363 lines
15 KiB
YAML
363 lines
15 KiB
YAML
# Controller Service
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: ebs-csi-controller
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.controller.replicaCount }}
|
|
{{- with .Values.controller.updateStrategy }}
|
|
strategy:
|
|
{{ toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
app: ebs-csi-controller
|
|
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ebs-csi-controller
|
|
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
|
|
{{- if .Values.controller.podLabels }}
|
|
{{- toYaml .Values.controller.podLabels | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml .Values.controller.podAnnotations | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
{{- with .Values.controller.nodeSelector }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ .Values.controller.serviceAccount.name }}
|
|
priorityClassName: {{ .Values.controller.priorityClassName }}
|
|
{{- with default .Values.controller.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
tolerations:
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
- operator: Exists
|
|
effect: NoExecute
|
|
tolerationSeconds: 300
|
|
{{- with .Values.controller.tolerations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.controller.topologySpreadConstraints }}
|
|
{{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }}
|
|
{{- $constraints := list }}
|
|
{{- range .Values.controller.topologySpreadConstraints }}
|
|
{{- $constraints = mustAppend $constraints (mergeOverwrite . $tscLabelSelector) }}
|
|
{{- end }}
|
|
topologySpreadConstraints:
|
|
{{- $constraints | toYaml | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.controller.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.controller.initContainers }}
|
|
initContainers:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: ebs-plugin
|
|
image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
args:
|
|
{{- if ne .Release.Name "kustomize" }}
|
|
- controller
|
|
{{- else }}
|
|
# - {all,controller,node} # specify the driver mode
|
|
{{- end }}
|
|
- --endpoint=$(CSI_ENDPOINT)
|
|
{{- if .Values.controller.extraVolumeTags }}
|
|
{{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.controller.k8sTagClusterId }}
|
|
- --k8s-tag-cluster-id={{ . }}
|
|
{{- end }}
|
|
{{- if and (.Values.controller.enableMetrics) (not .Values.controller.httpEndpoint) }}
|
|
- --http-endpoint=0.0.0.0:3301
|
|
{{- end}}
|
|
{{- with .Values.controller.httpEndpoint }}
|
|
- --http-endpoint={{ . }}
|
|
{{- end }}
|
|
- --logtostderr
|
|
- --v={{ .Values.controller.logLevel }}
|
|
{{- range .Values.controller.additionalArgs }}
|
|
- {{ . }}
|
|
{{- end }}
|
|
env:
|
|
- name: CSI_ENDPOINT
|
|
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
|
|
- name: CSI_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: aws-secret
|
|
key: key_id
|
|
optional: true
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: aws-secret
|
|
key: access_key
|
|
optional: true
|
|
- name: AWS_EC2_ENDPOINT
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: aws-meta
|
|
key: endpoint
|
|
optional: true
|
|
{{- with .Values.controller.region }}
|
|
- name: AWS_REGION
|
|
value: {{ . }}
|
|
{{- end }}
|
|
{{- if .Values.proxy.http_proxy }}
|
|
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.controller.env }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
envFrom:
|
|
{{- with .Values.controller.envFrom }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
|
- name: aws-token
|
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
readOnly: true
|
|
ports:
|
|
- name: healthz
|
|
containerPort: 9808
|
|
protocol: TCP
|
|
{{- if .Values.controller.enableMetrics }}
|
|
- name: metrics
|
|
containerPort: 3301
|
|
protocol: TCP
|
|
{{- end}}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 3
|
|
periodSeconds: 10
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: healthz
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 3
|
|
periodSeconds: 10
|
|
failureThreshold: 5
|
|
{{- with .Values.controller.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.controller.containerSecurityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
- name: csi-provisioner
|
|
image: {{ printf "%s:%s" .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }}
|
|
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }}
|
|
args:
|
|
- --csi-address=$(ADDRESS)
|
|
- --v={{ .Values.sidecars.provisioner.logLevel }}
|
|
- --feature-gates=Topology=true
|
|
{{- if .Values.controller.extraCreateMetadata }}
|
|
- --extra-create-metadata
|
|
{{- end}}
|
|
- --leader-election={{ .Values.sidecars.provisioner.leaderElection.enabled | required "leader election state for csi-provisioner is required, must be set to true || false." }}
|
|
{{- if .Values.sidecars.provisioner.leaderElection.enabled }}
|
|
{{- if .Values.sidecars.provisioner.leaderElection.leaseDuration }}
|
|
- --leader-election-lease-duration={{ .Values.sidecars.provisioner.leaderElection.leaseDuration }}
|
|
{{- end }}
|
|
{{- if .Values.sidecars.provisioner.leaderElection.renewDeadline}}
|
|
