbs: 115 - list 116 - watch 117 - create 118 - update 119 - patch 120 - apiGroups: 121 - snapshot.storage.k8s.io 122 resources: 123 - volumesnapshots 124 verbs: 125 - get 126 - list 127 - apiGroups: 128 - snapshot.storage.k8s.io 129 resources: 130 - volumesnapshotcontents 131 verbs: 132 - get 133 - list 134 - apiGroups: 135 - storage.k8s.io 136 resources: 137 - csinodes 138 verbs: 139 - get 140 - list 141 - watch 142 - apiGroups: 143 - "" 144 resources: 145 - nodes 146 verbs: 147 - get 148 - list 149 - watch 150 - apiGroups: 151 - coordination.k8s.io 152 resources: 153 - leases 154 verbs: 155 - get 156 - watch 157 - list 158 - delete 159 - update 160 - create 161 - apiGroups: 162 - storage.k8s.io 163 resources: 164 - volumeattachments 165 verbs: 166 - get 167 - list 168 - watch 169 --- 170 apiVersion: rbac.authorization.k8s.io/v1 171 kind: ClusterRole 172 metadata: 173 labels: 174 app.kubernetes.io/name: aws-ebs-csi-driver 175 name: ebs-external-resizer-role 176 rules: 177 - apiGroups: 178 - "" 179 resources: 180 - persistentvolumes 181 verbs: 182 - get 183 - list 184 - watch 185 - update 186 - patch 187 - apiGroups: 188 - "" 189 resources: 190 - persistentvolumeclaims 191 verbs: 192 - get 193 - list 194 - watch 195 - apiGroups: 196 - "" 197 resources: 198 - persistentvolumeclaims/status 199 verbs: 200 - update 201 - patch 202 - apiGroups: 203 - storage.k8s.io 204 resources: 205 - storageclasses 206 verbs: 207 - get 208 - list 209 - watch 210 - apiGroups: 211 - "" 212 resources: 213 - events 214 verbs: 215 - list 216 - watch 217 - create 218 - update 219 - patch 220 - apiGroups: 221 - "" 222 resources: 223 - pods 224 verbs: 225 - get 226 - list 227 - watch 228 --- 229 apiVersion: rbac.authorization.k8s.io/v1 230 kind: ClusterRole 231 metadata: 232 labels: 233 app.kubernetes.io/name: aws-ebs-csi-driver 234 name: ebs-external-snapshotter-role 235 rules: 236 - apiGroups: 237 - "" 238 resources: 239 - events 240 verbs: 241 - list 242 - watch 243 - create 244 - update 245 - patch 246 - apiGroups: 247 - "" 248 resources: 249 - secrets 250 verbs: 251 - get 252 - list 253 - apiGroups: 254 - snapshot.storage.k8s.io 255 resources: 256 - volumesnapshotclasses 257 verbs: 258 - get 259 - list 260 - watch 261 - apiGroups: 262 - snapshot.storage.k8s.io 263 resources: 264 - volumesnapshotcontents 265 verbs: 266 - create 267 - get 268 - list 269 - watch 270 - update 271 - delete 272 - apiGroups: 273 - snapshot.storage.k8s.io 274 resources: 275 - volumesnapshotcontents/status 276 verbs: 277 - update 278 --- 279 apiVersion: rbac.authorization.k8s.io/v1 280 kind: ClusterRoleBinding 281 metadata: 282 labels: 283 app.kubernetes.io/name: aws-ebs-csi-driver 284 name: ebs-csi-attacher-binding 285 roleRef: 286 apiGroup: rbac.authorization.k8s.io 287 kind: ClusterRole 288 name: ebs-external-attacher-role 289 subjects: 290 - kind: ServiceAccount 291 name: ebs-csi-controller-sa 292 namespace: kube-system 293 --- 294 apiVersion: rbac.authorization.k8s.io/v1 295 kind: ClusterRoleBinding 296 metadata: 297 labels: 298 app.kubernetes.io/name: aws-ebs-csi-driver 299 name: ebs-csi-provisioner-binding 300 roleRef: 301 apiGroup: rbac.authorization.k8s.io 302 kind: ClusterRole 303 name: ebs-external-provisioner-role 304 subjects: 305 - kind: ServiceAccount 306 name: ebs-csi-controller-sa 307 namespace: kube-system 308 --- 309 apiVersion: rbac.authorization.k8s.io/v1 310 kind: ClusterRoleBinding 311 metadata: 312 labels: 313 app.kubernetes.io/name: aws-ebs-csi-driver 314 name: ebs-csi-resizer-binding 315 roleRef: 316 apiGroup: rbac.authorization.k8s.io 317 kind: ClusterRole 318 name: ebs-external-resizer-role 319 subjects: 320 - kind: ServiceAccount 321 name: ebs-csi-controller-sa 322 namespace: kube-system 323 --- 324 apiVersion: rbac.authorization.k8s.io/v1 325 kind: ClusterRoleBinding 326 metadata: 327 labels: 328 