mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
deploy: make the csi-*plugin containers the default for kubectl commands
When issues or bugs are reported, users often share the logs of the default container in a Pod. These logs do not contain the required information, as that mostly only can be found in the logs of the Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin). By moving the Ceph-CSI containers in the Pods to the 1st in the list, they become the default container for commands like `kubectl logs`. Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
parent
c943a38a09
commit
c9e64f9478
@ -42,31 +42,6 @@ spec:
|
|||||||
{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}}
|
{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: driver-registrar
|
|
||||||
# This is necessary only for systems with SELinux, where
|
|
||||||
# non-privileged sidecar containers cannot access unix domain socket
|
|
||||||
# created by privileged CSI driver container.
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
|
|
||||||
args:
|
|
||||||
- "--v={{ .Values.logLevel }}"
|
|
||||||
- "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
|
|
||||||
- "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
|
|
||||||
env:
|
|
||||||
- name: KUBE_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: registration-dir
|
|
||||||
mountPath: /registration
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
|
|
||||||
- name: csi-cephfsplugin
|
- name: csi-cephfsplugin
|
||||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
||||||
@ -141,6 +116,31 @@ spec:
|
|||||||
mountPath: /csi/mountinfo
|
mountPath: /csi/mountinfo
|
||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
||||||
|
- name: driver-registrar
|
||||||
|
# This is necessary only for systems with SELinux, where
|
||||||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||||||
|
# created by privileged CSI driver container.
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- "--v={{ .Values.logLevel }}"
|
||||||
|
- "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
|
||||||
|
- "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
|
||||||
|
env:
|
||||||
|
- name: KUBE_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: registration-dir
|
||||||
|
mountPath: /registration
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
|
||||||
{{- if .Values.nodeplugin.httpMetrics.enabled }}
|
{{- if .Values.nodeplugin.httpMetrics.enabled }}
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -67,6 +67,55 @@ spec:
|
|||||||
{{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}}
|
{{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
|
- name: csi-cephfsplugin
|
||||||
|
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- "--nodeid=$(NODE_ID)"
|
||||||
|
- "--type=cephfs"
|
||||||
|
- "--controllerserver=true"
|
||||||
|
- "--pidlimit=-1"
|
||||||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
|
- "--v={{ .Values.logLevel }}"
|
||||||
|
- "--drivername=$(DRIVER_NAME)"
|
||||||
|
{{- if .Values.provisioner.profiling.enabled }}
|
||||||
|
- "--enableprofiling={{ .Values.provisioner.profiling.enabled }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.provisioner.clustername }}
|
||||||
|
- "--clustername={{ .Values.provisioner.clustername }}"
|
||||||
|
{{- end }}
|
||||||
|
- "--setmetadata={{ .Values.provisioner.setmetadata }}"
|
||||||
|
env:
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: DRIVER_NAME
|
||||||
|
value: {{ .Values.driverName }}
|
||||||
|
- name: NODE_ID
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: host-sys
|
||||||
|
mountPath: /sys
|
||||||
|
- name: lib-modules
|
||||||
|
mountPath: /lib/modules
|
||||||
|
readOnly: true
|
||||||
|
- name: host-dev
|
||||||
|
mountPath: /dev
|
||||||
|
- name: ceph-config
|
||||||
|
mountPath: /etc/ceph/
|
||||||
|
- name: ceph-csi-config
|
||||||
|
mountPath: /etc/ceph-csi-config/
|
||||||
|
- name: keys-tmp-dir
|
||||||
|
mountPath: /tmp/csi/keys
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
||||||
- name: csi-provisioner
|
- name: csi-provisioner
|
||||||
image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}"
|
image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }}
|
||||||
@ -134,55 +183,6 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.provisioner.resizer.resources | indent 12 }}
