From 08abe4ffe5526ae15b990f9216984100472b7f7d Mon Sep 17 00:00:00 2001 From: estevan <50840058+chaireze@users.noreply.github.com> Date: Wed, 5 Jul 2023 17:17:25 -0400 Subject: [PATCH] charts: add a new minor version for these changes --- charts/index.yaml | 9 + charts/v4.1.0/blob-csi-driver-v4.1.0.tgz | Bin 0 -> 5821 bytes charts/v4.1.0/blob-csi-driver/Chart.yaml | 5 + .../blob-csi-driver/templates/NOTES.txt | 5 + .../blob-csi-driver/templates/_helpers.tpl | 49 +++ .../templates/csi-blob-controller.yaml | 216 +++++++++++++ .../templates/csi-blob-driver.yaml | 14 + .../templates/csi-blob-node.yaml | 288 ++++++++++++++++++ .../templates/rbac-csi-blob-controller.yaml | 115 +++++++ .../templates/rbac-csi-blob-node.yaml | 38 +++ .../serviceaccount-csi-blob-controller.yaml | 17 ++ .../serviceaccount-csi-blob-node.yaml | 17 ++ charts/v4.1.0/blob-csi-driver/values.yaml | 173 +++++++++++ 13 files changed, 946 insertions(+) create mode 100644 charts/v4.1.0/blob-csi-driver-v4.1.0.tgz create mode 100644 charts/v4.1.0/blob-csi-driver/Chart.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/NOTES.txt create mode 100644 charts/v4.1.0/blob-csi-driver/templates/_helpers.tpl create mode 100644 charts/v4.1.0/blob-csi-driver/templates/csi-blob-controller.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/csi-blob-driver.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/csi-blob-node.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml create mode 100644 charts/v4.1.0/blob-csi-driver/values.yaml diff --git a/charts/index.yaml b/charts/index.yaml index 2eb0c12b3..3cf133be2 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -235,6 +235,15 @@ entries: urls: - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/v4.0.0/blob-csi-driver-v4.0.0.tgz version: v4.0.0 + - apiVersion: v1 + appVersion: v4.1.0 + created: "2023-07-05T15:32:39.254303884Z" + description: Azure Blob Storage CSI driver + digest: 9b663f91d4dff55080ab21a719eb60d70ae71cee2df493927dc483e96c85b41e + name: blob-csi-driver + urls: + - https://raw.githubusercontent.com/avoltz/blob-csi-driver/staging/charts/v4.1.0/blob-csi-driver-v4.1.0.tgz + version: v4.1.0 - apiVersion: v1 appVersion: latest created: "2023-06-05T13:16:16.079514405Z" diff --git a/charts/v4.1.0/blob-csi-driver-v4.1.0.tgz b/charts/v4.1.0/blob-csi-driver-v4.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..560162d63bde24c2cca1f76ac296fd10087dbec7 GIT binary patch literal 5821 zcmV;u7DDMCiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<&bK5r3{j6VsQF_zfJ)z$GlAdP#!LgK76GzrqPI~urIv$8z zNjQ@L3xJAM*Z=()0DOOuWLZ{neZ+i-MJ{$1;O=6vy8tIHn^?9Wmcz*cc=KY8xoj-4 z=YF@dtJP|?PLGfE|E*Rl|9`7}dh}iU`1quKbaHxf^5(l%`?&q)=sVQf9ShZ0ASCAB zwVq8Y-?{&i3;X0Va6uUDqD8xgeLw!