app.kubernetes.io/name: aws-ebs-csi-driver 329 name: ebs-csi-snapshotter-binding 330 roleRef: 331 apiGroup: rbac.authorization.k8s.io 332 kind: ClusterRole 333 name: ebs-external-snapshotter-role 334 subjects: 335 - kind: ServiceAccount 336 name: ebs-csi-controller-sa 337 namespace: kube-system 338 --- 339 apiVersion: apps/v1 340 kind: Deployment 341 metadata: 342 labels: 343 app.kubernetes.io/name: aws-ebs-csi-driver 344 name: ebs-csi-controller 345 namespace: kube-system 346 spec: 347 replicas: 2 348 selector: 349 matchLabels: 350 app: ebs-csi-controller 351 app.kubernetes.io/name: aws-ebs-csi-driver 352 template: 353 metadata: 354 labels: 355 app: ebs-csi-controller 356 app.kubernetes.io/name: aws-ebs-csi-driver 357 spec: 358 containers: 359 - args: 360 - --endpoint=$(CSI_ENDPOINT) 361 - --logtostderr 362 - --v=2 363 env: 364 - name: CSI_ENDPOINT 365 value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock 366 - name: CSI_NODE_NAME 367 valueFrom: 368 fieldRef: 369 fieldPath: spec.nodeName 370 - name: AWS_ACCESS_KEY_ID 371 valueFrom: 372 secretKeyRef: 373 key: key_id 374 name: aws-secret 375 optional: true 376 - name: AWS_SECRET_ACCESS_KEY 377 valueFrom: 378 secretKeyRef: 379 key: access_key 380 name: aws-secret 381 optional: true 382 image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.2.0 383 imagePullPolicy: IfNotPresent 384 livenessProbe: 385 failureThreshold: 5 386 httpGet: 387 path: /healthz 388 port: healthz 389 initialDelaySeconds: 10 390 periodSeconds: 10 391 timeoutSeconds: 3 392 name: ebs-plugin 393 ports: 394 - containerPort: 9808 395 name: healthz 396 protocol: TCP 397 readinessProbe: 398 failureThreshold: 5 399 httpGet: 400 path: /healthz 401 port: healthz 402 initialDelaySeconds: 10 403 periodSeconds: 10 404 timeoutSeconds: 3 405 volumeMounts: 406 - mountPath: /var/lib/csi/sockets/pluginproxy/ 407 name: socket-dir 408 - args: 409 - --csi-address=$(ADDRESS) 410 - --v=2 411 - --feature-gates=Topology=true 412 - --extra-create-metadata 413 - --leader-election=true 414 - --default-fstype=ext4 415 env: 416 - name: ADDRESS 417 value: /var/lib/csi/sockets/pluginproxy/csi.sock 418 image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.1 419 name: csi-provisioner 420 volumeMounts: 421 - mountPath: /var/lib/csi/sockets/pluginproxy/ 422 name: socket-dir 423 - args: 424 - --csi-address=$(ADDRESS) 425 - --v=2 426 - --leader-election=true 427 env: 428 - name: ADDRESS 429 value: /var/lib/csi/sockets/pluginproxy/csi.sock 430 image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 431 name: csi-attacher 432 volumeMounts: 433 - mountPath: /var/lib/csi/sockets/pluginproxy/ 434 name: socket-dir 435 - args: 436 - --csi-address=$(ADDRESS) 437 - --leader-election=true 438 env: 439 - name: ADDRESS 440 value: /var/lib/csi/sockets/pluginproxy/csi.sock 441 image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 442 name: csi-snapshotter 443 volumeMounts: 444 - mountPath: /var/lib/csi/sockets/pluginproxy/ 445 name: socket-dir 446 - args: 447 - --csi-address=$(ADDRESS) 448 - --v=2 449 env: 450 - name: ADDRESS 451 value: /var/lib/csi/sockets/pluginproxy/csi.sock 452 image: registry.k8s.io/sig-storage/csi-resizer:v1.0.0 453 imagePullPolicy: Always 454 name: csi-resizer 455 volumeMounts: 456 - mountPath: /var/lib/csi/sockets/pluginproxy/ 457 name: socket-dir 458 - args: 459 - --csi-address=/csi/csi.sock 460 image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0 461 name: liveness-probe 462 volumeMounts: 463 - mountPath: /csi 464 name: socket-dir 465 nodeSelector: 466 kubernetes.io/os: linux 467 priorityClassName: system-cluster-critical 468 serviceAccountName: ebs-csi-controller-sa 469 tolerations: 470 - key: CriticalAddonsOnly 471 operator: Exists 472 - effect: NoExecute 473 operator: Exists 474 tolerationSeconds: 300 475 - key: node-role.kubernetes.io/master 476 effect: NoSchedule 