kind: Deployment apiVersion: apps/v1 metadata: name: {{ include "ceph-csi-rbd.provisioner.fullname" . }} namespace: {{ .Release.Namespace }} labels: app: {{ include "ceph-csi-rbd.name" . }} chart: {{ include "ceph-csi-rbd.chart" . }} component: {{ .Values.provisioner.name }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} spec: replicas: {{ .Values.provisioner.replicaCount }} strategy: type: {{ .Values.provisioner.strategy.type }} {{- if eq .Values.provisioner.strategy.type "RollingUpdate" }} rollingUpdate: maxUnavailable: {{ .Values.provisioner.strategy.rollingUpdate.maxUnavailable }} {{- end }} selector: matchLabels: app: {{ include "ceph-csi-rbd.name" . }} component: {{ .Values.provisioner.name }} release: {{ .Release.Name }} template: metadata: labels: app: {{ include "ceph-csi-rbd.name" . }} chart: {{ include "ceph-csi-rbd.chart" . }} component: {{ .Values.provisioner.name }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }} spec: {{- if gt (int .Values.provisioner.replicaCount) 1 }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - {{ include "ceph-csi-rbd.name" . }} - key: component operator: In values: - {{ .Values.provisioner.name }} topologyKey: "kubernetes.io/hostname" {{- if .Values.provisioner.affinity }} {{ toYaml .Values.provisioner.affinity | indent 8 -}} {{- end -}} {{- else -}} {{- if .Values.provisioner.affinity }} affinity: {{ toYaml .Values.provisioner.affinity | indent 8 -}} {{- end -}} {{- end }} securityContext: {{ toYaml .Values.provisioner.podSecurityContext | nindent 8 }} serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }} hostNetwork: {{ .Values.provisioner.enableHostNetwork }} {{- if .Values.provisioner.priorityClassName }} priorityClassName: {{ .Values.provisioner.priorityClassName }} {{- end }} {{- if .Values.provisioner.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}} {{- end }} containers: - name: csi-rbdplugin image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} args: - "--nodeid=$(NODE_ID)" - "--type=rbd" - "--controllerserver=true" - "--pidlimit=-1" - "--endpoint=$(CSI_ENDPOINT)" - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" - "--v={{ .Values.logLevel }}" - "--drivername=$(DRIVER_NAME)" - "--rbdhardmaxclonedepth={{ .Values.provisioner.hardMaxCloneDepth }}" - "--rbdsoftmaxclonedepth={{ .Values.provisioner.softMaxCloneDepth }}" - "--maxsnapshotsonimage={{ .Values.provisioner.maxSnapshotsOnImage }}" - "--minsnapshotsonimage={{ .Values.provisioner.minSnapshotsOnImage }}" {{- if .Values.provisioner.skipForceFlatten }} - "--skipforceflatten={{ .Values.provisioner.skipForceFlatten }}" {{- end }} {{- if .Values.provisioner.profiling.enabled }} - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}" {{- end }} {{- if .Values.provisioner.clustername }} - "--clustername={{ .Values.provisioner.clustername }}" {{- end }} - "--setmetadata={{ .Values.provisioner.setmetadata }}" env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: DRIVER_NAME value: {{ .Values.driverName }} - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: "unix:///csi/{{ .Values.provisionerSocketFile }}" - name: CSI_ADDONS_ENDPOINT value: "unix:///csi/csi-addons.sock" volumeMounts: - name: socket-dir mountPath: /csi - mountPath: /dev name: host-dev - mountPath: /sys name: host-sys - mountPath: /lib/modules name: lib-modules readOnly: true - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: ceph-config mountPath: /etc/ceph/ - name: ceph-csi-encryption-kms-config mountPath: /etc/ceph-csi-encryption-kms-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: oidc-token mountPath: /run/secrets/tokens readOnly: true resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} - name: csi-provisioner image: "{{ .Values.provisioner.provisioner.image.repository }}:{{ .Values.provisioner.provisioner.image.tag }}" imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }} args: - "--csi-address=$(ADDRESS)" - "--v={{ .Values.sidecarLogLevel }}" - "--timeout={{ .Values.provisioner.timeout }}" - "--leader-election=true" - "--retry-interval-start=500ms" - "--default-fstype={{ .Values.provisioner.defaultFSType }}" - "--extra-create-metadata=true" - "--feature-gates=HonorPVReclaimPolicy=true" - "--prevent-volume-mode-conversion=true" {{- if .Values.topology.enabled }} - "--feature-gates=Topology=true" {{- end }} {{- range .Values.provisioner.provisioner.extraArgs }} - "--{{ . }}" {{- end }} env: - name: ADDRESS value: "unix:///csi/{{ .Values.provisionerSocketFile }}" volumeMounts: - name: socket-dir mountPath: /csi resources: {{ toYaml .Values.provisioner.provisioner.resources | indent 12 }} {{- if .Values.provisioner.resizer.enabled }} - name: csi-resizer image: "{{ .Values.provisioner.resizer.image.repository }}:{{ .Values.provisioner.resizer.image.tag }}" imagePullPolicy: {{ .Values.provisioner.resizer.image.pullPolicy }} args: - "--v={{ .Values.sidecarLogLevel }}" - "--csi-address=$(ADDRESS)" - "--timeout={{ .Values.provisioner.timeout }}" - "--leader-election" - "--retry-interval-start=500ms" - "--handle-volume-inuse-error=false" - "--feature-gates=RecoverVolumeExpansionFailure=true" {{- range .Values.provisioner.resizer.extraArgs }} - "--{{ . }}" {{- end }} env: - name: ADDRESS value: "unix:///csi/{{ .Values.provisionerSocketFile }}" volumeMounts: - name: socket-dir mountPath: /csi resources: {{ toYaml .Values.provisioner.resizer.resources | indent 12 }} {{- end }} - name: csi-snapshotter image: {{ .Values.provisioner.snapshotter.image.repository }}:{{ .Values.provisioner.snapshotter.image.tag }} imagePullPolicy: {{ .Values.provisioner.snapshotter.image.pullPolicy }} args: - "--csi-address=$(ADDRESS)" - "--v={{ .Values.sidecarLogLevel }}" - "--timeout={{ .Values.provisioner.timeout }}" - "--leader-election=true" - "--extra-create-metadata=true" - "--enable-volume-group-snapshots={{.Values.provisioner.snapshotter.args.enableVolumeGroupSnapshots }}" {{- range .Values.provisioner.snapshotter.extraArgs }} - "--{{ . }}" {{- end }} env: - name: ADDRESS value: "unix:///csi/{{ .Values.provisionerSocketFile }}" volumeMounts: - name: socket-dir mountPath: /csi resources: {{ toYaml .Values.provisioner.snapshotter.resources | indent 12 }} {{- if .Values.provisioner.attacher.enabled }} - name: csi-attacher image: "{{ .Values.provisioner.attacher.image.repository }}:{{ .Values.provisioner.attacher.image.tag }}" imagePullPolicy: {{ .Values.provisioner.attacher.image.pullPolicy }} args: - "--v={{ .Values.sidecarLogLevel }}" - "--csi-address=$(ADDRESS)" - "--leader-election=true" - "--retry-interval-start=500ms" - "--default-fstype=ext4" {{- range .Values.provisioner.attacher.extraArgs }} - "--{{ . }}" {{- end }} env: - name: ADDRESS value: "unix:///csi/{{ .Values.provisionerSocketFile }}" volumeMounts: - name: socket-dir mountPath: /csi resources: {{ toYaml .Values.provisioner.attacher.resources | indent 12 }} {{- end }} {{- if .Values.provisioner.deployController }} - name: csi-rbdplugin-controller image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} args: - "--type=controller" - "--v={{ .Values.logLevel }}" - "--drivername=$(DRIVER_NAME)" - "--drivernamespace=$(DRIVER_NAMESPACE)" {{- if .Values.provisioner.clustername }} - "--clustername={{ .Values.provisioner.clustername }}" {{- end }} - "--setmetadata={{ .Values.provisioner.setmetadata }}" env: - name: DRIVER_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: DRIVER_NAME value: {{ .Values.driverName }} volumeMounts: - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: ceph-config mountPath: /etc/ceph/ resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} {{- end }} {{- if .Values.provisioner.httpMetrics.enabled }} - name: liveness-prometheus image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} args: - "--type=liveness" - "--endpoint=$(CSI_ENDPOINT)" - "--metricsport={{ .Values.provisioner.httpMetrics.containerPort }}" - "--metricspath=/metrics" - "--polltime=60s" - "--timeout=3s" env: - name: CSI_ENDPOINT value: "unix:///csi/{{ .Values.provisionerSocketFile }}" - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP ports: - containerPort: {{ .Values.provisioner.httpMetrics.containerPort }} name: metrics protocol: TCP volumeMounts: - name: socket-dir mountPath: /csi resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} {{- end }} volumes: - name: socket-dir emptyDir: { medium: "Memory" } - name: host-dev hostPath: path: /dev - name: host-sys hostPath: path: /sys - name: lib-modules hostPath: path: /lib/modules - name: ceph-config configMap: name: {{ .Values.cephConfConfigMapName | quote }} - name: ceph-csi-config configMap: name: {{ .Values.configMapName | quote }} {{- if .Values.configMapKey }} items: - key: {{ .Values.configMapKey | quote }} path: config.json {{- end }} - name: ceph-csi-encryption-kms-config configMap: name: {{ .Values.kmsConfigMapName | quote }} - name: keys-tmp-dir emptyDir: { medium: "Memory" } - name: oidc-token projected: sources: - serviceAccountToken: path: oidc-token expirationSeconds: 3600 audience: ceph-csi-kms {{- if .Values.provisioner.nodeSelector }} nodeSelector: {{ toYaml .Values.provisioner.nodeSelector | indent 8 -}} {{- end -}} {{- if .Values.provisioner.tolerations }} tolerations: {{ toYaml .Values.provisioner.tolerations | indent 8 -}} {{- end -}}