2021-12-03 21:16:52 +00:00
# Controller Service
kind : Deployment
apiVersion : apps/v1
metadata :
name : ebs-csi-controller
2022-05-04 12:25:29 +00:00
namespace : {{ .Release.Namespace }}
2021-12-03 21:16:52 +00:00
labels :
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
spec :
replicas : {{ .Values.controller.replicaCount }}
{{- with .Values.controller.updateStrategy }}
strategy :
{{ toYaml . | nindent 4 }}
{{- end }}
selector :
matchLabels :
app : ebs-csi-controller
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
template :
metadata :
labels :
app : ebs-csi-controller
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations :
{{- toYaml .Values.controller.podAnnotations | nindent 8 }}
{{- end }}
spec :
nodeSelector :
kubernetes.io/os : linux
{{- with .Values.controller.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName : {{ .Values.controller.serviceAccount.name }}
priorityClassName : {{ .Values.controller.priorityClassName }}
{{- with default .Values.controller.affinity }}
affinity :
{{- toYaml . | nindent 8 }}
{{- end }}
tolerations :
- key : CriticalAddonsOnly
operator : Exists
- operator : Exists
effect : NoExecute
tolerationSeconds : 300
{{- with .Values.controller.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
{{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }}
{{- $constraints := list }}
{{- range .Values.controller.topologySpreadConstraints }}
{{- $constraints = mustAppend $constraints (mergeOverwrite . $tscLabelSelector) }}
{{- end }}
topologySpreadConstraints :
{{- $constraints | toYaml | nindent 8 }}
{{- end }}
2022-01-11 13:25:46 +00:00
{{- with .Values.controller.securityContext }}
securityContext :
{{- toYaml . | nindent 8 }}
2022-08-24 15:13:39 +00:00
{{- end }}
2021-12-03 21:16:52 +00:00
containers :
- name : ebs-plugin
image : {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }}
imagePullPolicy : {{ .Values.image.pullPolicy }}
args :
{{- if ne .Release.Name "kustomize" }}
- controller
{{- else }}
# - {all,controller,node} # specify the driver mode
{{- end }}
- --endpoint=$(CSI_ENDPOINT)
{{- if .Values.controller.extraVolumeTags }}
{{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }}
{{- end }}
{{- with .Values.controller.k8sTagClusterId }}
- --k8s-tag-cluster-id={{ . }}
{{- end }}
{{- with .Values.controller.httpEndpoint }}
- --http-endpoint={{ . }}
{{- end }}
- --logtostderr
- --v={{ .Values.controller.logLevel }}
{{- range .Values.controller.additionalArgs }}
- {{ . }}
{{- end }}
env :
- name : CSI_ENDPOINT
value : unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name : CSI_NODE_NAME
valueFrom :
fieldRef :
fieldPath : spec.nodeName
- name : AWS_ACCESS_KEY_ID
valueFrom :
secretKeyRef :
name : aws-secret
key : key_id
optional : true
- name : AWS_SECRET_ACCESS_KEY
valueFrom :
secretKeyRef :
name : aws-secret
key : access_key
optional : true
2022-08-24 15:13:39 +00:00
- name : AWS_EC2_ENDPOINT
valueFrom :
configMapKeyRef :
name : aws-meta
key : endpoint
optional : true
2021-12-03 21:16:52 +00:00
{{- with .Values.controller.region }}
- name : AWS_REGION
value : {{ . }}
{{- end }}
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.controller.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
envFrom :
{{- with .Values.controller.envFrom }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
volumeMounts :
- name : socket-dir
mountPath : /var/lib/csi/sockets/pluginproxy/
- name : aws-token
mountPath : "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly : true
ports :
- name : healthz
containerPort : 9808
protocol : TCP
livenessProbe :
httpGet :
path : /healthz
port : healthz
initialDelaySeconds : 10
timeoutSeconds : 3
periodSeconds : 10
failureThreshold : 5
readinessProbe :
httpGet :
path : /healthz
port : healthz
initialDelaySeconds : 10
timeoutSeconds : 3
periodSeconds : 10
failureThreshold : 5
{{- with .Values.controller.resources }}
resources :
{{- toYaml . | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
{{- with .Values.controller.containerSecurityContext }}
securityContext :
{{- toYaml . | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
- name : csi-provisioner
image : {{ printf "%s:%s" .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }}
imagePullPolicy : {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }}
args :
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.provisioner.logLevel }}
- --feature-gates=Topology=true
{{- if .Values.controller.extraCreateMetadata }}
- --extra-create-metadata
{{- end}}
2022-09-16 09:21:38 +00:00
- --leader-election={{ .Values.sidecars.provisioner.leaderElection.enabled | required "leader election state for csi-provisioner is required, must be set to true || false." }}
{{- if .Values.sidecars.provisioner.leaderElection.enabled }}
{{- if .Values.sidecars.provisioner.leaderElection.leaseDuration }}
- --leader-election-lease-duration={{ .Values.sidecars.provisioner.leaderElection.leaseDuration }}
{{- end }}
{{- if .Values.sidecars.provisioner.leaderElection.renewDeadline}}
- --leader-election-renew-deadline={{ .Values.sidecars.provisioner.leaderElection.renewDeadline }}
{{- end }}
{{- if .Values.sidecars.provisioner.leaderElection.retryPeriod }}
- --leader-election-retry-period={{ .Values.sidecars.provisioner.leaderElection.retryPeriod }}
{{- end }}
{{- end }}