477 - effect: NoSchedule 478 key: node-role.kubernetes.io/control-plane 479 affinity: 480 nodeAffinity: 481 requiredDuringSchedulingIgnoredDuringExecution: 482 nodeSelectorTerms: 483 - matchExpressions: 484 - key: node-role.kubernetes.io/control-plane 485 operator: Exists 486 - matchExpressions: 487 - key: node-role.kubernetes.io/master 488 operator: Exists 489 volumes: 490 - emptyDir: {} 491 name: socket-dir 492 --- 493 apiVersion: policy/v1beta1 494 kind: PodDisruptionBudget 495 metadata: 496 labels: 497 app.kubernetes.io/name: aws-ebs-csi-driver 498 name: ebs-csi-controller 499 namespace: kube-system 500 spec: 501 maxUnavailable: 1 502 selector: 503 matchLabels: 504 app: ebs-csi-controller 505 app.kubernetes.io/name: aws-ebs-csi-driver 506 --- 507 apiVersion: apps/v1 508 kind: DaemonSet 509 metadata: 510 labels: 511 app.kubernetes.io/name: aws-ebs-csi-driver 512 name: ebs-csi-node 513 namespace: kube-system 514 spec: 515 selector: 516 matchLabels: 517 app: ebs-csi-node 518 app.kubernetes.io/name: aws-ebs-csi-driver 519 template: 520 metadata: 521 labels: 522 app: ebs-csi-node 523 app.kubernetes.io/name: aws-ebs-csi-driver 524 spec: 525 affinity: 526 nodeAffinity: 527 requiredDuringSchedulingIgnoredDuringExecution: 528 nodeSelectorTerms: 529 - matchExpressions: 530 - key: eks.amazonaws.com/compute-type 531 operator: NotIn 532 values: 533 - fargate 534 containers: 535 - args: 536 - node 537 - --endpoint=$(CSI_ENDPOINT) 538 - --logtostderr 539 - --v=2 540 env: 541 - name: CSI_ENDPOINT 542 value: unix:/csi/csi.sock 543 - name: CSI_NODE_NAME 544 valueFrom: 545 fieldRef: 546 fieldPath: spec.nodeName 547 image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.2.0 548 livenessProbe: 549 failureThreshold: 5 550 httpGet: 551 path: /healthz 552 port: healthz 553 initialDelaySeconds: 10 554 periodSeconds: 10 555 timeoutSeconds: 3 556 name: ebs-plugin 557 ports: 558 - containerPort: 9808 559 name: healthz 560 protocol: TCP 561 securityContext: 562 privileged: true 563 volumeMounts: 564 - mountPath: /var/lib/kubelet 565 mountPropagation: Bidirectional 566 name: kubelet-dir 567 - mountPath: /csi 568 name: plugin-dir 569 - mountPath: /dev 570 name: device-dir 571 - args: 572 - --csi-address=$(ADDRESS) 573 - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) 574 - --v=2 575 env: 576 - name: ADDRESS 577 value: /csi/csi.sock 578 - name: DRIVER_REG_SOCK_PATH 579 value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock 580 image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 581 name: node-driver-registrar 582 volumeMounts: 583 - mountPath: /csi 584 name: plugin-dir 585 - mountPath: /registration 586 name: registration-dir 587 - args: 588 - --csi-address=/csi/csi.sock 589 image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0 590 name: liveness-probe 591 volumeMounts: 592 - mountPath: /csi 593 name: plugin-dir 594 nodeSelector: 595 kubernetes.io/os: linux 596 priorityClassName: system-node-critical 597 serviceAccountName: ebs-csi-node-sa 598 tolerations: 599 - key: CriticalAddonsOnly 600 operator: Exists 601 - effect: NoExecute 602 operator: Exists 603 tolerationSeconds: 300 604 volumes: 605 - hostPath: 606 path: /var/lib/kubelet 607 type: Directory 608 name: kubelet-dir 609 - hostPath: 610 path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ 611 type: DirectoryOrCreate 612 name: plugin-dir 613 - hostPath: 614 path: /var/lib/kubelet/plugins_registry/ 615 type: Directory 616 name: registration-dir 617 - hostPath: 618 path: /dev 619 type: Directory 620 name: device-dir 621 updateStrategy: 622 rollingUpdate: 623 maxUnavailable: 10% 624 type: RollingUpdate 625 --- 626 apiVersion: storage.k8s.io/v1 627 kind: CSIDriver 628 metadata: 629 labels: 630 app.kubernetes.io/name: aws-ebs-csi-driver 631 name: ebs.csi.aws.com 632 spec: 633 attachRequired: true 634 podInfoOnMount: false