apiVersion: apps/v1 kind: DaemonSet metadata: name: csi-nfsplugin namespace: {{ .Namespace }} spec: selector: matchLabels: app: csi-nfsplugin updateStrategy: type: {{ .NFSPluginUpdateStrategy }} template: metadata: labels: app: csi-nfsplugin {{ range $key, $value := .CSINFSPodLabels }} {{ $key }}: "{{ $value }}" {{ end }} spec: serviceAccountName: rook-csi-nfs-plugin-sa hostNetwork: {{ .EnableCSIHostNetwork }} {{ if .PluginPriorityClassName }} priorityClassName: {{ .PluginPriorityClassName }} {{ end }} # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - name: driver-registrar # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. securityContext: capabilities: drop: ["ALL"] privileged: true image: {{ .RegistrarImage }} imagePullPolicy: {{ .ImagePullPolicy }} args: - "--v={{ .LogLevel }}" - "--csi-address=/csi/csi.sock" - "--kubelet-registration-path={{ .KubeletDirPath }}/plugins/{{ .DriverNamePrefix }}nfs.csi.ceph.com/csi.sock" env: - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: plugin-dir mountPath: /csi - name: registration-dir mountPath: /registration - name: csi-nfsplugin securityContext: allowPrivilegeEscalation: true capabilities: add: - SYS_ADMIN drop: ["ALL"] privileged: true args: - "--nodeid=$(NODE_ID)" - "--type=nfs" - "--endpoint=$(CSI_ENDPOINT)" - "--v={{ .LogLevel }}" - "--nodeserver=true" - "--drivername={{ .DriverNamePrefix }}nfs.csi.ceph.com" - "--pidlimit=-1" env: - name: NODE_ID valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock image: {{ .CSIPluginImage }} imagePullPolicy: {{ .ImagePullPolicy }} volumeMounts: - name: plugin-dir mountPath: /csi - name: csi-plugins-dir mountPath: "{{ .KubeletDirPath }}/plugins" mountPropagation: "Bidirectional" - name: pods-mount-dir mountPath: "{{ .KubeletDirPath }}/pods" mountPropagation: "Bidirectional" - name: host-sys mountPath: /sys - name: lib-modules mountPath: /lib/modules readOnly: true - name: host-dev mountPath: /dev - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: host-run-mount mountPath: /run/mount {{ if .EnablePluginSelinuxHostMount }} - name: etc-selinux mountPath: /etc/selinux readOnly: true {{ end }} {{ if .MountCustomCephConf }} - name: ceph-config mountPath: /etc/ceph/ceph.conf subPath: ceph.conf {{ end }} volumes: - name: plugin-dir hostPath: path: "{{ .KubeletDirPath }}/plugins/{{ .DriverNamePrefix }}nfs.csi.ceph.com/" type: DirectoryOrCreate - name: csi-plugins-dir hostPath: path: "{{ .KubeletDirPath }}/plugins" type: Directory - name: registration-dir hostPath: path: "{{ .KubeletDirPath }}/plugins_registry/" type: Directory - name: pods-mount-dir hostPath: path: "{{ .KubeletDirPath }}/pods" type: Directory - name: host-sys hostPath: path: /sys - name: lib-modules hostPath: path: /lib/modules - name: host-dev hostPath: path: /dev - name: ceph-csi-config configMap: name: rook-ceph-csi-config items: - key: csi-cluster-config-json path: config.json - name: keys-tmp-dir emptyDir: { medium: "Memory" } - name: host-run-mount hostPath: path: /run/mount {{ if .EnablePluginSelinuxHostMount }} - name: etc-selinux hostPath: path: /etc/selinux {{ end }} {{ if .MountCustomCephConf }} - name: ceph-config configMap: name: csi-ceph-conf-override items: - key: ceph.conf path: ceph.conf {{ end }}