|
{{ toYaml .Values.provisioner.resizer.resources | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: csi-cephfsplugin
|
|
||||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
|
||||||
args:
|
|
||||||
- "--nodeid=$(NODE_ID)"
|
|
||||||
- "--type=cephfs"
|
|
||||||
- "--controllerserver=true"
|
|
||||||
- "--pidlimit=-1"
|
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
|
||||||
- "--v={{ .Values.logLevel }}"
|
|
||||||
- "--drivername=$(DRIVER_NAME)"
|
|
||||||
{{- if .Values.provisioner.profiling.enabled }}
|
|
||||||
- "--enableprofiling={{ .Values.provisioner.profiling.enabled }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.provisioner.clustername }}
|
|
||||||
- "--clustername={{ .Values.provisioner.clustername }}"
|
|
||||||
{{- end }}
|
|
||||||
- "--setmetadata={{ .Values.provisioner.setmetadata }}"
|
|
||||||
env:
|
|
||||||
- name: POD_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.podIP
|
|
||||||
- name: DRIVER_NAME
|
|
||||||
value: {{ .Values.driverName }}
|
|
||||||
- name: NODE_ID
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
- name: CSI_ENDPOINT
|
|
||||||
value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: host-sys
|
|
||||||
mountPath: /sys
|
|
||||||
- name: lib-modules
|
|
||||||
mountPath: /lib/modules
|
|
||||||
readOnly: true
|
|
||||||
- name: host-dev
|
|
||||||
mountPath: /dev
|
|
||||||
- name: ceph-config
|
|
||||||
mountPath: /etc/ceph/
|
|
||||||
- name: ceph-csi-config
|
|
||||||
mountPath: /etc/ceph-csi-config/
|
|
||||||
- name: keys-tmp-dir
|
|
||||||
mountPath: /tmp/csi/keys
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
|
||||||
{{- if .Values.provisioner.httpMetrics.enabled }}
|
{{- if .Values.provisioner.httpMetrics.enabled }}
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||||
|
@ -42,31 +42,6 @@ spec:
|
|||||||
{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}}
|
{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
- name: driver-registrar
|
|
||||||
# This is necessary only for systems with SELinux, where
|
|
||||||
# non-privileged sidecar containers cannot access unix domain socket
|
|
||||||
# created by privileged CSI driver container.
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
|
|
||||||
args:
|
|
||||||
- "--v={{ .Values.logLevel }}"
|
|
||||||
- "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
|
|
||||||
- "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
|
|
||||||
env:
|
|
||||||
- name: KUBE_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: registration-dir
|
|
||||||
mountPath: /registration
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
|
|
||||||
- name: csi-rbdplugin
|
- name: csi-rbdplugin
|
||||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
||||||
@ -149,6 +124,31 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
||||||
|
- name: driver-registrar
|
||||||
|
# This is necessary only for systems with SELinux, where
|
||||||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||||||
|
# created by privileged CSI driver container.
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- "--v={{ .Values.logLevel }}"
|
||||||
|
- "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
|
||||||
|
- "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
|
||||||
|
env:
|
||||||
|
- name: KUBE_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: registration-dir
|
||||||
|
mountPath: /registration
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
|
||||||
{{- if .Values.nodeplugin.httpMetrics.enabled }}
|
{{- if .Values.nodeplugin.httpMetrics.enabled }}
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -67,6 +67,70 @@ spec:
|
|||||||
{{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}}
|
{{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
containers:
|
containers:
|
||||||
|
- name: csi-rbdplugin
|
||||||
|
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- "--nodeid=$(NODE_ID)"
|
||||||
|
- "--type=rbd"
|
||||||
|
- "--controllerserver=true"
|
||||||
|
- "--pidlimit=-1"
|
||||||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
|
- "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
|
||||||
|
- "--v={{ .Values.logLevel }}"
|
||||||
|
- "--drivername=$(DRIVER_NAME)"
|
||||||
|
- "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}"
|
||||||
|
