charts: csi-driver-smb
diff --git a/charts/csi-driver-smb/Chart.yaml b/charts/csi-driver-smb/Chart.yaml
new file mode 100644
index 0000000..5151a38
--- /dev/null
+++ b/charts/csi-driver-smb/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.11.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.11.0
diff --git a/charts/csi-driver-smb/templates/NOTES.txt b/charts/csi-driver-smb/templates/NOTES.txt
new file mode 100644
index 0000000..9d8ca4f
--- /dev/null
+++ b/charts/csi-driver-smb/templates/NOTES.txt
@@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+ kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
diff --git a/charts/csi-driver-smb/templates/_helpers.tpl b/charts/csi-driver-smb/templates/_helpers.tpl
new file mode 100644
index 0000000..5394ab9
--- /dev/null
+++ b/charts/csi-driver-smb/templates/_helpers.tpl
@@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+ app.kubernetes.io/instance: "{{ .Release.Name }}"
+ app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+ app.kubernetes.io/name: "{{ template "smb.name" . }}"
+ app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+ {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/charts/csi-driver-smb/templates/csi-smb-controller.yaml b/charts/csi-driver-smb/templates/csi-smb-controller.yaml
new file mode 100644
index 0000000..0ee52ca
--- /dev/null
+++ b/charts/csi-driver-smb/templates/csi-smb-controller.yaml
@@ -0,0 +1,137 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: {{ .Values.controller.name }}
+ namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+ replicas: {{ .Values.controller.replicas }}
+ selector:
+ matchLabels:
+ app: {{ .Values.controller.name }}
+ template:
+ metadata:
+{{ include "smb.labels" . | indent 6 }}
+ app: {{ .Values.controller.name }}
+ {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+ {{- end }}
+{{- if .Values.podAnnotations }}
+ annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+{{- with .Values.controller.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ hostNetwork: true
+ dnsPolicy: {{ .Values.controller.dnsPolicy }}
+ serviceAccountName: {{ .Values.serviceAccount.controller }}
+ nodeSelector:
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ kubernetes.io/os: linux
+ {{- if .Values.controller.runOnMaster}}
+ node-role.kubernetes.io/master: ""
+ {{- end}}
+ {{- if .Values.controller.runOnControlPlane}}
+ node-role.kubernetes.io/control-plane: ""
+ {{- end}}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- if .Values.securityContext }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+ {{- end }}
+{{- with .Values.controller.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ {{- include "smb.pullSecrets" . | indent 6 }}
+ containers:
+ - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+ image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+ args:
+ - "-v=2"
+ - "--csi-address=$(ADDRESS)"
+ - "--leader-election"
+ - "--leader-election-namespace={{ .Release.Namespace }}"
+ - "--extra-create-metadata=true"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+ securityContext:
+ readOnlyRootFilesystem: true
+ - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+ image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+ args:
+ - --csi-address=/csi/csi.sock
+ - --probe-timeout=3s
+ - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+ - --v=2
+ imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+ securityContext:
+ readOnlyRootFilesystem: true
+ - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+ image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+ imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+ args:
+ - "--v={{ .Values.controller.logLevel }}"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+ - "--drivername={{ .Values.driver.name }}"
+ - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+ ports:
+ - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+ name: healthz
+ protocol: TCP
+ - containerPort: {{ .Values.controller.metricsPort }}
+ name: metrics
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ periodSeconds: 30
+ env:
+ - name: CSI_ENDPOINT
+ value: unix:///csi/csi.sock
+ securityContext:
+ privileged: true
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ - mountPath: {{ .Values.controller.workingMountDir }}
+ name: tmp-dir
+ resources: {{- toYaml .Values.controller.resources.smb | nindent 12 }}
+ volumes:
+ - name: socket-dir
+ emptyDir: {}
+ - name: tmp-dir
+ emptyDir: {}
diff --git a/charts/csi-driver-smb/templates/csi-smb-driver.yaml b/charts/csi-driver-smb/templates/csi-smb-driver.yaml
new file mode 100644
index 0000000..1609437
--- /dev/null
+++ b/charts/csi-driver-smb/templates/csi-smb-driver.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+ name: {{ .Values.driver.name }}
+spec:
+ attachRequired: false
+ podInfoOnMount: true
diff --git a/charts/csi-driver-smb/templates/csi-smb-node-windows.yaml b/charts/csi-driver-smb/templates/csi-smb-node-windows.yaml
new file mode 100644
index 0000000..b033b15
--- /dev/null
+++ b/charts/csi-driver-smb/templates/csi-smb-node-windows.yaml
@@ -0,0 +1,171 @@
+{{- if .Values.windows.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: {{ .Values.windows.dsName }}
+ namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: {{ .Values.node.maxUnavailable }}
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: {{ .Values.windows.dsName }}
+ template:
+ metadata:
+{{ include "smb.labels" . | indent 6 }}
+ app: {{ .Values.windows.dsName }}
+ spec:
+{{- with .Values.windows.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ nodeSelector:
+ kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- if .Values.securityContext }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ .Values.serviceAccount.node }}
+ {{- include "smb.pullSecrets" . | indent 6 }}
+ containers:
+ - name: liveness-probe
+ volumeMounts:
+ - mountPath: C:\csi
+ name: plugin-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+ image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+ args:
+ - --csi-address=$(CSI_ENDPOINT)
+ - --probe-timeout=3s
+ - --health-port={{ .Values.node.livenessProbe.healthPort }}
+ - --v=2
+ env:
+ - name: CSI_ENDPOINT
+ value: unix://C:\\csi\\csi.sock
+ imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+ resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+ - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+ image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+ args:
+ - --v=2
+ - --csi-address=$(CSI_ENDPOINT)
+ - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+ livenessProbe:
+ exec:
+ command:
+ - /csi-node-driver-registrar.exe
+ - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+ - --mode=kubelet-registration-probe
+ initialDelaySeconds: 60
+ timeoutSeconds: 30
+ env:
+ - name: CSI_ENDPOINT
+ value: unix://C:\\csi\\csi.sock
+ - name: DRIVER_REG_SOCK_PATH
+ value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+ - name: KUBE_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+ volumeMounts:
+ - name: plugin-dir
+ mountPath: C:\csi
+ - name: registration-dir
+ mountPath: C:\registration
+ resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+ - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+ image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+ imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+ args:
+ - "--v={{ .Values.node.logLevel }}"
+ - "--drivername={{ .Values.driver.name }}"
+ - --endpoint=$(CSI_ENDPOINT)
+ - --nodeid=$(KUBE_NODE_NAME)
+ - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+ - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+ ports:
+ - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+ name: healthz
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ periodSeconds: 30
+ env:
+ - name: CSI_ENDPOINT
+ value: unix://C:\\csi\\csi.sock
+ - name: KUBE_NODE_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ volumeMounts:
+ - name: kubelet-dir
+ mountPath: {{ .Values.windows.kubelet }}\
+ - name: plugin-dir
+ mountPath: C:\csi
+ - name: csi-proxy-fs-pipe-v1
+ mountPath: \\.\pipe\csi-proxy-filesystem-v1
+ - name: csi-proxy-smb-pipe-v1
+ mountPath: \\.\pipe\csi-proxy-smb-v1
+ # these paths are still included for compatibility, they're used
+ # only if the node has still the beta version of the CSI proxy
+ - name: csi-proxy-fs-pipe-v1beta1
+ mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1
+ - name: csi-proxy-smb-pipe-v1beta1
+ mountPath: \\.\pipe\csi-proxy-smb-v1beta1
+ resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+ volumes:
+ - name: csi-proxy-fs-pipe-v1
+ hostPath:
+ path: \\.\pipe\csi-proxy-filesystem-v1
+ - name: csi-proxy-smb-pipe-v1
+ hostPath:
+ path: \\.\pipe\csi-proxy-smb-v1
+ # these paths are still included for compatibility, they're used
+ # only if the node has still the beta version of the CSI proxy
+ - name: csi-proxy-fs-pipe-v1beta1
+ hostPath:
+ path: \\.\pipe\csi-proxy-filesystem-v1beta1
+ - name: csi-proxy-smb-pipe-v1beta1
+ hostPath:
+ path: \\.\pipe\csi-proxy-smb-v1beta1
+ - name: registration-dir
+ hostPath:
+ path: {{ .Values.windows.kubelet }}\plugins_registry\
+ type: Directory
+ - name: kubelet-dir
+ hostPath:
+ path: {{ .Values.windows.kubelet }}\
+ type: Directory
+ - name: plugin-dir
+ hostPath:
+ path: {{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\
+ type: DirectoryOrCreate
+{{- end -}}
diff --git a/charts/csi-driver-smb/templates/csi-smb-node.yaml b/charts/csi-driver-smb/templates/csi-smb-node.yaml
new file mode 100644
index 0000000..13e8ef7
--- /dev/null
+++ b/charts/csi-driver-smb/templates/csi-smb-node.yaml
@@ -0,0 +1,154 @@
+{{- if .Values.linux.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: {{ .Values.linux.dsName }}
+ namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: {{ .Values.node.maxUnavailable }}
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: {{ .Values.linux.dsName }}
+ template:
+ metadata:
+{{ include "smb.labels" . | indent 6 }}
+ app: {{ .Values.linux.dsName }}
+ {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+ {{- end }}
+{{- if .Values.podAnnotations }}
+ annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+{{- with .Values.node.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ hostNetwork: true
+ dnsPolicy: {{ .Values.linux.dnsPolicy }}
+ serviceAccountName: {{ .Values.serviceAccount.node }}
+ nodeSelector:
+ kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- if .Values.securityContext }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+ {{- end }}
+{{- with .Values.linux.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ {{- include "smb.pullSecrets" . | indent 6 }}
+ containers:
+ - name: liveness-probe
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+ image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+ args:
+ - --csi-address=/csi/csi.sock
+ - --probe-timeout=3s
+ - --health-port={{ .Values.node.livenessProbe.healthPort }}
+ - --v=2
+ imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+ resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+ securityContext:
+ readOnlyRootFilesystem: true
+ - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+ image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+ args:
