kind: DaemonSet apiVersion: apps/v1 metadata: name: secrets-store-csi-driver namespace: secrets-store-csi-driver labels: app.kubernetes.io/instance: "secrets-store-csi-driver" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/name: "secrets-store-csi-driver" app.kubernetes.io/version: "1.5.6" app: secrets-store-csi-driver helm.sh/chart: "secrets-store-csi-driver-1.5.6" spec: selector: matchLabels: app: secrets-store-csi-driver updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app.kubernetes.io/instance: "secrets-store-csi-driver" app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/name: "secrets-store-csi-driver" app.kubernetes.io/version: "1.5.6" app: secrets-store-csi-driver helm.sh/chart: "secrets-store-csi-driver-1.5.6" annotations: kubectl.kubernetes.io/default-container: secrets-store spec: automountServiceAccountToken: true serviceAccountName: secrets-store-csi-driver affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: NotIn values: - virtual-kubelet containers: - name: node-driver-registrar image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70" args: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock imagePullPolicy: IfNotPresent volumeMounts: - name: plugin-dir mountPath: /csi - name: registration-dir mountPath: /registration resources: limits: {} requests: cpu: 10m memory: 20Mi - name: secrets-store image: "registry.k8s.io/csi-secrets-store/driver:v1.5.6@sha256:6df2b3b3817136d2ade3d53306dbbd98385c1c01e8b3c373192c0e5b8d183f7b" args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=/var/run/secrets-store-csi-providers" - "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers" - "--metrics-addr=:8095" - "--provider-health-check-interval=2m" - "--max-call-recv-msg-size=4194304" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName imagePullPolicy: IfNotPresent securityContext: privileged: true ports: - containerPort: 9808 name: healthz protocol: TCP - containerPort: 8095 name: metrics protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 15 volumeMounts: - name: plugin-dir mountPath: /csi - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: Bidirectional - name: providers-dir mountPath: /var/run/secrets-store-csi-providers - name: providers-dir-0 mountPath: "/etc/kubernetes/secrets-store-csi-providers" resources: limits: {} requests: cpu: 10m memory: 100Mi - name: liveness-probe image: "registry.k8s.io/sig-storage/livenessprobe:v2.18.0@sha256:c4cc074199c045dd73ab85f28897e2a32f4d6f38ffdba4f3b13b8007ccbd3570" imagePullPolicy: IfNotPresent args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - --http-endpoint=0.0.0.0:9808 - -v=2 volumeMounts: - name: plugin-dir mountPath: /csi resources: limits: {} requests: cpu: 10m memory: 20Mi volumes: - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/csi-secrets-store/ type: DirectoryOrCreate - name: providers-dir hostPath: path: /var/run/secrets-store-csi-providers type: DirectoryOrCreate - name: providers-dir-0 hostPath: path: "/etc/kubernetes/secrets-store-csi-providers" type: DirectoryOrCreate nodeSelector: kubernetes.io/os: linux tolerations: - operator: Exists