2021-12-03 21:16:52 +00:00
- --default-fstype={{ .Values.controller.defaultFsType }}
env :
- name : ADDRESS
value : /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.provisioner.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
envFrom :
{{- with .Values.controller.envFrom }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
volumeMounts :
- name : socket-dir
mountPath : /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.provisioner.resources }}
resources :
{{- toYaml . | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
{{- with .Values.sidecars.provisioner.securityContext }}
securityContext :
{{- toYaml . | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
- name : csi-attacher
image : {{ printf "%s:%s" .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }}
imagePullPolicy : {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }}
args :
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.attacher.logLevel }}
2022-09-16 09:21:38 +00:00
- --leader-election={{ .Values.sidecars.attacher.leaderElection.enabled | required "leader election state for csi-attacher is required, must be set to true || false." }}
{{- if .Values.sidecars.attacher.leaderElection.enabled }}
{{- if .Values.sidecars.attacher.leaderElection.leaseDuration }}
- --leader-election-lease-duration={{ .Values.sidecars.attacher.leaderElection.leaseDuration }}
{{- end }}
{{- if .Values.sidecars.attacher.leaderElection.renewDeadline}}
- --leader-election-renew-deadline={{ .Values.sidecars.attacher.leaderElection.renewDeadline }}
{{- end }}
{{- if .Values.sidecars.attacher.leaderElection.retryPeriod }}
- --leader-election-retry-period={{ .Values.sidecars.attacher.leaderElection.retryPeriod }}
{{- end }}
{{- end }}
2021-12-03 21:16:52 +00:00
env :
- name : ADDRESS
value : /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.attacher.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
envFrom :
{{- with .Values.controller.envFrom }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
volumeMounts :
- name : socket-dir
mountPath : /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.attacher.resources }}
resources :
{{- toYaml . | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
{{- with .Values.sidecars.attacher.securityContext }}
securityContext :
{{- toYaml . | nindent 12 }}
{{- end }}
2021-12-08 16:14:38 +00:00
{{- if or (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }}
2021-12-03 21:16:52 +00:00
- name : csi-snapshotter
image : {{ printf "%s:%s" .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }}
imagePullPolicy : {{ default .Values.image.pullPolicy .Values.sidecars.snapshotter.image.pullPolicy }}
args :
- --csi-address=$(ADDRESS)
- --leader-election=true
env :
- name : ADDRESS
value : /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.snapshotter.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
envFrom :
{{- with .Values.controller.envFrom }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
volumeMounts :
- name : socket-dir
mountPath : /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.snapshotter.resources }}
resources :
{{- toYaml . | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
{{- with .Values.sidecars.snapshotter.securityContext }}
securityContext :
{{- toYaml . | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
{{- end }}
- name : csi-resizer
image : {{ printf "%s:%s" .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }}
imagePullPolicy : {{ default .Values.image.pullPolicy .Values.sidecars.resizer.image.pullPolicy }}
args :
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.resizer.logLevel }}
2022-08-24 15:13:39 +00:00
- --handle-volume-inuse-error=false
2021-12-03 21:16:52 +00:00
env :
- name : ADDRESS
value : /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.resizer.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
envFrom :
{{- with .Values.controller.envFrom }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
volumeMounts :
- name : socket-dir
mountPath : /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.resizer.resources }}
resources :
{{- toYaml . | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
{{- with .Values.sidecars.resizer.securityContext }}
securityContext :
{{- toYaml . | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
- name : liveness-probe
image : {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
imagePullPolicy : {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
args :
- --csi-address=/csi/csi.sock
2022-08-24 15:13:39 +00:00
envFrom :
{{- with .Values.controller.envFrom }}
{{- . | toYaml | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
volumeMounts :
- name : socket-dir
mountPath : /csi
{{- with default .Values.controller.resources .Values.sidecars.livenessProbe.resources }}
resources :
{{- toYaml . | nindent 12 }}
{{- end }}
2022-08-24 15:13:39 +00:00
{{- with .Values.sidecars.livenessProbe.securityContext }}
securityContext :
{{- toYaml . | nindent 12 }}
{{- end }}
2021-12-03 21:16:52 +00:00
{{- if .Values.imagePullSecrets }}
imagePullSecrets :
{{- range .Values.imagePullSecrets }}
- name : {{ . }}
{{- end }}
{{- end }}
volumes :
- name : socket-dir
emptyDir : {}
- name : aws-token
projected :
sources :
- serviceAccountToken :
path : token
expirationSeconds : 86400
audience : "sts.amazonaws.com"