- "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}"
|
||||||
|
- "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}"
|
||||||
|
- "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}"
|
||||||
|
{{- if .Values.provisioner.skipForceFlatten }}
|
||||||
|
- "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.provisioner.profiling.enabled }}
|
||||||
|
- "--enableprofiling={{ .Values.provisioner.profiling.enabled }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.provisioner.clustername }}
|
||||||
|
- "--clustername={{ .Values.provisioner.clustername }}"
|
||||||
|
{{- end }}
|
||||||
|
- "--setmetadata={{ .Values.provisioner.setmetadata }}"
|
||||||
|
env:
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: DRIVER_NAME
|
||||||
|
value: {{ .Values.driverName }}
|
||||||
|
- name: NODE_ID
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
|
||||||
|
- name: CSI_ADDONS_ENDPOINT
|
||||||
|
value: "unix:///csi/csi-addons.sock"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- mountPath: /dev
|
||||||
|
name: host-dev
|
||||||
|
- mountPath: /sys
|
||||||
|
name: host-sys
|
||||||
|
- mountPath: /lib/modules
|
||||||
|
name: lib-modules
|
||||||
|
readOnly: true
|
||||||
|
- name: ceph-csi-config
|
||||||
|
mountPath: /etc/ceph-csi-config/
|
||||||
|
- name: ceph-config
|
||||||
|
mountPath: /etc/ceph/
|
||||||
|
- name: ceph-csi-encryption-kms-config
|
||||||
|
mountPath: /etc/ceph-csi-encryption-kms-config/
|
||||||
|
- name: keys-tmp-dir
|
||||||
|
mountPath: /tmp/csi/keys
|
||||||
|
- name: oidc-token
|
||||||
|
mountPath: /run/secrets/tokens
|
||||||
|
readOnly: true
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
||||||
- name: csi-provisioner
|
- name: csi-provisioner
|
||||||
image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}"
|
image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}"
|
||||||
imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }}
|
||||||
@ -160,70 +224,6 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
{{ toYaml .Values.provisioner.attacher.resources | indent 12 }}
|
{{ toYaml .Values.provisioner.attacher.resources | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: csi-rbdplugin
|
|
||||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
|
||||||
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
|
|
||||||
args:
|
|
||||||
- "--nodeid=$(NODE_ID)"
|
|
||||||
- "--type=rbd"
|
|
||||||
- "--controllerserver=true"
|
|
||||||
- "--pidlimit=-1"
|
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
|
||||||
- "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
|
|
||||||
- "--v={{ .Values.logLevel }}"
|
|
||||||
- "--drivername=$(DRIVER_NAME)"
|
|
||||||
- "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}"
|
|
||||||
- "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}"
|
|
||||||
- "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}"
|
|
||||||
- "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}"
|
|
||||||
{{- if .Values.provisioner.skipForceFlatten }}
|
|
||||||
- "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.provisioner.profiling.enabled }}
|
|
||||||
- "--enableprofiling={{ .Values.provisioner.profiling.enabled }}"
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.provisioner.clustername }}
|
|
||||||
- "--clustername={{ .Values.provisioner.clustername }}"
|
|
||||||
{{- end }}
|
|
||||||
- "--setmetadata={{ .Values.provisioner.setmetadata }}"
|
|
||||||
env:
|
|
||||||
- name: POD_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.podIP
|
|
||||||
- name: DRIVER_NAME
|
|
||||||
value: {{ .Values.driverName }}
|
|
||||||
- name: NODE_ID
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
- name: CSI_ENDPOINT
|
|
||||||
value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
|
|
||||||
- name: CSI_ADDONS_ENDPOINT
|
|
||||||
value: "unix:///csi/csi-addons.sock"
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- mountPath: /dev
|
|
||||||
name: host-dev
|
|
||||||
- mountPath: /sys
|
|
||||||
name: host-sys
|
|
||||||
- mountPath: /lib/modules
|
|
||||||
name: lib-modules
|
|
||||||
readOnly: true
|
|
||||||
- name: ceph-csi-config
|
|
||||||
mountPath: /etc/ceph-csi-config/
|
|
||||||
- name: ceph-config
|
|
||||||
mountPath: /etc/ceph/
|
|
||||||
- name: ceph-csi-encryption-kms-config
|
|
||||||
mountPath: /etc/ceph-csi-encryption-kms-config/