+ - --csi-address=$(ADDRESS)
+ - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+ - --v=2
+ livenessProbe:
+ exec:
+ command:
+ - /csi-node-driver-registrar
+ - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+ - --mode=kubelet-registration-probe
+ initialDelaySeconds: 30
+ timeoutSeconds: 15
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ - name: DRIVER_REG_SOCK_PATH
+ value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+ imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ - name: registration-dir
+ mountPath: /registration
+ resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+ - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+ image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+ image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+ imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+ args:
+ - "--v={{ .Values.node.logLevel }}"
+ - "--drivername={{ .Values.driver.name }}"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--nodeid=$(KUBE_NODE_NAME)"
+ - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+ ports:
+ - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+ name: healthz
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ periodSeconds: 30
+ env:
+ - name: CSI_ENDPOINT
+ value: unix:///csi/csi.sock
+ - name: KUBE_NODE_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: true
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ - mountPath: {{ .Values.linux.kubelet }}/
+ mountPropagation: Bidirectional
+ name: mountpoint-dir
+ resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
+ volumes:
+ - hostPath:
+ path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+ type: DirectoryOrCreate
+ name: socket-dir
+ - hostPath:
+ path: {{ .Values.linux.kubelet }}/
+ type: DirectoryOrCreate
+ name: mountpoint-dir
+ - hostPath:
+ path: {{ .Values.linux.kubelet }}/plugins_registry/
+ type: DirectoryOrCreate
+ name: registration-dir
+{{- end -}}
diff --git a/charts/csi-driver-smb/templates/rbac-csi-smb.yaml b/charts/csi-driver-smb/templates/rbac-csi-smb.yaml
new file mode 100644
index 0000000..03561d1
--- /dev/null
+++ b/charts/csi-driver-smb/templates/rbac-csi-smb.yaml
@@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccount.controller }}
+ namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.serviceAccount.node }}
+ namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["csinodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.serviceAccount.controller }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Values.rbac.name }}-external-provisioner-role
+ apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/csi-driver-smb/values.yaml b/charts/csi-driver-smb/values.yaml
new file mode 100644
index 0000000..19b722d
--- /dev/null
+++ b/charts/csi-driver-smb/values.yaml
@@ -0,0 +1,153 @@
+image:
+ baseRepo: registry.k8s.io/sig-storage
+ smb:
+ repository: registry.k8s.io/sig-storage/smbplugin
+ tag: v1.11.0
+ pullPolicy: IfNotPresent
+ csiProvisioner:
+ repository: registry.k8s.io/sig-storage/csi-provisioner
+ tag: v3.5.0
+ pullPolicy: IfNotPresent
+ livenessProbe:
+ repository: registry.k8s.io/sig-storage/livenessprobe
+ tag: v2.10.0
+ pullPolicy: IfNotPresent
+ nodeDriverRegistrar:
+ repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+ tag: v2.8.0
+ pullPolicy: IfNotPresent
+
+serviceAccount:
+ create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+ controller: csi-smb-controller-sa
+ node: csi-smb-node-sa
+
+rbac:
+ create: true
+ name: smb
+
+driver:
+ name: smb.csi.k8s.io
+
+feature:
+ enableGetVolumeStats: true
+
+controller:
+ name: csi-smb-controller
+ replicas: 1
+ dnsPolicy: ClusterFirstWithHostNet # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+ metricsPort: 29644
+ livenessProbe:
+ healthPort: 29642
+ runOnMaster: false
+ runOnControlPlane: false
+ logLevel: 5
+ workingMountDir: "/tmp"
+ resources:
+ csiProvisioner:
+ limits:
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ livenessProbe:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ smb:
+ limits:
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ affinity: {}
+ nodeSelector: {}
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: "Exists"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/controlplane"
+ operator: "Exists"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: "Exists"
+ effect: "NoSchedule"
+
+node:
+ maxUnavailable: 1
+ logLevel: 5
+ livenessProbe:
+ healthPort: 29643
+ affinity: {}
+ nodeSelector: {}
+
+linux:
+ enabled: true
+ dsName: csi-smb-node # daemonset name
+ dnsPolicy: ClusterFirstWithHostNet # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+ kubelet: /var/lib/kubelet
+ tolerations:
+ - operator: "Exists"
+ resources:
+ livenessProbe:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ nodeDriverRegistrar:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ smb:
+ limits:
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+
+windows:
+ enabled: false
+ dsName: csi-smb-node-win # daemonset name
+ kubelet: 'C:\var\lib\kubelet'
+ removeSMBMappingDuringUnmount: true
+ tolerations:
+ - key: "node.kubernetes.io/os"
+ operator: "Exists"
+ effect: "NoSchedule"
+ resources:
+ livenessProbe:
+ limits:
+ memory: 150Mi
+ requests:
+ cpu: 10m
+ memory: 40Mi
+ nodeDriverRegistrar:
+ limits:
+ memory: 150Mi
+ requests:
+ cpu: 10m
+ memory: 40Mi
+ smb:
+ limits:
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 40Mi
+
+customLabels: {}
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: { seccompProfile: {type: RuntimeDefault} }