kind: StatefulSet apiVersion: apps/v1beta1 metadata: name: {{ include "ceph-csi-rbd.provisioner.fullname" . }} labels: app: {{ include "ceph-csi-rbd.name" . }} chart: {{ include "ceph-csi-rbd.chart" . }} component: {{ .Values.provisioner.name }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: serviceName: {{ include "ceph-csi-rbd.provisioner.fullname" . }} replicas: {{ .Values.provisioner.replicas }} selector: matchLabels: app: {{ include "ceph-csi-rbd.name" . }} component: {{ .Values.provisioner.name }} release: {{ .Release.Name }} template: metadata: labels: app: {{ include "ceph-csi-rbd.name" . }} chart: {{ include "ceph-csi-rbd.chart" . }} component: {{ .Values.provisioner.name }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }} containers: - name: csi-provisioner image: "{{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }}" args: - "--csi-address=$(ADDRESS)" - "--v=5" env: - name: ADDRESS value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}" imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} volumeMounts: - name: socket-dir mountPath: {{ .Values.socketDir }} resources: {{ toYaml .Values.provisioner.resources | indent 12 }} - name: csi-snapshotter image: {{ .Values.snapshotter.image.repository }}:{{ .Values.snapshotter.image.tag }} imagePullPolicy: {{ .Values.nodeplugin.plugin.image.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" - "--connection-timeout=15s" - "--v=5" env: - name: ADDRESS value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}" securityContext: privileged: true volumeMounts: - name: socket-dir mountPath: {{ .Values.socketDir }} resources: {{ toYaml .Values.snapshotter.resources | indent 12 }} - name: csi-attacher image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}" args: - "--v=5" - "--csi-address=$(ADDRESS)" env: - name: ADDRESS value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}" imagePullPolicy: {{ .Values.attacher.image.pullPolicy }} volumeMounts: - name: socket-dir mountPath: {{ .Values.socketDir }} - name: csi-rbdplugin securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" args : - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" - "--v=5" - "--drivername=$(DRIVER_NAME)" - "--containerized=true" - "--metadatastorage=k8s_configmap" env: - name: HOST_ROOTFS value: "/rootfs" - name: DRIVER_NAME value: {{ .Values.driverName }} - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: "unix:/{{ .Values.socketDir }}/{{ .Values.socketFile }}" imagePullPolicy: {{ .Values.nodeplugin.plugin.image.imagePullPolicy }} volumeMounts: - name: socket-dir mountPath: {{ .Values.socketDir }} - name: host-rootfs mountPath: "/rootfs" resources: {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} volumes: - name: socket-dir emptyDir: {} #FIXME this seems way too much. Why is it needed at all for this? - name: host-rootfs hostPath: path: / {{- if .Values.provisioner.affinity -}} affinity: {{ toYaml .Values.provisioner.affinity . | indent 8 }} {{- end -}} {{- if .Values.provisioner.nodeSelector -}} nodeSelector: {{ toYaml .Values.provisioner.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.provisioner.tolerations -}} tolerations: {{ toYaml .Values.provisioner.tolerations | indent 8 }} {{- end -}}