- --leader-election-renew-deadline={{ .Values.sidecars.provisioner.leaderElection.renewDeadline }}
|
|
{{- end }}
|
|
{{- if .Values.sidecars.provisioner.leaderElection.retryPeriod }}
|
|
- --leader-election-retry-period={{ .Values.sidecars.provisioner.leaderElection.retryPeriod }}
|
|
{{- end }}
|
|
{{- end }}
|
|
- --default-fstype={{ .Values.controller.defaultFsType }}
|
|
env:
|
|
- name: ADDRESS
|
|
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
|
{{- if .Values.proxy.http_proxy }}
|
|
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.provisioner.env }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
envFrom:
|
|
{{- with .Values.controller.envFrom }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
|
{{- with default .Values.controller.resources .Values.sidecars.provisioner.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.provisioner.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
- name: csi-attacher
|
|
image: {{ printf "%s:%s" .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }}
|
|
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }}
|
|
args:
|
|
- --csi-address=$(ADDRESS)
|
|
- --v={{ .Values.sidecars.attacher.logLevel }}
|
|
- --leader-election={{ .Values.sidecars.attacher.leaderElection.enabled | required "leader election state for csi-attacher is required, must be set to true || false." }}
|
|
{{- if .Values.sidecars.attacher.leaderElection.enabled }}
|
|
{{- if .Values.sidecars.attacher.leaderElection.leaseDuration }}
|
|
- --leader-election-lease-duration={{ .Values.sidecars.attacher.leaderElection.leaseDuration }}
|
|
{{- end }}
|
|
{{- if .Values.sidecars.attacher.leaderElection.renewDeadline}}
|
|
- --leader-election-renew-deadline={{ .Values.sidecars.attacher.leaderElection.renewDeadline }}
|
|
{{- end }}
|
|
{{- if .Values.sidecars.attacher.leaderElection.retryPeriod }}
|
|
- --leader-election-retry-period={{ .Values.sidecars.attacher.leaderElection.retryPeriod }}
|
|
{{- end }}
|
|
{{- end }}
|
|
env:
|
|
- name: ADDRESS
|
|
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
|
{{- if .Values.proxy.http_proxy }}
|
|
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.attacher.env }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
envFrom:
|
|
{{- with .Values.controller.envFrom }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
|
{{- with default .Values.controller.resources .Values.sidecars.attacher.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.attacher.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- if or (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }}
|
|
- name: csi-snapshotter
|
|
image: {{ printf "%s:%s" .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }}
|
|
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.snapshotter.image.pullPolicy }}
|
|
args:
|
|
- --csi-address=$(ADDRESS)
|
|
- --leader-election=true
|
|
env:
|
|
- name: ADDRESS
|
|
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
|
{{- if .Values.proxy.http_proxy }}
|
|
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.snapshotter.env }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
envFrom:
|
|
{{- with .Values.controller.envFrom }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
|
{{- with default .Values.controller.resources .Values.sidecars.snapshotter.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.snapshotter.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: csi-resizer
|
|
image: {{ printf "%s:%s" .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }}
|
|
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.resizer.image.pullPolicy }}
|
|
args:
|
|
- --csi-address=$(ADDRESS)
|
|
- --v={{ .Values.sidecars.resizer.logLevel }}
|
|
- --handle-volume-inuse-error=false
|
|
env:
|
|
- name: ADDRESS
|
|
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
|
{{- if .Values.proxy.http_proxy }}
|
|
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.resizer.env }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
envFrom:
|
|
{{- with .Values.controller.envFrom }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
|
{{- with default .Values.controller.resources .Values.sidecars.resizer.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.resizer.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
- name: liveness-probe
|
|
image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
|
|
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
|
|
args:
|
|
- --csi-address=/csi/csi.sock
|
|
envFrom:
|
|
{{- with .Values.controller.envFrom }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
{{- with default .Values.controller.resources .Values.sidecars.livenessProbe.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- with .Values.sidecars.livenessProbe.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- range .Values.imagePullSecrets }}
|
|
- name: {{ . }}
|
|
{{- end }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: socket-dir
|
|
emptyDir: {}
|
|
- name: aws-token
|
|
projected:
|
|
sources:
|
|
- serviceAccountToken:
|
|
path: token
|
|
expirationSeconds: 86400
|
|
audience: "sts.amazonaws.com"
|