--- apiVersion: apps/v1 kind: DaemonSet metadata: name: csi-nfsplugin spec: selector: matchLabels: app: csi-nfsplugin template: metadata: labels: app: csi-nfsplugin spec: serviceAccountName: nfs-csi-nodeplugin priorityClassName: system-node-critical hostNetwork: true hostPID: true # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - name: csi-nfsplugin securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: quay.io/cephcsi/cephcsi:v3.12.1 args: - "--nodeid=$(NODE_ID)" - "--type=nfs" - "--nodeserver=true" - "--endpoint=$(CSI_ENDPOINT)" - "--v=5" - "--drivername=nfs.csi.ceph.com" - "--enableprofiling=false" env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock imagePullPolicy: "IfNotPresent" volumeMounts: - name: socket-dir mountPath: /csi - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: Bidirectional - name: plugin-dir mountPath: /var/lib/kubelet/plugins mountPropagation: "Bidirectional" - name: host-sys mountPath: /sys - name: etc-selinux mountPath: /etc/selinux readOnly: true - name: lib-modules mountPath: /lib/modules readOnly: true - name: host-dev mountPath: /dev - name: host-mount mountPath: /run/mount - name: ceph-config mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: driver-registrar # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. securityContext: privileged: true allowPrivilegeEscalation: true image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1 args: - "--v=1" - "--csi-address=/csi/csi.sock" - "--kubelet-registration-path=/var/lib/kubelet/plugins/nfs.csi.ceph.com/csi.sock" env: - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/nfs.csi.ceph.com/ type: DirectoryOrCreate - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins type: Directory - name: host-sys hostPath: path: /sys - name: etc-selinux hostPath: path: /etc/selinux - name: lib-modules hostPath: path: /lib/modules - name: host-dev hostPath: path: /dev - name: host-mount hostPath: path: /run/mount - name: ceph-config configMap: name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config