# Controller Service kind: Deployment apiVersion: apps/v1 metadata: name: ebs-csi-controller labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} spec: replicas: {{ default .Values.replicaCount .Values.controller.replicaCount }} selector: matchLabels: app: ebs-csi-controller {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} template: metadata: labels: app: ebs-csi-controller {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} {{- if .Values.controller.podLabels }} {{- toYaml .Values.controller.podLabels | nindent 8 }} {{- end }} {{- if .Values.controller.podAnnotations }} annotations: {{- toYaml .Values.controller.podAnnotations | nindent 8 }} {{- else if .Values.podAnnotations}} annotations: {{- toYaml .Values.podAnnotations | nindent 8 }} {{- end }} spec: nodeSelector: kubernetes.io/os: linux {{- with default .Values.nodeSelector .Values.controller.nodeSelector }} {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ .Values.serviceAccount.controller.name }} priorityClassName: {{ default .Values.priorityClassName .Values.controller.priorityClassName }} {{- with default .Values.affinity .Values.controller.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} tolerations: - key: CriticalAddonsOnly operator: Exists - operator: Exists effect: NoExecute tolerationSeconds: 300 {{- with default .Values.tolerations .Values.controller.tolerations }} {{- toYaml . | nindent 8 }} {{- end }} {{- if or .Values.controller.topologySpreadConstraints .Values.topologySpreadConstraints }} {{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }} {{- $constraints := list }} {{- range default .Values.topologySpreadConstraints .Values.controller.topologySpreadConstraints }} {{- $constraints = mustAppend $constraints (mergeOverwrite . $tscLabelSelector) }} {{- end }} topologySpreadConstraints: {{- $constraints | toYaml | nindent 8 }} {{- end }} containers: - name: ebs-plugin image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: {{- if ne .Release.Name "kustomize" }} - controller {{- else }} # - {all,controller,node} # specify the driver mode {{- end }} - --endpoint=$(CSI_ENDPOINT) {{- if or .Values.controller.extraVolumeTags .Values.extraVolumeTags }} {{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }} {{- end }} {{- with default .Values.k8sTagClusterId .Values.controller.k8sTagClusterId }} - --k8s-tag-cluster-id={{ . }} {{- end }} {{- with .Values.controller.httpEndpoint }} - --http-endpoint={{ . }} {{- end }} - --logtostderr - --v={{ .Values.controller.logLevel }} env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - name: CSI_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: aws-secret key: key_id optional: true - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: aws-secret key: access_key optional: true {{- with default .Values.region .Values.controller.region }} - name: AWS_REGION value: {{ . }} {{- end }} {{- if .Values.controller.extraVars }} {{- range $key, $val := .Values.controller.extraVars }} - name: {{ $key }} value: "{{ $val }}" {{- end }} {{- end }} {{- if .Values.proxy.http_proxy }} {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} {{- end }} {{- with .Values.controller.env.ebsPlugin }} {{- . | toYaml | nindent 12 }} {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true ports: - name: healthz containerPort: 9808 protocol: TCP livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 5 readinessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 5 {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.ebsPlugin) }} resources: {{- toYaml . | nindent 12 }} {{- end }} - name: csi-provisioner image: {{ printf "%s:%s" .Values.sidecars.provisionerImage.repository .Values.sidecars.provisionerImage.tag }} args: - --csi-address=$(ADDRESS) - --v={{ .Values.controller.logLevel }} - --feature-gates=Topology=true {{- if or .Values.controller.extraCreateMetadata .Values.extraCreateMetadata }} - --extra-create-metadata {{- end}} - --leader-election=true - --default-fstype=ext4 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock {{- if .Values.proxy.http_proxy }} {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} {{- end }} {{- with .Values.controller.env.provisioner }} {{- . | toYaml | nindent 12 }} {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.provisioner) }} resources: {{- toYaml . | nindent 12 }} {{- end }} - name: csi-attacher image: {{ printf "%s:%s" .Values.sidecars.attacherImage.repository .Values.sidecars.attacherImage.tag }} args: - --csi-address=$(ADDRESS) - --v={{ .Values.controller.logLevel }} - --leader-election=true env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock {{- if .Values.proxy.http_proxy }} {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} {{- end }} {{- with .Values.controller.env.attacher }} {{- . | toYaml | nindent 12 }} {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.attacher) }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- if or .Values.enableVolumeSnapshot (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }} - name: csi-snapshotter image: {{ printf "%s:%s" .Values.sidecars.snapshotterImage.repository .Values.sidecars.snapshotterImage.tag }} args: - --csi-address=$(ADDRESS) - --leader-election=true env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock {{- if .Values.proxy.http_proxy }} {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} {{- end }} {{- with .Values.controller.env.snapshotter }} {{- . | toYaml | nindent 12 }} {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.snapshotter) }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - name: csi-resizer image: {{ printf "%s:%s" .Values.sidecars.resizerImage.repository .Values.sidecars.resizerImage.tag }} imagePullPolicy: Always args: - --csi-address=$(ADDRESS) - --v={{ .Values.controller.logLevel }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock {{- if .Values.proxy.http_proxy }} {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} {{- end }} {{- with .Values.controller.env.resizer }} {{- . | toYaml | nindent 12 }} {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.resizer) }} resources: {{- toYaml . | nindent 12 }} {{- end }} - name: liveness-probe image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }} args: - --csi-address=/csi/csi.sock volumeMounts: - name: socket-dir mountPath: /csi {{- with default .Values.resources (default .Values.controller.resources .Values.controller.containerResources.liveness) }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} - name: {{ . }} {{- end }} {{- end }} volumes: - name: socket-dir emptyDir: {} - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com"