# This YAML file contains driver-registrar & csi driver nodeplugin API objects, # which are necessary to run csi nodeplugin for cinder. kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-cinder-nodeplugin namespace: kube-system spec: selector: matchLabels: app: csi-cinder-nodeplugin template: metadata: labels: app: csi-cinder-nodeplugin spec: serviceAccountName: csi-cinder-node-sa hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: node-driver-registrar image: {{ csi_node_driver_registrar_image_repo }}:{{ csi_node_driver_registrar_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} args: - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/cinder.csi.openstack.org/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration - name: liveness-probe image: {{ csi_livenessprobe_image_repo }}:{{ csi_livenessprobe_image_tag }} args: - "--csi-address=/csi/csi.sock" volumeMounts: - name: socket-dir mountPath: /csi - name: cinder-csi-plugin securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: {{ cinder_csi_plugin_image_repo }}:{{ cinder_csi_plugin_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} args: - /bin/cinder-csi-plugin - "--endpoint=$(CSI_ENDPOINT)" - "--cloud-config=$(CLOUD_CONFIG)" env: - name: CSI_ENDPOINT value: unix://csi/csi.sock - name: CLOUD_CONFIG value: /etc/config/cloud.conf ports: - containerPort: 9808 name: healthz protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 10 volumeMounts: - name: socket-dir mountPath: /csi - name: kubelet-dir mountPath: /var/lib/kubelet mountPropagation: "Bidirectional" - name: pods-probe-dir mountPath: /dev mountPropagation: "HostToContainer" - name: secret-cinderplugin mountPath: /etc/config readOnly: true - name: ca-certs mountPath: /etc/ssl/certs readOnly: true {% if ssl_ca_dirs | length %} {% for dir in ssl_ca_dirs %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }} mountPath: {{ dir }} readOnly: true {% endfor %} {% endif %} {% if cinder_cacert is defined and cinder_cacert != "" %} - name: cinder-cacert mountPath: {{ kube_config_dir }}/cinder-cacert.pem readOnly: true {% endif %} volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/cinder.csi.openstack.org type: DirectoryOrCreate - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory - name: pods-probe-dir hostPath: path: /dev type: Directory - name: secret-cinderplugin secret: secretName: cloud-config - name: ca-certs hostPath: path: /etc/ssl/certs type: DirectoryOrCreate {% if ssl_ca_dirs | length %} {% for dir in ssl_ca_dirs %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }} hostPath: path: {{ dir }} type: DirectoryOrCreate {% endfor %} {% endif %} {% if cinder_cacert is defined and cinder_cacert != "" %} - name: cinder-cacert hostPath: path: {{ kube_config_dir }}/cinder-cacert.pem type: FileOrCreate {% endif %} {% if cinder_tolerations %} tolerations: {{ cinder_tolerations | to_nice_yaml(indent=2) | indent(width=8) }} {% endif %}