`VhKXl91u1qzSQ^5{|Gpsw=SEYv1A<209}j+ z$Ouo3Vh_3~CsMUVjQ_aNZnSD&yUT|wb>;Pcf!zSaZVkX{{cpEUPu}G9|M<9b(Eoj0 z#KSY_))1Ot0oUNOF7j;N@QBTsU{l$!nWvt*Y@(nL;@~quB;(62YTo@MnzkU#NQyLs z#Ix9VsNa6zx+CTid)Y;U>5$102LV()v;`S)wjjzr052iHglOIc6W|mi2t`8Cv;3q{ zLUM7`IBB%jk#xxdC`P`xoMCh)m~4kX1gqK!dYSzOk84Ls5`aVt5@h6roe&PfFwhV z0%9C_i~|y2bC5#ao&X92IOxk9s3t?`3~3P+3I&I07tN*gMYow^xYl3ZJEsSw1HVEFl`wWwWO5j{?^n8*aMj*WYTdkcG^g<}JgQ zxBLK012V)O)M^6wg4l3w+bp0`jjzoCOXwoW13<6PFRCl*@7E}VMc4of^o6*t>a%I$ zpef^M$$|zNgH*#Y#jXHErs^j8f~me42vEN{Vqa)O(PLC{=DNVU>P=fl7vr0jz~~iH z%px{LepOk-qO=pqo3dAW9kN`^d;*ufIl zYz>lXh|nu^_mi-&?-v~(#nUA$K)Xp8jW}VP$mNBLg~kt5C~r!?OvMxu0bh^>AP#~B z+y*4(jLS`>-)7VXUnUBmN2jTjzz<1VJ_qo$FW0R3X?}+Kjfka?;90gC2npP>Ig!N1 zuA)8$J5bPC-r!!Mnc`H9C-Z&AWkA(K$q)}Hij@vwfheP#F^MKiBtS}~(pV|IMt5Pb zDGHM%f_v=wE}*XZodfBj2Zj4wd=g63+pSg`J=TgqkF{D#C1PPKQ4J-R$~;}@@k+G1 zi?A|amVRjF8mAgs_}GRnQZK|Z<5xpU*4UT6=d00;+r;8OXF?7^eqsDBwi9wrL_9t= z3tUGjltTobxZo%wkT8xM25MX-a=-`bAV$&0@gQnmLrP*fvBijS*+rdyo*o^SPknR1 zuAC=eotmB=Tw-IUmwtxEb^O|1P)Vu^=TO{4Qn8u^L* zrG^eqr$ni9XyTOhAA>TjjEA=*bAgA}S7Wiz9W1-3u4f9)Txeu1l&2-A9#Uk!YOS!< z`}agh5j}wE6l~c=^&uPEb8rF|>Kow?mBUxU_~KNoXOOAsskLa9)a|ckko405bqR&f z%ndyF0LydR1|fbSaz1c?N-YkNl6(066U7TmTxFfQsJ)qWIV#u(pbEiTmrbUDfDvc+ zDJql9ZHPU>aNIwkEoNyAQ~)i^Q@1;~&1{>lgXj<_%k zyi`js_n`hyv-C49L(Bcicd&%s+qhjs?*iL%7-2c@qNbtwS1KeoUd$bpGRaX8(3lrYE!^6;QB30#e2>IKUzCo z19pDlM8XxdK`Gk1@y*hQSS{XzG}<_pSglBm6x57&+0D4o4O@_gHWJ~2-FT|XRXU#m zRYpjOWf1)y2h%CJ@1pwEcx=tV_0&_{{yiJ_K3v91TCby5DAsgj!b9rzkCZ807Jq+@ zdi}Sb-oHkJ;k&EX=$G^B;b8dwHR@kqUtKF_M|rHFW@{$YjpTRDB{aBKy-^0s1=&T- z1?EkcOq$`Hn${-CSr<7lA(+-`%5`!Xc4E_{jUfRl2fdKYEA%VVo-THOLxZVyRnO0R zO3jpeW0nbeox&|F1esBAkcTOrDR(Qxi-_^F2-WR{TK!0%YAJ?=z7_h)nxIr`J)zca z8f4HzUx=J*u%}TCNep^Q%tBncTRV^c;c5?B* zlhZe+hxp$~7%-O>OYFvYcYs9_{dVEwY8Dy3vLbH5U=LWLS3Ozp7k!5|s z(w-mE51Ff4|8M8u`oKj)`p--StkM6@(dltc|4&a2`M>>K4-d_Mpat=|dfu867v$21 zGfxeRJ%=v(NAvNqR?}epdmmFrPiHg?1L_%2r;Ih+!-It!m=X%8uH6y^S4URz2nVi2 z4U=Wos@eE#GENHeY5|-R2hg9&Tc$QTJ<@*?&-g2-ZY9WoI{I(TTkS#z7!5CmJH=|4 zdQ@|@jw?@=3CAYT*Qk{uYe zrubA33ANq8sp?GyXEyVEMzv3yinSKue9WcArcds9=!{vDWw!58#5>}B8ol}RIA>mt zFwTD~Y=tI&qTd51Go$+WSW_-}L(H3649mI@%4Z|ZPN+%gAhmgnB>Ok^+!YWp;mn&g zYVQZG8z*U|j3?1ufy&>rpX5}4_MBTTqltwwFRk{ zRd|~Af}_`+&Fjak3$WD+V8oePtS0vnQVZ8Ex(=u$9`wvob7lWh0sMq;CaV909w$z5 z!jqLs@}*1G!q+^%OO1VI7yeH60aiT8-{>6c2oXFyOU-(8nh?_Ynh_a z4KzNJv)!%2uRvYYy)5vS>b@(An<#r$t*ZpmK{|5-fSi2n)!S68)mY$5&`Zr4h`uI$`E=Jh&cr=niOSd=#nv!!5fhkvs<%UV>4 zT$qk8pG1Hy3NJ!eZ&~2^a+#r5fxfg9EQeXyzk-CuF0QHQdX9NS@%(Hc{>VM^Ig`w0 zZWrBLjJ9DTE4!tXLy!$AmzGqSYl?{*aJZRs5Od}_rnD`&=2H6aL3Z<$jA^bI0NuB; zXM_?-u-gL{FUMdr>WD5nYGq);2`+xz&OY{m6XujRu66_e_tSO%_TswV>kn@R=a;wd z2ABOZr|=zTUcRq-eKaMrkJ$eJ%WIex0ixFumO659EVaTbfzvgbYV=B;MI}F}I=y^H z(nhk}sSPN(?