|
|
||||||
- name: keys-tmp-dir
|
|
||||||
mountPath: /tmp/csi/keys
|
|
||||||
- name: oidc-token
|
|
||||||
mountPath: /run/secrets/tokens
|
|
||||||
readOnly: true
|
|
||||||
resources:
|
|
||||||
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
|
|
||||||
{{- if .Values.provisioner.deployController }}
|
{{- if .Values.provisioner.deployController }}
|
||||||
- name: csi-rbdplugin-controller
|
- name: csi-rbdplugin-controller
|
||||||
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
|
||||||
|
@ -42,6 +42,55 @@ spec:
|
|||||||
serviceAccountName: cephfs-csi-provisioner
|
serviceAccountName: cephfs-csi-provisioner
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
containers:
|
containers:
|
||||||
|
- name: csi-cephfsplugin
|
||||||
|
# for stable functionality replace canary with latest release version
|
||||||
|
image: quay.io/cephcsi/cephcsi:canary
|
||||||
|
args:
|
||||||
|
- "--nodeid=$(NODE_ID)"
|
||||||
|
- "--type=cephfs"
|
||||||
|
- "--controllerserver=true"
|
||||||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
|
- "--v=5"
|
||||||
|
- "--drivername=cephfs.csi.ceph.com"
|
||||||
|
- "--pidlimit=-1"
|
||||||
|
- "--enableprofiling=false"
|
||||||
|
- "--setmetadata=true"
|
||||||
|
env:
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: NODE_ID
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: unix:///csi/csi-provisioner.sock
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
# - name: KMS_CONFIGMAP_NAME
|
||||||
|
# value: encryptionConfig
|
||||||
|
imagePullPolicy: "IfNotPresent"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: host-sys
|
||||||
|
mountPath: /sys
|
||||||
|
- name: lib-modules
|
||||||
|
mountPath: /lib/modules
|
||||||
|
readOnly: true
|
||||||
|
- name: host-dev
|
||||||
|
mountPath: /dev
|
||||||
|
- name: ceph-config
|
||||||
|
mountPath: /etc/ceph/
|
||||||
|
- name: ceph-csi-config
|
||||||
|
mountPath: /etc/ceph-csi-config/
|
||||||
|
- name: keys-tmp-dir
|
||||||
|
mountPath: /tmp/csi/keys
|
||||||
|
- name: ceph-csi-encryption-kms-config
|
||||||
|
mountPath: /etc/ceph-csi-encryption-kms-config/
|
||||||
- name: csi-provisioner
|
- name: csi-provisioner
|
||||||
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
||||||
args:
|
args:
|
||||||
@ -93,55 +142,6 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
mountPath: /csi
|
mountPath: /csi
|
||||||
- name: csi-cephfsplugin
|
|
||||||
# for stable functionality replace canary with latest release version
|
|
||||||
image: quay.io/cephcsi/cephcsi:canary
|
|
||||||
args:
|
|
||||||
- "--nodeid=$(NODE_ID)"
|
|
||||||
- "--type=cephfs"
|
|
||||||
- "--controllerserver=true"
|
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
|
||||||
- "--v=5"
|
|
||||||
- "--drivername=cephfs.csi.ceph.com"
|
|
||||||
- "--pidlimit=-1"
|
|
||||||
- "--enableprofiling=false"
|
|
||||||
- "--setmetadata=true"
|
|
||||||
env:
|
|
||||||
- name: POD_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.podIP
|
|
||||||
- name: NODE_ID
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
- name: CSI_ENDPOINT
|
|
||||||
value: unix:///csi/csi-provisioner.sock
|
|
||||||
- name: POD_NAMESPACE
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.namespace
|
|
||||||
# - name: KMS_CONFIGMAP_NAME
|
|
||||||
# value: encryptionConfig
|
|
||||||
imagePullPolicy: "IfNotPresent"
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: host-sys
|
|
||||||
mountPath: /sys
|
|
||||||
- name: lib-modules
|
|
||||||
mountPath: /lib/modules
|
|
||||||
readOnly: true
|
|
||||||
- name: host-dev
|
|
||||||
mountPath: /dev
|
|
||||||
- name: ceph-config
|
|
||||||
mountPath: /etc/ceph/
|
|
||||||
- name: ceph-csi-config
|
|
||||||
mountPath: /etc/ceph-csi-config/
|
|
||||||
- name: keys-tmp-dir
|
|
||||||
mountPath: /tmp/csi/keys
|
|
||||||
- name: ceph-csi-encryption-kms-config
|
|
||||||
mountPath: /etc/ceph-csi-encryption-kms-config/
|
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
image: quay.io/cephcsi/cephcsi:canary
|
image: quay.io/cephcsi/cephcsi:canary
|
||||||
args:
|
args:
|
||||||
|
@ -20,28 +20,6 @@ spec:
|
|||||||
# resolved through k8s service, set dns policy to cluster first
|
# resolved through k8s service, set dns policy to cluster first
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
containers:
|
containers:
