# Copyright 2025 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. kind: DaemonSet apiVersion: apps/v1 metadata: name: lustre-csi-node spec: selector: matchLabels: k8s-app: lustre-csi-driver updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 10% template: metadata: annotations: seccomp.security.alpha.kubernetes.io/pod: "runtime/default" labels: k8s-app: lustre-csi-driver spec: # LNet config is cached on the host once the Lustre client is initialized. # Using hostNetwork is required to ensure the CSI driver pod maintains a consistent IP that remains tied to the node. See details in b/395004950. hostNetwork: true securityContext: seccompProfile: type: RuntimeDefault priorityClassName: csi-lustre-node serviceAccount: lustre-csi-node-sa nodeSelector: kubernetes.io/os: linux kubernetes.io/arch: amd64 cloud.google.com/gke-os-distribution: cos initContainers: - name: lustre-kmod-installer image: gke.gcr.io/lustre-kmod-installer securityContext: privileged: true env: - name: ENABLE_LEGACY_LUSTRE_PORT value: "true" volumeMounts: - name: dev # TODO(tyuchn): Remove this volume once LoadPin excludes kernel modules. mountPath: /dev - name: host-etc mountPath: /host_etc/lsb-release - name: host-modules mountPath: /host_modules containers: - name: lustre-csi-driver securityContext: privileged: true readOnlyRootFilesystem: true image: gke.gcr.io/lustre-csi-driver imagePullPolicy: Always args: - --v=5 - --endpoint=unix:/csi/csi.sock - --nodeid=$(KUBE_NODE_NAME) - --node=true resources: limits: cpu: 200m memory: 200Mi requests: cpu: 5m memory: 10Mi env: - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: kubelet-dir mountPath: /var/lib/kubelet mountPropagation: "Bidirectional" - name: socket-dir mountPath: /csi - name: csi-driver-registrar securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - all image: registry.k8s.io/sig-storage/csi-node-driver-registrar imagePullPolicy: IfNotPresent args: - "--v=3" - "--csi-address=/csi/csi.sock" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" resources: limits: cpu: 50m memory: 100Mi requests: cpu: 10m memory: 10Mi env: - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/lustre.csi.storage.gke.io/csi.sock volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration volumes: - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/lustre.csi.storage.gke.io/ type: DirectoryOrCreate - name: host-etc hostPath: path: /etc/lsb-release type: File - name: host-modules hostPath: path: /lib/modules - name: dev hostPath: path: /dev # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # See "special case". This will tolerate everything. Node component should # be scheduled on all nodes. tolerations: - operator: Exists