# Controller Service
kind: Deployment
apiVersion: apps/v1
metadata:
  name: ebs-csi-controller
  labels:
    {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: ebs-csi-controller
      {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        app: ebs-csi-controller
        {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
      {{- if .Values.podAnnotations }}
      annotations: {{ toYaml .Values.podAnnotations | nindent 8 }}
      {{- end }}
    spec:
      nodeSelector:
        kubernetes.io/os: linux
        {{- with .Values.nodeSelector }}
{{ toYaml . | indent 8 }}
        {{- end }}
      serviceAccountName: {{ .Values.serviceAccount.controller.name }}
      priorityClassName: {{ .Values.priorityClassName | default "system-cluster-critical" }}
      {{- with .Values.affinity }}
      affinity: {{ toYaml . | nindent 8 }}
      {{- end }}
      tolerations:
        {{- if .Values.tolerateAllTaints }}
        - operator: Exists
        {{- else }}
        - key: CriticalAddonsOnly
          operator: Exists
        - operator: Exists
          effect: NoExecute
          tolerationSeconds: 300
        {{- end }}
        {{- with .Values.tolerations }}
{{ toYaml . | indent 8 }}
        {{- end }}
{{- if .Values.topologySpreadConstraints }}
{{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }}
      topologySpreadConstraints:
        {{- range .Values.topologySpreadConstraints }}
        - {{ mergeOverwrite . $tscLabelSelector | toJson }}
        {{- end }}
{{- end }}
      containers:
        - name: ebs-plugin
          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args:
            {{- if ne .Release.Name "kustomize" }}
            - controller
            {{- else }}
            # - {all,controller,node} # specify the driver mode
            {{- end }}
            - --endpoint=$(CSI_ENDPOINT)
            {{- if .Values.extraVolumeTags }}
              {{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }}
            {{- end }}
            {{- if .Values.k8sTagClusterId }}
            - --k8s-tag-cluster-id={{ .Values.k8sTagClusterId }}
            {{- end }}
            - --logtostderr
            - --v={{ .Values.logLevel }}
          env:
            - name: CSI_ENDPOINT
              value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: aws-secret
                  key: key_id
                  optional: true
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: aws-secret
                  key: access_key
                  optional: true
            {{- if .Values.region }}
            - name: AWS_REGION
              value: {{ .Values.region }}
            {{- end }}
            {{- if .Values.controller.extraVars }}
            {{- range $key, $val :=  .Values.controller.extraVars }}
            - name: {{ $key }}
              value: "{{ $val }}"
            {{- end }}
            {{- end }}
{{- if .Values.proxy.http_proxy }}
            - name: HTTP_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: HTTPS_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: NO_PROXY
              value: {{ .Values.proxy.no_proxy | quote }}
{{- end }}
          volumeMounts:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
          ports:
            - name: healthz
              containerPort: 9808
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            timeoutSeconds: 3
            periodSeconds: 10
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            timeoutSeconds: 3
            periodSeconds: 10
            failureThreshold: 5
          {{- with .Values.resources }}
          resources: {{ toYaml . | nindent 12 }}
          {{- end }}
        - name: csi-provisioner
          image: {{ printf "%s:%s" .Values.sidecars.provisionerImage.repository .Values.sidecars.provisionerImage.tag }}
          args:
            - --csi-address=$(ADDRESS)
            - --v={{ .Values.logLevel }}
            {{- if .Values.enableVolumeScheduling }}
            - --feature-gates=Topology=true
            {{- end}}
            {{- if .Values.extraCreateMetadata }}
            - --extra-create-metadata
            {{- end}}
            - --leader-election={{ ternary "true" "false" ( gt (.Values.replicaCount|int) 1 ) }}
            - --default-fstype=ext4
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
            - name: HTTP_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: HTTPS_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: NO_PROXY
              value: {{ .Values.proxy.no_proxy | quote }}
{{- end }}
          volumeMounts:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
          {{- with .Values.resources }}
          resources: {{ toYaml . | nindent 12 }}
          {{- end }}
        - name: csi-attacher
          image: {{ printf "%s:%s" .Values.sidecars.attacherImage.repository .Values.sidecars.attacherImage.tag }}
          args:
            - --csi-address=$(ADDRESS)
            - --v={{ .Values.logLevel }}
            - --leader-election={{ ternary "true" "false" ( gt (.Values.replicaCount|int) 1 ) }}
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
            - name: HTTP_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: HTTPS_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: NO_PROXY
              value: {{ .Values.proxy.no_proxy | quote }}
{{- end }}
          volumeMounts:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
          {{- with .Values.resources }}
          resources: {{ toYaml . | nindent 12 }}
          {{- end }}
        {{- if .Values.enableVolumeSnapshot }}
        - name: csi-snapshotter
          image: {{ printf "%s:%s" .Values.sidecars.snapshotterImage.repository .Values.sidecars.snapshotterImage.tag }}
          args:
            - --csi-address=$(ADDRESS)
            - --leader-election={{ ternary "true" "false" ( gt (.Values.replicaCount|int) 1 ) }}
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
            - name: HTTP_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: HTTPS_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: NO_PROXY
              value: {{ .Values.proxy.no_proxy | quote }}
{{- end }}
          volumeMounts:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
          {{- with .Values.resources }}
          resources: {{ toYaml . | nindent 12 }}
          {{- end }}
        {{- end }}
        {{- if .Values.enableVolumeResizing }}
        - name: csi-resizer
          image: {{ printf "%s:%s" .Values.sidecars.resizerImage.repository .Values.sidecars.resizerImage.tag }}
          imagePullPolicy: Always
          args:
            - --csi-address=$(ADDRESS)
            - --v={{ .Values.logLevel }}
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
            - name: HTTP_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: HTTPS_PROXY
              value: {{ .Values.proxy.http_proxy | quote }}
            - name: NO_PROXY
              value: {{ .Values.proxy.no_proxy | quote }}
{{- end }}
          volumeMounts:
            - name: socket-dir
              mountPath: /var/lib/csi/sockets/pluginproxy/
          {{- with .Values.resources }}
          resources: {{ toYaml . | nindent 12 }}
          {{- end }}
        {{- end }}
        - name: liveness-probe
          image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
          args:
            - --csi-address=/csi/csi.sock
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          {{- with .Values.resources }}
          resources: {{ toYaml . | nindent 12 }}
          {{- end }}
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
      {{- range .Values.imagePullSecrets }}
        - name: {{ . }}
      {{- end }}
      {{- end }}
      volumes:
        - name: socket-dir
          emptyDir: {}