kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-cephfsplugin namespace: {{ .Namespace }} spec: selector: matchLabels: app: csi-cephfsplugin updateStrategy: type: {{ .CephFSPluginUpdateStrategy }} {{ if eq .CephFSPluginUpdateStrategy "RollingUpdate" }} rollingUpdate: maxUnavailable: {{ .CephFSPluginUpdateStrategyMaxUnavailable }} {{ end }} template: metadata: labels: app: csi-cephfsplugin contains: csi-cephfsplugin-metrics {{ range $key, $value := .CSICephFSPodLabels }} {{ $key }}: "{{ $value }}" {{ end }} spec: serviceAccountName: rook-csi-cephfs-plugin-sa hostNetwork: {{ .EnableCSIHostNetwork }} {{ if .PluginPriorityClassName }} priorityClassName: {{ .PluginPriorityClassName }} {{ end }} # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - name: driver-registrar # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. securityContext: privileged: true capabilities: drop: ["ALL"] image: {{ .RegistrarImage }} imagePullPolicy: {{ .ImagePullPolicy }} args: - "--v={{ .LogLevel }}" - "--csi-address=/csi/csi.sock" - "--kubelet-registration-path={{ .KubeletDirPath }}/plugins/{{ .DriverNamePrefix }}cephfs.csi.ceph.com/csi.sock" env: - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: plugin-dir mountPath: /csi - name: registration-dir mountPath: /registration - name: csi-cephfsplugin securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] drop: ["ALL"] allowPrivilegeEscalation: true image: {{ .CSIPluginImage }} args: - "--nodeid=$(NODE_ID)" - "--type=cephfs" - "--endpoint=$(CSI_ENDPOINT)" - "--v={{ .LogLevel }}" - "--nodeserver=true" - "--drivername={{ .DriverNamePrefix }}cephfs.csi.ceph.com" - "--pidlimit=-1" - "--forcecephkernelclient={{ .ForceCephFSKernelClient }}" {{ if .CephFSKernelMountOptions }} - "--kernelmountoptions={{ .CephFSKernelMountOptions }}" {{ end }} env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CSI_ENDPOINT value: unix:///csi/csi.sock imagePullPolicy: {{ .ImagePullPolicy }} volumeMounts: - name: plugin-dir mountPath: /csi - name: ceph-csi-mountinfo mountPath: /csi/mountinfo - name: csi-plugins-dir mountPath: "{{ .KubeletDirPath }}/plugins" mountPropagation: "Bidirectional" - name: pods-mount-dir mountPath: "{{ .KubeletDirPath }}/pods" mountPropagation: "Bidirectional" - name: host-sys mountPath: /sys - name: lib-modules mountPath: /lib/modules readOnly: true - name: host-dev mountPath: /dev - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: host-run-mount mountPath: /run/mount {{ if .EnablePluginSelinuxHostMount }} - name: etc-selinux mountPath: /etc/selinux readOnly: true {{ end }} {{ if .MountCustomCephConf }} - name: ceph-config mountPath: /etc/ceph/ceph.conf subPath: ceph.conf {{ end }} {{ if .EnableLiveness }} - name: liveness-prometheus securityContext: privileged: true capabilities: drop: ["ALL"] image: {{ .CSIPluginImage }} args: - "--type=liveness" - "--endpoint=$(CSI_ENDPOINT)" - "--metricsport={{ .CephFSLivenessMetricsPort }}" - "--metricspath=/metrics" - "--polltime=60s" - "--timeout=3s" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP volumeMounts: - name: plugin-dir mountPath: /csi imagePullPolicy: {{ .ImagePullPolicy }} {{ end }} volumes: - name: ceph-csi-mountinfo hostPath: path: "{{ .KubeletDirPath }}/plugins/{{ .DriverNamePrefix }}cephfs.csi.ceph.com/mountinfo" type: DirectoryOrCreate - name: plugin-dir hostPath: path: "{{ .KubeletDirPath }}/plugins/{{ .DriverNamePrefix }}cephfs.csi.ceph.com/" type: DirectoryOrCreate - name: csi-plugins-dir hostPath: path: "{{ .KubeletDirPath }}/plugins" type: Directory - name: registration-dir hostPath: path: "{{ .KubeletDirPath }}/plugins_registry/" type: Directory - name: pods-mount-dir hostPath: path: "{{ .KubeletDirPath }}/pods" type: Directory - name: host-sys hostPath: path: /sys - name: lib-modules hostPath: path: /lib/modules - name: host-dev hostPath: path: /dev - name: ceph-csi-config configMap: name: rook-ceph-csi-config items: - key: csi-cluster-config-json path: config.json - name: keys-tmp-dir emptyDir: { medium: "Memory" } - name: host-run-mount hostPath: path: /run/mount {{ if .EnablePluginSelinuxHostMount }} - name: etc-selinux hostPath: path: /etc/selinux {{ end }} {{ if .MountCustomCephConf }} - name: ceph-config configMap: name: csi-ceph-conf-override items: - key: ceph.conf path: ceph.conf {{ end }}