diff --git a/.gitignore b/.gitignore index 070c63ca..f2b2e768 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ bin _artifacts +.idea diff --git a/deploy/charts/csi-driver/templates/daemonset.yaml b/deploy/charts/csi-driver/templates/daemonset.yaml index 99156bc3..9631d03f 100644 --- a/deploy/charts/csi-driver/templates/daemonset.yaml +++ b/deploy/charts/csi-driver/templates/daemonset.yaml @@ -17,12 +17,17 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} serviceAccountName: {{ include "cert-manager-csi-driver.name" . }} - containers: + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + containers: - name: node-driver-registrar - image: "{{ .Values.nodeDriverRegistrarImage.repository }}{{- if (.Values.nodeDriverRegistrarImage.digest) -}} @{{.Values.nodeDriverRegistrarImage.digest}}{{- else -}}:{{ default $.Chart.AppVersion .Values.nodeDriverRegistrarImage.tag }} {{- end -}}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.nodeDriverRegistrar.image.repository }}{{- if (.Values.nodeDriverRegistrar.image.digest) -}} @{{.Values.nodeDriverRegistrar.image.digest}}{{- else -}}:{{ default $.Chart.AppVersion .Values.nodeDriverRegistrar.image.tag }} {{- end -}}" + imagePullPolicy: {{ .Values.nodeDriverRegistrar.image.pullPolicy }} args: - -v={{ .Values.app.logLevel }} - --csi-address=/plugin/csi.sock @@ -37,25 +42,42 @@ spec: mountPath: /plugin - name: registration-dir mountPath: /registration + {{- if gt (len .Values.nodeDriverRegistrar.volumeMounts) 0 }} + {{- toYaml .Values.nodeDriverRegistrar.volumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.nodeDriverRegistrar.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.nodeDriverRegistrar.resources | nindent 12 }} - name: liveness-probe - image: "{{ .Values.livenessProbeImage.repository }}:{{ .Values.livenessProbeImage.tag }}" + image: "{{ .Values.livenessProbe.image.repository }}:{{ .Values.livenessProbe.image.tag }}" args: - --csi-address=/plugin/csi.sock - --probe-timeout=3s - --health-port={{.Values.app.livenessProbe.port}} - -v={{ .Values.app.logLevel }} - imagePullPolicy: {{ .Values.livenessProbeImage.pullPolicy }} + imagePullPolicy: {{ .Values.livenessProbe.image.pullPolicy }} volumeMounts: - name: plugin-dir mountPath: /plugin + {{- if gt (len .Values.livenessProbe.volumeMounts) 0 }} + {{- toYaml .Values.livenessProbe.volumeMounts | nindent 12 }} + {{- end }} + {{- with .Values.livenessProbe.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.livenessProbe.resources | nindent 12 }} - name: cert-manager-csi-driver + {{- with .Values.containerSecurityContext }} securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true + {{- toYaml . | nindent 12 }} + {{- end }} image: "{{ .Values.image.repository }}{{- if (.Values.image.digest) -}} @{{.Values.image.digest}}{{- else -}}:{{ default $.Chart.AppVersion .Values.image.tag }} {{- end -}}" imagePullPolicy: {{ .Values.image.pullPolicy }} args : @@ -81,6 +103,9 @@ spec: - name: csi-data-dir mountPath: /csi-data-dir mountPropagation: "Bidirectional" + {{- if gt (len .Values.livenessProbe.volumeMounts) 0 }} + {{- toYaml .Values.volumeMounts | nindent 12 }} + {{- end }} ports: - containerPort: {{.Values.app.livenessProbe.port}} name: healthz @@ -121,3 +146,6 @@ spec: path: {{ .Values.app.driver.csiDataDir }} type: DirectoryOrCreate name: csi-data-dir + {{- if gt (len .Values.volumes) 0 }} + {{- toYaml .Values.volumes | nindent 8 }} + {{- end }} diff --git a/deploy/charts/csi-driver/values.yaml b/deploy/charts/csi-driver/values.yaml index b68506ba..9ff20a85 100644 --- a/deploy/charts/csi-driver/values.yaml +++ b/deploy/charts/csi-driver/values.yaml @@ -1,3 +1,5 @@ +automountServiceAccountToken: true + image: # -- Target image repository. repository: quay.io/jetstack/cert-manager-csi-driver @@ -12,23 +14,58 @@ image: imagePullSecrets: [] #- name: Secret with Registry credentials -nodeDriverRegistrarImage: - # -- Target image repository. - repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar - # -- Target image version tag. - tag: v2.5.0 - # -- Kubernetes imagePullPolicy on node-driver. - pullPolicy: IfNotPresent +volumes: [] +volumeMounts: [] -livenessProbeImage: - # -- Target image repository. - repository: k8s.gcr.io/sig-storage/livenessprobe - # -- Target image version tag. - tag: v2.6.0 - # -- Kubernetes imagePullPolicy on liveness probe. - pullPolicy: IfNotPresent - # Setting a digest will override any tag - # digest: sha256:xxxx +# securityContext: + +containerSecurityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + +nodeDriverRegistrar: + image: + # -- Target image repository. + repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar + # -- Target image version tag. + tag: v2.5.0 + # -- Kubernetes imagePullPolicy on node-driver. + pullPolicy: IfNotPresent + volumeMounts: [] + # securityContext: + resources: { } + # -- Kubernetes pod resource limits for cert-manager-csi-driver + # limits: + # cpu: 100m + # memory: 128Mi + # -- Kubernetes pod memory resource requests for cert-manager-csi-driver + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + image: + # -- Target image repository. + repository: k8s.gcr.io/sig-storage/livenessprobe + # -- Target image version tag. + tag: v2.6.0 + # -- Kubernetes imagePullPolicy on liveness probe. + pullPolicy: IfNotPresent + # Setting a digest will override any tag + # digest: sha256:xxxx + volumeMounts: [] + # securityContext: + resources: { } + # -- Kubernetes pod resource limits for cert-manager-csi-driver + # limits: + # cpu: 100m + # memory: 128Mi + # -- Kubernetes pod memory resource requests for cert-manager-csi-driver + # requests: + # cpu: 100m + # memory: 128Mi app: # -- Verbosity of cert-manager-csi-driver logging.