--- # Source: seaweedfs-csi-driver/templates/serviceaccounts.yml apiVersion: v1 kind: ServiceAccount metadata: name: seaweedfs-controller-sa --- # Source: seaweedfs-csi-driver/templates/serviceaccounts.yml apiVersion: v1 kind: ServiceAccount metadata: name: seaweedfs-node-sa --- # Source: seaweedfs-csi-driver/templates/storageclass.yml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: seaweedfs-storage annotations: provisioner: seaweedfs-csi-driver allowVolumeExpansion: true --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-provisioner-role rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: [ "" ] resources: [ "persistentvolumeclaims/status" ] verbs: [ "get", "list", "watch", "update", "patch" ] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["get", "list"] - apiGroups: [ "" ] resources: [ "pods" ] verbs: [ "get", "list", "watch" ] --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-attacher-role rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["csi.storage.k8s.io"] resources: ["csinodeinfos"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments", "volumeattachments/status"] verbs: ["get", "list", "watch", "update", "patch"] --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-snapshotter-role rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] verbs: ["get", "list", "watch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["create", "get", "list", "watch", "update", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-controller-role rules: - apiGroups: ["csi.storage.k8s.io"] resources: ["csidrivers"] verbs: ["create", "delete"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-node-role rules: - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-provisioner-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa roleRef: kind: ClusterRole name: seaweedfs-provisioner-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-attacher-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa roleRef: kind: ClusterRole name: seaweedfs-attacher-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-snapshotter-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa roleRef: kind: ClusterRole name: seaweedfs-snapshotter-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-controller-binding subjects: - kind: ServiceAccount name: seaweedfs-controller-sa roleRef: kind: ClusterRole name: seaweedfs-driver-registrar-controller-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/rbac.yml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: seaweedfs-driver-registrar-node-binding subjects: - kind: ServiceAccount name: seaweedfs-node-sa roleRef: kind: ClusterRole name: seaweedfs-driver-registrar-node-role apiGroup: rbac.authorization.k8s.io --- # Source: seaweedfs-csi-driver/templates/daemonset.yml kind: DaemonSet apiVersion: apps/v1 metadata: name: seaweedfs-node spec: selector: matchLabels: app: seaweedfs-node updateStrategy: rollingUpdate: maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: seaweedfs-node spec: priorityClassName: system-node-critical serviceAccountName: seaweedfs-node-sa #hostNetwork: true #dnsPolicy: ClusterFirstWithHostNet containers: - name: driver-registrar image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 imagePullPolicy: IfNotPresent args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/seaweedfs-csi-driver/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName resources: {} volumeMounts: - name: plugin-dir mountPath: /csi/ - name: registration-dir mountPath: /registration/ - name: csi-seaweedfs-plugin securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: chrislusf/seaweedfs-csi-driver:latest imagePullPolicy: IfNotPresent args : - "--endpoint=$(CSI_ENDPOINT)" - "--filer=$(SEAWEEDFS_FILER)" - "--nodeid=$(NODE_ID)" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: SEAWEEDFS_FILER value: "SEAWEEDFS_FILER:8888" - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName resources: {} volumeMounts: - name: plugin-dir mountPath: /csi - name: pods-mount-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" - mountPath: /dev name: device-dir volumes: - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: DirectoryOrCreate - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/seaweedfs-csi-driver type: DirectoryOrCreate - name: pods-mount-dir hostPath: path: /var/lib/kubelet/pods type: Directory - name: device-dir hostPath: path: /dev --- # Source: seaweedfs-csi-driver/templates/statefulset.yml kind: StatefulSet apiVersion: apps/v1 metadata: name: seaweedfs-controller spec: selector: matchLabels: app: seaweedfs-controller serviceName: "csi-seaweedfs" replicas: 1 template: metadata: labels: app: seaweedfs-controller spec: priorityClassName: system-cluster-critical serviceAccountName: seaweedfs-controller-sa containers: # provisioner - name: csi-provisioner image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0 args: - "--csi-address=$(ADDRESS)" - -v - "9" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock imagePullPolicy: IfNotPresent volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {} # attacher - name: csi-attacher image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--timeout=120s" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock imagePullPolicy: IfNotPresent resources: {} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ # resizer - name: csi-resizer image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--leader-election=false" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock imagePullPolicy: IfNotPresent resources: {} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ # SeaweedFs Plugin - name: seaweedfs-csi-plugin image: chrislusf/seaweedfs-csi-driver:latest imagePullPolicy: IfNotPresent args : - "--endpoint=$(CSI_ENDPOINT)" - "--filer=$(SEAWEEDFS_FILER)" - "--nodeid=$(NODE_ID)" env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - name: SEAWEEDFS_FILER value: "SEAWEEDFS_FILER:8888" - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ volumes: - name: socket-dir emptyDir: {} --- # Source: seaweedfs-csi-driver/templates/csidriver.yml apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: seaweedfs-csi-driver spec: attachRequired: true podInfoOnMount: true