--- kind: DaemonSet apiVersion: apps/v1 metadata: namespace: vitastor-system name: csi-vitastor spec: selector: matchLabels: app: csi-vitastor template: metadata: namespace: vitastor-system labels: app: csi-vitastor spec: serviceAccountName: vitastor-csi-nodeplugin hostNetwork: true hostPID: true priorityClassName: system-node-critical # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet containers: - name: driver-registrar # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. securityContext: privileged: true image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 args: - "--v=5" - "--csi-address=/csi/csi.sock" - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi.vitastor.io/csi.sock" env: - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration - name: csi-vitastor securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: vitalif/vitastor-csi:v0.6.17 args: - "--node=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock imagePullPolicy: "IfNotPresent" ports: - containerPort: 9898 name: healthz protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 2 volumeMounts: - name: socket-dir mountPath: /csi - mountPath: /dev name: host-dev - mountPath: /sys name: host-sys - mountPath: /run/mount name: host-mount - mountPath: /lib/modules name: lib-modules readOnly: true - name: vitastor-config mountPath: /etc/vitastor - name: plugin-dir mountPath: /var/lib/kubelet/plugins mountPropagation: "Bidirectional" - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" - name: liveness-probe securityContext: privileged: true image: quay.io/k8scsi/livenessprobe:v1.1.0 args: - "--csi-address=$(CSI_ENDPOINT)" - "--health-port=9898" env: - name: CSI_ENDPOINT value: unix://csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/csi.vitastor.io type: DirectoryOrCreate - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins type: Directory - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory - name: host-dev hostPath: path: /dev - name: host-sys hostPath: path: /sys - name: host-mount hostPath: path: /run/mount - name: lib-modules hostPath: path: /lib/modules - name: vitastor-config configMap: name: vitastor-config