|
||||||
- name: driver-registrar
|
|
||||||
# This is necessary only for systems with SELinux, where
|
|
||||||
# non-privileged sidecar containers cannot access unix domain socket
|
|
||||||
# created by privileged CSI driver container.
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
|
||||||
args:
|
|
||||||
- "--v=1"
|
|
||||||
- "--csi-address=/csi/csi.sock"
|
|
||||||
- "--kubelet-registration-path=/var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock"
|
|
||||||
env:
|
|
||||||
- name: KUBE_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: registration-dir
|
|
||||||
mountPath: /registration
|
|
||||||
- name: csi-cephfsplugin
|
- name: csi-cephfsplugin
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
@ -121,6 +99,28 @@ spec:
|
|||||||
mountPath: /csi/mountinfo
|
mountPath: /csi/mountinfo
|
||||||
- name: ceph-csi-encryption-kms-config
|
- name: ceph-csi-encryption-kms-config
|
||||||
mountPath: /etc/ceph-csi-encryption-kms-config/
|
mountPath: /etc/ceph-csi-encryption-kms-config/
|
||||||
|
- name: driver-registrar
|
||||||
|
# This is necessary only for systems with SELinux, where
|
||||||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||||||
|
# created by privileged CSI driver container.
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
||||||
|
args:
|
||||||
|
- "--v=1"
|
||||||
|
- "--csi-address=/csi/csi.sock"
|
||||||
|
- "--kubelet-registration-path=/var/lib/kubelet/plugins/cephfs.csi.ceph.com/csi.sock"
|
||||||
|
env:
|
||||||
|
- name: KUBE_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: registration-dir
|
||||||
|
mountPath: /registration
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
@ -39,6 +39,39 @@ spec:
|
|||||||
- csi-nfsplugin-provisioner
|
- csi-nfsplugin-provisioner
|
||||||
topologyKey: "kubernetes.io/hostname"
|
topologyKey: "kubernetes.io/hostname"
|
||||||
containers:
|
containers:
|
||||||
|
- name: csi-nfsplugin
|
||||||
|
# for stable functionality replace canary with latest release version
|
||||||
|
image: quay.io/cephcsi/cephcsi:canary
|
||||||
|
args:
|
||||||
|
- "--nodeid=$(NODE_ID)"
|
||||||
|
- "--type=nfs"
|
||||||
|
- "--controllerserver=true"
|
||||||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
|
- "--v=5"
|
||||||
|
- "--drivername=nfs.csi.ceph.com"
|
||||||
|
- "--pidlimit=-1"
|
||||||
|
- "--enableprofiling=false"
|
||||||
|
env:
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: NODE_ID
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: unix:///csi/csi-provisioner.sock
|
||||||
|
imagePullPolicy: "IfNotPresent"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: host-sys
|
||||||
|
mountPath: /sys
|
||||||
|
- name: ceph-csi-config
|
||||||
|
mountPath: /etc/ceph-csi-config/
|
||||||
|
- name: keys-tmp-dir
|
||||||
|
mountPath: /tmp/csi/keys
|
||||||
- name: csi-provisioner
|
- name: csi-provisioner
|
||||||
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
||||||
args:
|
args:
|
||||||
@ -87,39 +120,6 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
mountPath: /csi
|
mountPath: /csi
|
||||||
- name: csi-nfsplugin
|
|
||||||
# for stable functionality replace canary with latest release version
|
|
||||||
image: quay.io/cephcsi/cephcsi:canary
|
|
||||||
args:
|
|
||||||
- "--nodeid=$(NODE_ID)"
|
|
||||||
- "--type=nfs"
|
|
||||||
- "--controllerserver=true"
|
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
|
||||||
- "--v=5"
|
|
||||||
- "--drivername=nfs.csi.ceph.com"
|
|
||||||
- "--pidlimit=-1"
|
|
||||||
- "--enableprofiling=false"
|
|
||||||
env:
|
|
||||||
- name: POD_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.podIP
|
|
||||||
- name: NODE_ID
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
- name: CSI_ENDPOINT
|
|
||||||
value: unix:///csi/csi-provisioner.sock
|
|
||||||
imagePullPolicy: "IfNotPresent"
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: host-sys
|
|
||||||
mountPath: /sys
|
|
||||||
- name: ceph-csi-config
|
|
||||||
mountPath: /etc/ceph-csi-config/
|
|
||||||
- name: keys-tmp-dir
|
|
||||||
mountPath: /tmp/csi/keys
|
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
image: quay.io/cephcsi/cephcsi:canary
|
image: quay.io/cephcsi/cephcsi:canary
|
||||||
args:
|
args:
|
||||||
|
@ -20,28 +20,6 @@ spec:
|
|||||||
# resolved through k8s service, set dns policy to cluster first
|
# resolved through k8s service, set dns policy to cluster first
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
containers:
|
containers:
