infrastructure/clusters/cl01tl/manifests/secrets-store-csi-driver/DaemonSet-secrets-store-csi-driver.yaml

kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: secrets-store-csi-driver
  namespace: secrets-store-csi-driver
  labels:
    app.kubernetes.io/instance: "secrets-store-csi-driver"
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/name: "secrets-store-csi-driver"
    app.kubernetes.io/version: "1.5.6"
    app: secrets-store-csi-driver
    helm.sh/chart: "secrets-store-csi-driver-1.5.6"
spec:
  selector:
    matchLabels:
      app: secrets-store-csi-driver
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: "secrets-store-csi-driver"
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/name: "secrets-store-csi-driver"
        app.kubernetes.io/version: "1.5.6"
        app: secrets-store-csi-driver
        helm.sh/chart: "secrets-store-csi-driver-1.5.6"
      annotations:
        kubectl.kubernetes.io/default-container: secrets-store
    spec:
      automountServiceAccountToken: true
      serviceAccountName: secrets-store-csi-driver
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: type
                    operator: NotIn
                    values:
                      - virtual-kubelet
      containers:
        - name: node-driver-registrar
          image: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70"
          args:
            - --v=5
            - --csi-address=/csi/csi.sock
            - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock
          imagePullPolicy: IfNotPresent
          volumeMounts:
            - name: plugin-dir
              mountPath: /csi
            - name: registration-dir
              mountPath: /registration
          resources:
            limits: {}
            requests:
              cpu: 10m
              memory: 20Mi
        - name: secrets-store
          image: "registry.k8s.io/csi-secrets-store/driver:v1.5.6@sha256:6df2b3b3817136d2ade3d53306dbbd98385c1c01e8b3c373192c0e5b8d183f7b"
          args:
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--nodeid=$(KUBE_NODE_NAME)"
            - "--provider-volume=/var/run/secrets-store-csi-providers"
            - "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers"
            - "--metrics-addr=:8095"
            - "--provider-health-check-interval=2m"
            - "--max-call-recv-msg-size=4194304"
          env:
            - name: CSI_ENDPOINT
              value: unix:///csi/csi.sock
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
          ports:
            - containerPort: 9808
              name: healthz
              protocol: TCP
            - containerPort: 8095
              name: metrics
              protocol: TCP
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 30
            timeoutSeconds: 10
            periodSeconds: 15
          volumeMounts:
            - name: plugin-dir
              mountPath: /csi
            - name: mountpoint-dir
              mountPath: /var/lib/kubelet/pods
              mountPropagation: Bidirectional
            - name: providers-dir
              mountPath: /var/run/secrets-store-csi-providers
            - name: providers-dir-0
              mountPath: "/etc/kubernetes/secrets-store-csi-providers"
          resources:
            limits: {}
            requests:
              cpu: 10m
              memory: 100Mi
        - name: liveness-probe
          image: "registry.k8s.io/sig-storage/livenessprobe:v2.18.0@sha256:c4cc074199c045dd73ab85f28897e2a32f4d6f38ffdba4f3b13b8007ccbd3570"
          imagePullPolicy: IfNotPresent
          args:
            - --csi-address=/csi/csi.sock
            - --probe-timeout=3s
            - --http-endpoint=0.0.0.0:9808
            - -v=2
          volumeMounts:
            - name: plugin-dir
              mountPath: /csi
          resources:
            limits: {}
            requests:
              cpu: 10m
              memory: 20Mi
      volumes:
        - name: mountpoint-dir
          hostPath:
            path: /var/lib/kubelet/pods
            type: DirectoryOrCreate
        - name: registration-dir
          hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
        - name: plugin-dir
          hostPath:
            path: /var/lib/kubelet/plugins/csi-secrets-store/
            type: DirectoryOrCreate
        - name: providers-dir
          hostPath:
            path: /var/run/secrets-store-csi-providers
            type: DirectoryOrCreate
        - name: providers-dir-0
          hostPath:
            path: "/etc/kubernetes/secrets-store-csi-providers"
            type: DirectoryOrCreate
      nodeSelector:
        kubernetes.io/os: linux
      tolerations:
        - operator: Exists