# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- kind: Deployment apiVersion: apps/v1 metadata: name: csi-nfs-lb-controller namespace: "{{ .Release.Namespace }}" spec: replicas: 1 selector: matchLabels: app: csi-nfs-lb-controller template: metadata: labels: app: csi-nfs-lb-controller spec: serviceAccountName: csi-nfs-lb-controller-sa nodeSelector: kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node priorityClassName: priority-csi-nfs-lb securityContext: seccompProfile: type: RuntimeDefault tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" containers: - name: csi-attacher securityContext: allowPrivilegeEscalation: false capabilities: drop: - all image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--leader-election" - "--leader-election-namespace={{ .Release.Namespace }}" - "--timeout=1200s" - "--http-endpoint=:29652" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - name: socket-dir mountPath: /csi ports: - name: http-endpoint containerPort: 29652 protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz/leader-election port: http-endpoint initialDelaySeconds: 10 timeoutSeconds: 10 periodSeconds: 20 - name: nfs image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" securityContext: capabilities: drop: - ALL allowPrivilegeEscalation: false imagePullPolicy: Always args: - "-v=6" - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" - "--ip-addresses={{ .Values.controller.ipaddressList }}" - "--run-controller-server=true" - "--drivername={{ .Values.driver.name }}" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir resources: limits: memory: 200Mi requests: cpu: 10m memory: 20Mi volumes: - name: socket-dir emptyDir: {}