>3v&u0%MsQOH}Hq}U17>v_S882I_-W;DJXU0?m{-{tg+RxE`#hqQEl zS;OHb3_hK|r?8h5s`pp7|9ZISz;enYf_3?9UyF&l0;OWg2Oo8 zFRLl!mVcLjiFpG49ckLwk~|QysbdPZ%)ODP56l*82qm*?mk#O8hnvO8!YvUykCBz) zEsa%0klV+`o=I!7^~I*quhQ7rJ|bd2SaVDr7c67IEJ6bT7I4n^nJ#|*;p@h$qOt$h z7wZYD73yXfEs0c@@~2l8dLP0=QC~|<{G18XnXKEne&R4O{2t*t>9D-wrmic7*=pt} zH^pmtEZXJjgymCahn=xgJqxTwwq{CLmto9hXR6aSWg?qzT$;K~aqzWEB>vLZ2K7Io zv%US1AnWS?kKg3#|2wUA`%wSCm&>xOOv#ThHT#XbpG@syyJjkcF2)11$7^*lP&W3L zEAiQ)b_Yv|?fEtQ9uN*rvJuW_&VWwY71fh%?6c-JSfv;XcVRU$5QarF8D5ep*h|}m zkIaF1L)S=+i;(6V4RxdM&%pzZ-M@%g+Ccv)bKqGA0p5mxX^hgj<=7K<~O8OO7SX!mY!~OD1$?HsnT*QGO$Ho{#MFh@-I5 zB#m&J%E3ZUze>$u2^WWI!LL>=SlY4u7WCzaYxyYIr=P9;8x4BlEWEljFcn;Sq0&Fa z@3uvMg=#UQ9NX8yCFPtEX@%^(aM$cmS3XWJ;DpY?^CAeH4Q7FU@Lb>?T{iPPOr1iwwwWF3rg}pSF;B-#D@8FB^aXKYrj|{)kbY(8wAX(-I3M1=yS^IU z^oPCj5Ne$=N~i>mZAlh|QbdDkFdW~UUtZq6y}Ww+?$fw5QJfunEu)zuUmCe%TS_9v zhFC=8_H+MwJh&QeMJ#uKOeL{=&pNy4T4!zFIy>oHXI<~c{hQm5=l{CB8uf=d)pYag`;ySX)1cpBIRvHr#Bd%zrF0=ej4@8Z~DErThYp$>ysn4J_De^P8WG7_u_9qTUbgla+dOm3nao^O}R4ciWK&i^m)|D@T6Y;VNEdCcL;}tXY;4cL(n6NT((k?RUz}h3+`s*J^=Wvs8jTJn zh;;bZhTXrgD1*7^XRqdDxi9O#k67LXRWVPzl)pE>6 zY5e2})&j!(8Lg{^lISCMqmJLf(!%=GUF!>xbBj2jW@cH`tIf{qecqmqC;8~x?dCY_ zsW|MZD4?pEg*HNatF=#5W3QMg*CWr)bcZb=8}YZzmXNFmu(>i!3Aj#$7UaHiRs_(E zjl(T`u(k2iA9yL_@UUs+B{r>Wo6Ok9W|vjV%hIJAXFi@`^Ub`s#L@N4+J=_0pxbCK z{N?uCWD$9p6jajKl!GY`Xtxr1*s$}BZ`jEN3|4H_iT4gXImf&*39_uwWM$R3ZW&IK7TinV6uap&^7MIz+wULY zforM|Ew%R3TRub={aUa8rZJ^_pQnq^tFqPD&z)FE{C5=xsp)6$xRq_*Gk6-@pE zwhXn_bY+|=?XD%R(o;@;-DFFOvNmDtsA%$@W4|J?STXKZFYiT7ZFt1Oe}kFbz(nlW z%07!i(|q12PiV_tl-t$k8PvU7CnewewoSVc@V|gj$_>QE25G1ENWGEDx0U)}a^CU{HP1pa=*#y4s`){pQJAeMe z@$upNZ+p4ctpE2q5$GD(Z)pnnt)}n2GM~I-4j>cCMqVJK{-omw@y!T^Z#+{5dYuLRY-JY9sR@;$dyo)TF8|v^fhaU zrym^i1nd6Pvq?5Pmn3ue$Es!qy+xeNfUM+V9mnw(=GSm+;MS5(qkCBQ{mjFh@z=SY zZvUUY5?pKlPu}G0f9K@%u>RZ2_0{Zu;wc|2|H1MfuETY>4%gw@^YwoL00960mov8Z H0HOc@<@=QW literal 0 HcmV?d00001 diff --git a/charts/v4.1.0/blob-csi-driver/Chart.yaml b/charts/v4.1.0/blob-csi-driver/Chart.yaml new file mode 100644 index 000000000..77f6c8ee2 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: latest +description: Azure Blob Storage CSI driver +name: blob-csi-driver +version: v4.1.0 diff --git a/charts/v4.1.0/blob-csi-driver/templates/NOTES.txt b/charts/v4.1.0/blob-csi-driver/templates/NOTES.txt new file mode 100644 index 000000000..9ad135dd4 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/NOTES.txt @@ -0,0 +1,5 @@ +The Azure Blob Storage CSI driver is getting deployed to your cluster. + +To check Azure Blob Storage CSI driver pods status, please run: + + kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v4.1.0/blob-csi-driver/templates/_helpers.tpl b/charts/v4.1.0/blob-csi-driver/templates/_helpers.tpl new file mode 100644 index 000000000..d99392f32 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* Expand the name of the chart.