|
||||||
- name: driver-registrar
|
|
||||||
# This is necessary only for systems with SELinux, where
|
|
||||||
# non-privileged sidecar containers cannot access unix domain socket
|
|
||||||
# created by privileged CSI driver container.
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
|
||||||
args:
|
|
||||||
- "--v=1"
|
|
||||||
- "--csi-address=/csi/csi.sock"
|
|
||||||
- "--kubelet-registration-path=/var/lib/kubelet/plugins/nfs.csi.ceph.com/csi.sock"
|
|
||||||
env:
|
|
||||||
- name: KUBE_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: registration-dir
|
|
||||||
mountPath: /registration
|
|
||||||
- name: csi-nfsplugin
|
- name: csi-nfsplugin
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
@ -95,6 +73,28 @@ spec:
|
|||||||
mountPath: /etc/ceph/
|
mountPath: /etc/ceph/
|
||||||
- name: ceph-csi-config
|
- name: ceph-csi-config
|
||||||
mountPath: /etc/ceph-csi-config/
|
mountPath: /etc/ceph-csi-config/
|
||||||
|
- name: driver-registrar
|
||||||
|
# This is necessary only for systems with SELinux, where
|
||||||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||||||
|
# created by privileged CSI driver container.
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
||||||
|
args:
|
||||||
|
- "--v=1"
|
||||||
|
- "--csi-address=/csi/csi.sock"
|
||||||
|
- "--kubelet-registration-path=/var/lib/kubelet/plugins/nfs.csi.ceph.com/csi.sock"
|
||||||
|
env:
|
||||||
|
- name: KUBE_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: registration-dir
|
||||||
|
mountPath: /registration
|
||||||
volumes:
|
volumes:
|
||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
hostPath:
|
hostPath:
|
||||||
|
@ -46,6 +46,63 @@ spec:
|
|||||||
serviceAccountName: rbd-csi-provisioner
|
serviceAccountName: rbd-csi-provisioner
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
containers:
|
containers:
|
||||||
|
- name: csi-rbdplugin
|
||||||
|
# for stable functionality replace canary with latest release version
|
||||||
|
image: quay.io/cephcsi/cephcsi:canary
|
||||||
|
args:
|
||||||
|
- "--nodeid=$(NODE_ID)"
|
||||||
|
- "--type=rbd"
|
||||||
|
- "--controllerserver=true"
|
||||||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
|
- "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
|
||||||
|
- "--v=5"
|
||||||
|
- "--drivername=rbd.csi.ceph.com"
|
||||||
|
- "--pidlimit=-1"
|
||||||
|
- "--rbdhardmaxclonedepth=8"
|
||||||
|
- "--rbdsoftmaxclonedepth=4"
|
||||||
|
- "--enableprofiling=false"
|
||||||
|
- "--setmetadata=true"
|
||||||
|
env:
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIP
|
||||||
|
- name: NODE_ID
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
# - name: KMS_CONFIGMAP_NAME
|
||||||
|
# value: encryptionConfig
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: unix:///csi/csi-provisioner.sock
|
||||||
|
- name: CSI_ADDONS_ENDPOINT
|
||||||
|
value: unix:///csi/csi-addons.sock
|
||||||
|
imagePullPolicy: "IfNotPresent"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- mountPath: /dev
|
||||||
|
name: host-dev
|
||||||
|
- mountPath: /sys
|
||||||
|
name: host-sys
|
||||||
|
- mountPath: /lib/modules
|
||||||
|
name: lib-modules
|
||||||
|
readOnly: true
|
||||||
|
- name: ceph-csi-config
|
||||||
|
mountPath: /etc/ceph-csi-config/
|
||||||
|
- name: ceph-csi-encryption-kms-config
|
||||||
|
mountPath: /etc/ceph-csi-encryption-kms-config/
|
||||||
|
- name: keys-tmp-dir
|
||||||
|
mountPath: /tmp/csi/keys
|
||||||
|
- name: ceph-config
|
||||||
|
mountPath: /etc/ceph/
|
||||||
|
- name: oidc-token
|
||||||
|
mountPath: /run/secrets/tokens
|
||||||
|
readOnly: true
|
||||||
- name: csi-provisioner
|
- name: csi-provisioner
|
||||||
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
||||||
args:
|
args:
|
||||||
@ -115,63 +172,6 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
mountPath: /csi
|
mountPath: /csi
|
||||||
- name: csi-rbdplugin
|
|
||||||
# for stable functionality replace canary with latest release version
|
|
||||||
image: quay.io/cephcsi/cephcsi:canary
