{{- if .Values.csi.enable }} kind: DaemonSet apiVersion: apps/v1 metadata: name: {{ template "storageos.fullname" . }}-daemon namespace: {{ .Values.namespace }} labels: app: {{ template "storageos.name" . }} chart: {{ template "storageos.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: selector: matchLabels: app: {{ template "storageos.name" . }} template: metadata: labels: app: {{ template "storageos.name" . }} chart: {{ template "storageos.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} kind: daemonset spec: serviceAccount: {{ template "storageos.fullname" . }}-daemonset-sa hostPID: true hostNetwork: true initContainers: - name: enable-lio image: "{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} volumeMounts: - name: kernel-modules mountPath: /lib/modules readOnly: true - name: sys mountPath: /sys mountPropagation: Bidirectional securityContext: privileged: true capabilities: add: - SYS_ADMIN containers: - name: csi-driver-registrar image: "{{ .Values.csiDriverRegistrar.repository }}:{{ .Values.csiDriverRegistrar.tag }}" imagePullPolicy: {{ .Values.csiDriverRegistrar.pullPolicy }} args: - "--v=5" - "--csi-address=$(ADDRESS)" env: - name: ADDRESS value: /csi/csi.sock # plugin-dir is mounted at /csi # value: unix://var/lib/kubelet/plugins/storageos/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: plugin-dir mountPath: /csi # This is where kubelet.sock exists. - name: registrar-socket-dir mountPath: /var/lib/csi/sockets/ - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - server ports: - containerPort: {{ .Values.service.internalPort }} name: api livenessProbe: initialDelaySeconds: 65 timeoutSeconds: 10 failureThreshold: 5 httpGet: path: /v1/health port: api readinessProbe: initialDelaySeconds: 65 timeoutSeconds: 10 failureThreshold: 5 httpGet: path: /v1/health port: api resources: {{ toYaml .Values.resources | indent 12 }} env: - name: HOSTNAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: ADMIN_USERNAME valueFrom: secretKeyRef: name: {{ .Values.initSecretName }} key: username - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.initSecretName }} key: password {{- if .Values.cluster.join }} - name: JOIN value: {{ .Values.cluster.join }} {{- else }} - name: JOIN valueFrom: fieldRef: fieldPath: status.podIP {{- end }} - name: ADVERTISE_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NAMESPACE value: {{ .Values.namespace }} {{- if .Values.cluster.sharedDir }} - name: DEVICE_DIR value: {{ .Values.cluster.sharedDir }}/devices {{- end }} {{- if .Values.cluster.kv_address }} - name: KV_ADDR value: {{ .Values.cluster.kv_address }} {{- end }} {{- if .Values.cluster.kv_backend }} - name: KV_BACKEND value: {{ .Values.cluster.kv_backend }} {{- end }} - name: CSI_ENDPOINT value: unix://var/lib/kubelet/plugins/storageos/csi.sock # CSI credentials config. {{- if .Values.csi.provisionCreds.enable }} - name: CSI_REQUIRE_CREDS_CREATE_VOL value: "true" - name: CSI_REQUIRE_CREDS_DELETE_VOL value: "true" - name: CSI_PROVISION_CREDS_USERNAME valueFrom: secretKeyRef: name: {{ .Values.csi.provisionCreds.secretName }} key: username - name: CSI_PROVISION_CREDS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.csi.provisionCreds.secretName }} key: password {{- end }} {{- if .Values.csi.controllerPublishCreds.enable }} - name: CSI_REQUIRE_CREDS_CTRL_PUB_VOL value: "true" - name: CSI_REQUIRE_CREDS_CTRL_UNPUB_VOL value: "true" - name: CSI_CTRL_PUB_CREDS_USERNAME valueFrom: secretKeyRef: name: {{ .Values.csi.controllerPublishCreds.secretName }} key: username - name: CSI_CTRL_PUB_CREDS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.csi.controllerPublishCreds.secretName }} key: password {{- end }} {{- if .Values.csi.nodeStageCreds.enable }} - name: CSI_REQUIRE_CREDS_NODE_STG_VOL value: "true" - name: CSI_NODE_STG_CREDS_USERNAME valueFrom: secretKeyRef: name: {{ .Values.csi.nodeStageCreds.secretName }} key: username - name: CSI_NODE_STG_CREDS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.csi.nodeStageCreds.secretName }} key: password {{- end }} {{- if .Values.csi.nodePublishCreds.enable }} - name: CSI_REQUIRE_CREDS_NODE_PUB_VOL value: "true" - name: CSI_NODE_PUB_CREDS_USERNAME valueFrom: secretKeyRef: name: {{ .Values.csi.nodePublishCreds.secretName }} key: username - name: CSI_NODE_PUB_CREDS_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.csi.nodePublishCreds.secretName }} key: password {{- end }} securityContext: privileged: true capabilities: add: - SYS_ADMIN allowPrivilegeEscalation: true volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet mountPropagation: "Bidirectional" - name: plugin-dir mountPath: /var/lib/kubelet/plugins/storageos/ - name: device-dir mountPath: /dev - name: fuse mountPath: /dev/fuse - name: sys mountPath: /sys - name: state mountPath: /var/lib/storageos mountPropagation: "Bidirectional" {{- if .Values.cluster.sharedDir }} - name: shared mountPath: {{ .Values.cluster.sharedDir }} mountPropagation: Bidirectional {{- end }} volumes: - name: kernel-modules hostPath: path: /lib/modules - name: registrar-socket-dir hostPath: path: /var/lib/kubelet/device-plugins/ type: DirectoryOrCreate - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/storageos/ type: DirectoryOrCreate - name: device-dir hostPath: path: /dev type: Directory - name: fuse hostPath: path: /dev/fuse - name: sys hostPath: path: /sys - name: state hostPath: path: /var/lib/storageos {{- if .Values.cluster.sharedDir }} - name: shared hostPath: path: {{ .Values.cluster.sharedDir }} {{- end }} {{- end }}