--- kind: Service apiVersion: v1 metadata: name: csi-rbdplugin-provisioner # replace with non-default namespace name namespace: default labels: app: csi-metrics spec: selector: app: csi-rbdplugin-provisioner ports: - name: http-metrics port: 8080 protocol: TCP targetPort: 8680 --- kind: Deployment apiVersion: apps/v1 metadata: name: csi-rbdplugin-provisioner # replace with non-default namespace name namespace: default spec: replicas: 3 selector: matchLabels: app: csi-rbdplugin-provisioner template: metadata: labels: app: csi-rbdplugin-provisioner spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - csi-rbdplugin-provisioner topologyKey: "kubernetes.io/hostname" serviceAccountName: rbd-csi-provisioner priorityClassName: system-cluster-critical containers: - name: csi-rbdplugin image: quay.io/cephcsi/cephcsi:v3.13.0 args: - "--nodeid=$(NODE_ID)" - "--type=rbd" - "--controllerserver=true" - "--endpoint=$(CSI_ENDPOINT)" - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" - "--v=5" - "--drivername=rbd.csi.ceph.com" - "--pidlimit=-1" - "--rbdhardmaxclonedepth=8" - "--rbdsoftmaxclonedepth=4" - "--enableprofiling=false" - "--setmetadata=true" env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace # - name: KMS_CONFIGMAP_NAME # value: encryptionConfig - name: CSI_ENDPOINT value: unix:///csi/csi-provisioner.sock - name: CSI_ADDONS_ENDPOINT value: unix:///csi/csi-addons.sock imagePullPolicy: "IfNotPresent" volumeMounts: - name: socket-dir mountPath: /csi - mountPath: /dev name: host-dev - mountPath: /sys name: host-sys - mountPath: /lib/modules name: lib-modules readOnly: true - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: ceph-csi-encryption-kms-config mountPath: /etc/ceph-csi-encryption-kms-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: ceph-config mountPath: /etc/ceph/ - name: oidc-token mountPath: /run/secrets/tokens readOnly: true - name: csi-provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 args: - "--csi-address=$(ADDRESS)" - "--v=1" - "--timeout=150s" - "--retry-interval-start=500ms" - "--leader-election=true" - "--feature-gates=HonorPVReclaimPolicy=true" - "--prevent-volume-mode-conversion=true" # if fstype is not specified in storageclass, ext4 is default - "--default-fstype=ext4" - "--extra-create-metadata=true" - "--immediate-topology=false" - "--http-endpoint=$(POD_IP):8090" env: - name: ADDRESS value: unix:///csi/csi-provisioner.sock - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP imagePullPolicy: "IfNotPresent" ports: - containerPort: 8090 name: http-endpoint protocol: TCP volumeMounts: - name: socket-dir mountPath: /csi - name: csi-snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 args: - "--csi-address=$(ADDRESS)" - "--v=1" - "--timeout=150s" - "--leader-election=true" - "--extra-create-metadata=true" - "--enable-volume-group-snapshots=true" - "--http-endpoint=$(POD_IP):8092" env: - name: ADDRESS value: unix:///csi/csi-provisioner.sock - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP imagePullPolicy: "IfNotPresent" ports: - containerPort: 8092 name: http-endpoint protocol: TCP volumeMounts: - name: socket-dir mountPath: /csi - name: csi-attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 args: - "--v=1" - "--csi-address=$(ADDRESS)" - "--leader-election=true" - "--retry-interval-start=500ms" - "--default-fstype=ext4" - "--http-endpoint=$(POD_IP):8093" env: - name: ADDRESS value: /csi/csi-provisioner.sock - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP imagePullPolicy: "IfNotPresent" ports: - containerPort: 8093 name: http-endpoint protocol: TCP volumeMounts: - name: socket-dir mountPath: /csi - name: csi-resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 args: - "--csi-address=$(ADDRESS)" - "--v=1" - "--timeout=150s" - "--leader-election" - "--retry-interval-start=500ms" - "--handle-volume-inuse-error=false" - "--feature-gates=RecoverVolumeExpansionFailure=true" - "--http-endpoint=$(POD_IP):8091" env: - name: ADDRESS value: unix:///csi/csi-provisioner.sock - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP imagePullPolicy: "IfNotPresent" ports: - containerPort: 8091 name: http-endpoint protocol: TCP volumeMounts: - name: socket-dir mountPath: /csi - name: csi-rbdplugin-controller image: quay.io/cephcsi/cephcsi:v3.13.0 args: - "--type=controller" - "--v=5" - "--drivername=rbd.csi.ceph.com" - "--drivernamespace=$(DRIVER_NAMESPACE)" - "--setmetadata=true" env: - name: DRIVER_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace imagePullPolicy: "IfNotPresent" volumeMounts: - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: ceph-config mountPath: /etc/ceph/ - name: liveness-prometheus image: quay.io/cephcsi/cephcsi:v3.13.0 args: - "--type=liveness" - "--endpoint=$(CSI_ENDPOINT)" - "--metricsport=8680" - "--metricspath=/metrics" - "--polltime=60s" - "--timeout=3s" env: - name: CSI_ENDPOINT value: unix:///csi/csi-provisioner.sock - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP ports: - containerPort: 8680 name: http-metrics protocol: TCP volumeMounts: - name: socket-dir mountPath: /csi imagePullPolicy: "IfNotPresent" volumes: - name: host-dev hostPath: path: /dev - name: host-sys hostPath: path: /sys - name: lib-modules hostPath: path: /lib/modules - name: socket-dir emptyDir: { medium: "Memory" } - name: ceph-config configMap: name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config - name: ceph-csi-encryption-kms-config configMap: name: ceph-csi-encryption-kms-config - name: keys-tmp-dir emptyDir: { medium: "Memory" } - name: oidc-token projected: sources: - serviceAccountToken: path: oidc-token expirationSeconds: 3600 audience: ceph-csi-kms