--- # Source: azurefile-csi-driver/templates/serviceaccount-csi-azurefile-controller.yaml apiVersion: v1 kind: ServiceAccount metadata: name: csi-azurefile-controller-sa namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile --- # Source: azurefile-csi-driver/templates/serviceaccount-csi-azurefile-node.yaml apiVersion: v1 kind: ServiceAccount metadata: name: csi-azurefile-node-sa namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-external-provisioner-role labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["get", "list"] --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-external-attacher-role labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["csi.storage.k8s.io"] resources: ["csinodeinfos"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-external-snapshotter-role labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] verbs: ["get", "list", "watch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["create", "get", "list", "watch", "update", "delete"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents/status"] verbs: ["update"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create", "patch"] --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-external-resizer-role namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["update", "patch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: csi-azurefile-controller-secret-role namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create"] --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-csi-provisioner-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: csi-azurefile-controller-sa namespace: kube-system roleRef: kind: ClusterRole name: azurefile-external-provisioner-role apiGroup: rbac.authorization.k8s.io --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-csi-attacher-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: csi-azurefile-controller-sa namespace: kube-system roleRef: kind: ClusterRole name: azurefile-external-attacher-role apiGroup: rbac.authorization.k8s.io --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-csi-snapshotter-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: csi-azurefile-controller-sa namespace: kube-system roleRef: kind: ClusterRole name: azurefile-external-snapshotter-role apiGroup: rbac.authorization.k8s.io --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: azurefile-csi-resizer-role namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: csi-azurefile-controller-sa namespace: kube-system roleRef: kind: ClusterRole name: azurefile-external-resizer-role apiGroup: rbac.authorization.k8s.io --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: csi-azurefile-controller-secret-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: csi-azurefile-controller-sa namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: csi-azurefile-controller-secret-role --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-node.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-azurefile-node-secret-role labels: addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] --- # Source: azurefile-csi-driver/templates/rbac-csi-azurefile-controller.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: csi-azurefile-node-secret-binding namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: csi-azurefile-node-sa namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: csi-azurefile-node-secret-role {{if and (IsKubernetesVersionGe "1.18.0") HasWindows}} --- # Source: azurefile-csi-driver/templates/csi-azurefile-node-windows.yaml kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-azurefile-node-windows namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% selector: matchLabels: app: csi-azurefile-node-windows template: metadata: labels: app: csi-azurefile-node-windows spec: nodeSelector: kubernetes.io/os: windows priorityClassName: system-node-critical tolerations: - key: "node.kubernetes.io/os" operator: "Exists" effect: "NoSchedule" containers: - name: liveness-probe volumeMounts: - mountPath: C:\csi name: plugin-dir image: {{ContainerImage "livenessprobe-windows"}} args: - "--csi-address=$(CSI_ENDPOINT)" - "--probe-timeout=3s" - "--health-port=29613" - "--v=2" env: - name: CSI_ENDPOINT value: unix://C:\\csi\\csi.sock resources: limits: cpu: {{ContainerCPULimits "livenessprobe-windows"}} memory: {{ContainerMemLimits "livenessprobe-windows"}} requests: cpu: {{ContainerCPUReqs "livenessprobe-windows"}} memory: {{ContainerMemReqs "livenessprobe-windows"}} - name: node-driver-registrar image: {{ContainerImage "csi-node-driver-registrar-windows"}} args: - --v=2 - --csi-address=$(CSI_ENDPOINT) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) livenessProbe: exec: command: - /csi-node-driver-registrar.exe - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --mode=kubelet-registration-probe initialDelaySeconds: 60 timeoutSeconds: 30 env: - name: CSI_ENDPOINT value: unix://C:\\csi\\csi.sock - name: DRIVER_REG_SOCK_PATH value: C:\\var\\lib\\kubelet\\plugins\\file.csi.azure.com\\csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: kubelet-dir mountPath: "C:\\var\\lib\\kubelet" - name: plugin-dir mountPath: C:\csi - name: registration-dir mountPath: C:\registration resources: limits: cpu: {{ContainerCPULimits "csi-node-driver-registrar-windows"}} memory: {{ContainerMemLimits "csi-node-driver-registrar-windows"}} requests: cpu: {{ContainerCPUReqs "csi-node-driver-registrar-windows"}} memory: {{ContainerMemReqs "csi-node-driver-registrar-windows"}} - name: azurefile image: {{ContainerImage "azurefile-csi"}} args: - --v=5 - --endpoint=$(CSI_ENDPOINT) - --nodeid=$(KUBE_NODE_NAME) - --kubeconfig=C:\\k\\config - --metrics-address=0.0.0.0:29615 - --user-agent-suffix=aks-engine ports: - containerPort: 29613 name: healthz protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 env: - name: AZURE_CREDENTIAL_FILE value: "C:\\k\\azure.json" - name: CSI_ENDPOINT value: unix://C:\\csi\\csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName imagePullPolicy: volumeMounts: - name: kubelet-dir mountPath: "C:\\var\\lib\\kubelet" - name: plugin-dir mountPath: C:\csi - name: azure-config mountPath: C:\k - name: csi-proxy-fs-pipe-v1 mountPath: \\.\pipe\csi-proxy-filesystem-v1 - name: csi-proxy-smb-pipe-v1 mountPath: \\.\pipe\csi-proxy-smb-v1 # these paths are still included for compatibility, they're used # only if the node has still the beta version of the CSI proxy - name: csi-proxy-fs-pipe-v1beta1 mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1 - name: csi-proxy-smb-pipe-v1beta1 mountPath: \\.\pipe\csi-proxy-smb-v1beta1 resources: limits: cpu: {{ContainerCPULimits "azurefile-csi"}} memory: {{ContainerMemLimits "azurefile-csi"}} requests: cpu: {{ContainerCPUReqs "azurefile-csi"}} memory: {{ContainerMemReqs "azurefile-csi"}} volumes: - name: csi-proxy-fs-pipe-v1 hostPath: path: \\.\pipe\csi-proxy-filesystem-v1 - name: csi-proxy-smb-pipe-v1 hostPath: path: \\.\pipe\csi-proxy-smb-v1 # these paths are still included for compatibility, they're used # only if the node has still the beta version of the CSI proxy - name: csi-proxy-fs-pipe-v1beta1 hostPath: path: \\.\pipe\csi-proxy-filesystem-v1beta1 - name: csi-proxy-smb-pipe-v1beta1 hostPath: path: \\.\pipe\csi-proxy-smb-v1beta1 - name: registration-dir hostPath: path: C:\var\lib\kubelet\plugins_registry\ type: Directory - name: kubelet-dir hostPath: path: C:\var\lib\kubelet\ type: Directory - name: plugin-dir hostPath: path: C:\var\lib\kubelet\plugins\file.csi.azure.com\ type: DirectoryOrCreate - name: azure-config hostPath: path: C:\k type: DirectoryOrCreate {{end}} {{if HasLinux}} --- # Source: azurefile-csi-driver/templates/csi-azurefile-node.yaml kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-azurefile-node namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile spec: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 50% selector: matchLabels: app: csi-azurefile-node template: metadata: labels: app: csi-azurefile-node spec: hostNetwork: true dnsPolicy: Default serviceAccountName: csi-azurefile-node-sa nodeSelector: kubernetes.io/os: linux priorityClassName: system-node-critical tolerations: - operator: "Exists" containers: - name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir image: {{ContainerImage "livenessprobe"}} args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - --health-port=29613 - --v=2 resources: limits: cpu: {{ContainerCPULimits "livenessprobe"}} memory: {{ContainerMemLimits "livenessprobe"}} requests: cpu: {{ContainerCPUReqs "livenessprobe"}} memory: {{ContainerMemReqs "livenessprobe"}} - name: node-driver-registrar image: {{ContainerImage "csi-node-driver-registrar"}} args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=2 livenessProbe: exec: command: - /csi-node-driver-registrar - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --mode=kubelet-registration-probe initialDelaySeconds: 30 timeoutSeconds: 15 env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/file.csi.azure.com/csi.sock volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration resources: limits: cpu: {{ContainerCPULimits "csi-node-driver-registrar"}} memory: {{ContainerMemLimits "csi-node-driver-registrar"}} requests: cpu: {{ContainerCPUReqs "csi-node-driver-registrar"}} memory: {{ContainerMemReqs "csi-node-driver-registrar"}} - name: azurefile image: {{ContainerImage "azurefile-csi"}} args: - "--v=5" - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--metrics-address=0.0.0.0:29615" - "--user-agent-suffix=aks-engine" ports: - containerPort: 29613 name: healthz protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 env: - name: AZURE_CREDENTIAL_FILE value: "/etc/kubernetes/azure.json" - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName securityContext: