# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-nfs-lb-node namespace: "{{ .Release.Namespace }}" spec: updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app: csi-nfs-lb-node template: metadata: labels: app: csi-nfs-lb-node spec: hostNetwork: true # original nfs connection would be broken without hostNetwork setting dnsPolicy: ClusterFirstWithHostNet # available values: Default, ClusterFirstWithHostNet, ClusterFirst serviceAccountName: csi-nfs-lb-node-sa priorityClassName: priority-csi-nfs-lb securityContext: seccompProfile: type: RuntimeDefault nodeSelector: kubernetes.io/os: linux tolerations: - operator: "Exists" containers: - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 args: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) env: - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/csi-nfsplugin/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration resources: limits: memory: 100Mi requests: cpu: 10m memory: 20Mi securityContext: capabilities: drop: - ALL - name: nfs securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] drop: - ALL allowPrivilegeEscalation: true image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" args: - "-v=5" - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" - "--run-node-server=true" - "--run-nfs-services=true" - "--drivername={{ .Values.driver.name }}" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock imagePullPolicy: Always volumeMounts: - name: socket-dir mountPath: /csi - name: pods-mount-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" resources: limits: memory: 300Mi requests: cpu: 10m memory: 20Mi volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/csi-nfsplugin type: DirectoryOrCreate - name: pods-mount-dir hostPath: path: /var/lib/kubelet/pods type: Directory - hostPath: path: /var/lib/kubelet/plugins_registry type: Directory name: registration-dir