|
|
||||||
args:
|
|
||||||
- "--nodeid=$(NODE_ID)"
|
|
||||||
- "--type=rbd"
|
|
||||||
- "--controllerserver=true"
|
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
|
||||||
- "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
|
|
||||||
- "--v=5"
|
|
||||||
- "--drivername=rbd.csi.ceph.com"
|
|
||||||
- "--pidlimit=-1"
|
|
||||||
- "--rbdhardmaxclonedepth=8"
|
|
||||||
- "--rbdsoftmaxclonedepth=4"
|
|
||||||
- "--enableprofiling=false"
|
|
||||||
- "--setmetadata=true"
|
|
||||||
env:
|
|
||||||
- name: POD_IP
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: status.podIP
|
|
||||||
- name: NODE_ID
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
- name: POD_NAMESPACE
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.namespace
|
|
||||||
# - name: KMS_CONFIGMAP_NAME
|
|
||||||
# value: encryptionConfig
|
|
||||||
- name: CSI_ENDPOINT
|
|
||||||
value: unix:///csi/csi-provisioner.sock
|
|
||||||
- name: CSI_ADDONS_ENDPOINT
|
|
||||||
value: unix:///csi/csi-addons.sock
|
|
||||||
imagePullPolicy: "IfNotPresent"
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- mountPath: /dev
|
|
||||||
name: host-dev
|
|
||||||
- mountPath: /sys
|
|
||||||
name: host-sys
|
|
||||||
- mountPath: /lib/modules
|
|
||||||
name: lib-modules
|
|
||||||
readOnly: true
|
|
||||||
- name: ceph-csi-config
|
|
||||||
mountPath: /etc/ceph-csi-config/
|
|
||||||
- name: ceph-csi-encryption-kms-config
|
|
||||||
mountPath: /etc/ceph-csi-encryption-kms-config/
|
|
||||||
- name: keys-tmp-dir
|
|
||||||
mountPath: /tmp/csi/keys
|
|
||||||
- name: ceph-config
|
|
||||||
mountPath: /etc/ceph/
|
|
||||||
- name: oidc-token
|
|
||||||
mountPath: /run/secrets/tokens
|
|
||||||
readOnly: true
|
|
||||||
- name: csi-rbdplugin-controller
|
- name: csi-rbdplugin-controller
|
||||||
# for stable functionality replace canary with latest release version
|
# for stable functionality replace canary with latest release version
|
||||||
image: quay.io/cephcsi/cephcsi:canary
|
image: quay.io/cephcsi/cephcsi:canary
|
||||||
|
@ -22,28 +22,6 @@ spec:
|
|||||||
# resolved through k8s service, set dns policy to cluster first
|
# resolved through k8s service, set dns policy to cluster first
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
containers:
|
containers:
|
||||||
- name: driver-registrar
|
|
||||||
# This is necessary only for systems with SELinux, where
|
|
||||||
# non-privileged sidecar containers cannot access unix domain socket
|
|
||||||
# created by privileged CSI driver container.
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
|
||||||
args:
|
|
||||||
- "--v=1"
|
|
||||||
- "--csi-address=/csi/csi.sock"
|
|
||||||
- "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock"
|
|
||||||
env:
|
|
||||||
- name: KUBE_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
volumeMounts:
|
|
||||||
- name: socket-dir
|
|
||||||
mountPath: /csi
|
|
||||||
- name: registration-dir
|
|
||||||
mountPath: /registration
|
|
||||||
- name: csi-rbdplugin
|
- name: csi-rbdplugin
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
@ -131,6 +109,28 @@ spec:
|
|||||||
- name: oidc-token
|
- name: oidc-token
|
||||||
mountPath: /run/secrets/tokens
|
mountPath: /run/secrets/tokens
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: driver-registrar
|
||||||
|
# This is necessary only for systems with SELinux, where
|
||||||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||||||
|
# created by privileged CSI driver container.
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
|
||||||
|
args:
|
||||||
|
- "--v=1"
|
||||||
|
- "--csi-address=/csi/csi.sock"
|
||||||
|
- "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock"
|
||||||
|
env:
|
||||||
|
- name: KUBE_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: registration-dir
|
||||||
|
mountPath: /registration
|
||||||
- name: liveness-prometheus
|
- name: liveness-prometheus
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
Loading…
Reference in New Issue
Block a user