--- # Source: seaweedfs-csi-driver/templates/serviceaccounts.yaml apiVersion: v1 kind: ServiceAccount metadata: name: seaweedfs-controller-sa --- # Source: seaweedfs-csi-driver/templates/serviceaccounts.yaml apiVersion: v1 kind: ServiceAccount metadata: name: seaweedfs-node-sa --- # Source: seaweedfs-csi-driver/templates/storageclass.yaml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: seaweedfs-storage annotations: provisioner: seaweedfs-csi-driver allowVolumeExpansion: true --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-provisioner-role rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: [ "" ] resources: [ "persistentvolumeclaims/status" ] verbs: [ "get", "list", "watch", "update", "patch" ] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["get", "list"] - apiGroups: [ "" ] resources: [ "pods" ] verbs: [ "get", "list", "watch" ] --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-attacher-role rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["csi.storage.k8s.io"] resources: ["csinodeinfos"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments", "volumeattachments/status"] verbs: ["get", "list", "watch", "update", "patch"] --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-controller-role rules: - apiGroups: ["csi.storage.k8s.io"] resources: ["csidrivers"] verbs: ["create", "delete"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-node-role rules: - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-provisioner-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa namespace: default roleRef: kind: ClusterRole name: seaweedfs-provisioner-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-attacher-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa namespace: default roleRef: kind: ClusterRole name: seaweedfs-attacher-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-controller-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa namespace: default roleRef: kind: ClusterRole name: seaweedfs-driver-registrar-controller-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-node-binding subjects: - kind: ServiceAccount name: seaweedfs-node-sa namespace: default roleRef: kind: ClusterRole name: seaweedfs-driver-registrar-node-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-leader-election-controller-role namespace: default rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] --- # Source: seaweedfs-csi-driver/templates/rbac.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-leader-election-controller-binding namespace: default subjects: - kind: ServiceAccount namespace: default name: seaweedfs-controller-sa roleRef: kind: Role name: seaweedfs-leader-election-controller-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/daemonset.yaml kind: DaemonSet apiVersion: apps/v1 metadata: name: seaweedfs-node spec: selector: matchLabels: app: seaweedfs-node updateStrategy: rollingUpdate: maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: seaweedfs-node spec: priorityClassName: system-node-critical serviceAccountName: seaweedfs-node-sa #hostNetwork: true #dnsPolicy: ClusterFirstWithHostNet containers: # SeaweedFs Plugin (node) - name: csi-seaweedfs-plugin securityContext: allowPrivilegeEscalation: true capabilities: add: - SYS_ADMIN privileged: true image: chrislusf/seaweedfs-csi-driver:latest imagePullPolicy: IfNotPresent args: - --endpoint=$(CSI_ENDPOINT) - --filer=$(SEAWEEDFS_FILER) - --nodeid=$(NODE_ID) - --cacheDir=/var/cache/seaweedfs - --dataLocality=none - --components=node env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: SEAWEEDFS_FILER value: "SEAWEEDFS_FILER:8888" - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName ports: - containerPort: 9808 name: healthz protocol: TCP livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 60 volumeMounts: - name: plugin-dir mountPath: /csi - name: plugins-dir mountPath: /var/lib/kubelet/plugins mountPropagation: "Bidirectional" - name: pods-mount-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" - mountPath: /dev name: device-dir - name: cache mountPath: /var/cache/seaweedfs resources: null # driver registrar - name: driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --http-endpoint=:9809 #- --v=5 env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/seaweedfs-csi-driver/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName ports: - containerPort: 9809 name: healthz livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 60 volumeMounts: - name: plugin-dir mountPath: /csi/ - name: registration-dir mountPath: /registration/ resources: {} # liveness probe - name: csi-liveness-probe image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --http-endpoint=:9808 env: - name: ADDRESS value: /csi/csi.sock ports: - containerPort: 9808 name: livenessprobe volumeMounts: - name: plugin-dir mountPath: /csi resources: {} volumes: - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry type: DirectoryOrCreate - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/seaweedfs-csi-driver type: DirectoryOrCreate - name: plugins-dir hostPath: path: /var/lib/kubelet/plugins type: Directory - name: pods-mount-dir hostPath: path: /var/lib/kubelet/pods type: Directory - name: device-dir hostPath: path: /dev - name: cache emptyDir: {} --- # Source: seaweedfs-csi-driver/templates/deployment.yaml kind: Deployment apiVersion: apps/v1 metadata: name: seaweedfs-controller spec: selector: matchLabels: app: seaweedfs-controller replicas: 1 template: metadata: labels: app: seaweedfs-controller spec: priorityClassName: system-cluster-critical serviceAccountName: seaweedfs-controller-sa affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - seaweedfs-controller topologyKey: kubernetes.io/hostname containers: # SeaweedFs Plugin (controller) - name: seaweedfs-csi-plugin image: chrislusf/seaweedfs-csi-driver:latest imagePullPolicy: IfNotPresent args : - --endpoint=$(CSI_ENDPOINT) - --filer=$(SEAWEEDFS_FILER) - --nodeid=$(NODE_ID)" - --components=controller - --attacher env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - name: SEAWEEDFS_FILER value: "SEAWEEDFS_FILER:8888" - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName ports: - containerPort: 9808 name: healthz protocol: TCP livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 60 volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {} # provisioner - name: csi-provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v3.5.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --leader-election - --leader-election-namespace=default - --http-endpoint=:9809 #- --v=9 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock ports: - containerPort: 9809 name: healthz livenessProbe: httpGet: path: /healthz/leader-election port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 60 volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {} # resizer - name: csi-resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.8.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --leader-election - --leader-election-namespace=default - --http-endpoint=:9810 #- --v=5 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock ports: - containerPort: 9810 name: healthz livenessProbe: httpGet: path: /healthz/leader-election port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 60 volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {} # attacher - name: csi-attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.3.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --leader-election - --leader-election-namespace=default - --http-endpoint=:9811 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock ports: - containerPort: 9811 name: healthz livenessProbe: httpGet: path: /healthz/leader-election port: healthz initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 60 volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {} # liveness probe - name: csi-liveness-probe image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --http-endpoint=:9808 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock ports: - containerPort: 9808 name: livenessprobe volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {} volumes: - name: socket-dir emptyDir: {} --- # Source: seaweedfs-csi-driver/templates/kubemod_modrule.yaml # Based on https://github.com/kubernetes/kubernetes/issues/40610#issuecomment-1364368282 --- # Source: seaweedfs-csi-driver/templates/csidriver.yaml apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: seaweedfs-csi-driver spec: attachRequired: true podInfoOnMount: true