privileged: true volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /var/lib/kubelet/ mountPropagation: Bidirectional name: mountpoint-dir - mountPath: /etc/kubernetes/ name: azure-cred - mountPath: /dev name: device-dir resources: limits: cpu: {{ContainerCPULimits "azurefile-csi"}} memory: {{ContainerMemLimits "azurefile-csi"}} requests: cpu: {{ContainerCPUReqs "azurefile-csi"}} memory: {{ContainerMemReqs "azurefile-csi"}} volumes: - hostPath: path: /var/lib/kubelet/plugins/file.csi.azure.com type: DirectoryOrCreate name: socket-dir - hostPath: path: /var/lib/kubelet/ type: DirectoryOrCreate name: mountpoint-dir - hostPath: path: /var/lib/kubelet/plugins_registry/ type: DirectoryOrCreate name: registration-dir - hostPath: path: /etc/kubernetes/ type: DirectoryOrCreate name: azure-cred - hostPath: path: /dev type: Directory name: device-dir {{end}} --- # Source: azurefile-csi-driver/templates/csi-azurefile-controller.yaml kind: Deployment apiVersion: apps/v1 metadata: name: csi-azurefile-controller namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile spec: replicas: {{CSIControllerReplicas}} selector: matchLabels: app: csi-azurefile-controller template: metadata: labels: app: csi-azurefile-controller spec: hostNetwork: true # only required for MSI enabled cluster serviceAccountName: csi-azurefile-controller-sa nodeSelector: kubernetes.io/os: linux kubernetes.io/role: master priorityClassName: system-cluster-critical tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" containers: - name: csi-provisioner image: {{ContainerImage "csi-provisioner"}} args: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" - "--timeout=300s" - "--extra-create-metadata=true" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir resources: limits: cpu: {{ContainerCPULimits "csi-provisioner"}} memory: {{ContainerMemLimits "csi-provisioner"}} requests: cpu: {{ContainerCPUReqs "csi-provisioner"}} memory: {{ContainerMemReqs "csi-provisioner"}} - name: csi-attacher image: {{ContainerImage "csi-attacher"}} args: - "-v=2" - "-csi-address=$(ADDRESS)" - "-timeout=120s" - "-leader-election" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir resources: limits: cpu: {{ContainerCPULimits "csi-attacher"}} memory: {{ContainerMemLimits "csi-attacher"}} requests: cpu: {{ContainerCPUReqs "csi-attacher"}} memory: {{ContainerMemReqs "csi-attacher"}} {{if ShouldEnableCSISnapshotFeature "azurefile-csi-driver"}} - name: csi-snapshotter image: {{ContainerImage "csi-snapshotter"}} args: - "-v=2" - "-csi-address=$(ADDRESS)" - "-leader-election" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - name: socket-dir mountPath: /csi resources: limits: cpu: {{ContainerCPULimits "csi-snapshotter"}} memory: {{ContainerMemLimits "csi-snapshotter"}} requests: cpu: {{ContainerCPUReqs "csi-snapshotter"}} memory: {{ContainerMemReqs "csi-snapshotter"}} {{end}} - name: csi-resizer image: {{ContainerImage "csi-resizer"}} args: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" - '-handle-volume-inuse-error=false' env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - name: socket-dir mountPath: /csi resources: limits: cpu: {{ContainerCPULimits "csi-resizer"}} memory: {{ContainerMemLimits "csi-resizer"}} requests: cpu: {{ContainerCPUReqs "csi-resizer"}} memory: {{ContainerMemReqs "csi-resizer"}} - name: liveness-probe image: {{ContainerImage "livenessprobe"}} args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - --health-port=29612 - --v=2 volumeMounts: - name: socket-dir mountPath: /csi resources: limits: cpu: {{ContainerCPULimits "livenessprobe"}} memory: {{ContainerMemLimits "livenessprobe"}} requests: cpu: {{ContainerCPUReqs "livenessprobe"}} memory: {{ContainerMemReqs "livenessprobe"}} - name: azurefile image: {{ContainerImage "azurefile-csi"}} args: - "--v=5" - "--endpoint=$(CSI_ENDPOINT)" - "--metrics-address=0.0.0.0:29614" - "--user-agent-suffix=aks-engine" ports: - containerPort: 29612 name: healthz protocol: TCP - containerPort: 29614 name: metrics protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 env: - name: AZURE_CREDENTIAL_FILE value: "/etc/kubernetes/azure.json" - name: CSI_ENDPOINT value: unix:///csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /etc/kubernetes/ name: azure-cred resources: limits: cpu: {{ContainerCPULimits "azurefile-csi"}} memory: {{ContainerMemLimits "azurefile-csi"}} requests: cpu: {{ContainerCPUReqs "azurefile-csi"}} memory: {{ContainerMemReqs "azurefile-csi"}} volumes: - name: socket-dir emptyDir: {} - name: azure-cred hostPath: path: /etc/kubernetes/ type: DirectoryOrCreate --- # Source: azurefile-csi-driver/templates/csi-azurefile-driver.yaml apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: file.csi.azure.com labels: addonmanager.kubernetes.io/mode: Reconcile spec: attachRequired: false podInfoOnMount: true volumeLifecycleModes: - Persistent - Ephemeral