*/}} +{{- define "blob.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "blob.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common selectors. +*/}} +{{- define "blob.selectorLabels" -}} +app.kubernetes.io/name: {{ template "blob.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels. +*/}} +{{- define "blob.labels" -}} +{{- include "blob.selectorLabels" . }} +app.kubernetes.io/component: csi-driver +app.kubernetes.io/part-of: {{ template "blob.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +helm.sh/chart: {{ template "blob.chart" . }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels }} +{{- end }} +{{- end -}} + + +{{/* pull secrets for containers */}} +{{- define "blob.pullSecrets" -}} +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/v4.1.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v4.1.0/blob-csi-driver/templates/csi-blob-controller.yaml new file mode 100644 index 000000000..50afbb969 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/csi-blob-controller.yaml @@ -0,0 +1,216 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Values.controller.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.controller.name }} + {{- include "blob.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + app: {{ .Values.controller.name }} + {{- include "blob.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: {{ .Values.controller.name }} + {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} + {{- if .Values.podLabels }} +{{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: +{{- with .Values.controller.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ .Values.serviceAccount.controller }} + nodeSelector: + kubernetes.io/os: linux + {{- if .Values.controller.runOnMaster}} + node-role.kubernetes.io/master: "" + {{- end}} + {{- if .Values.controller.runOnControlPlane}} + node-role.kubernetes.io/control-plane: "" + {{- end}} +{{- with .Values.controller.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault +{{- with .Values.controller.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + containers: + - name: csi-provisioner +{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" +{{- else }} + image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" +{{- end }} + args: + - "-v=2" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" + - "--timeout=120s" + - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + - name: liveness-probe +{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- else }} + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- end }} + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port={{ .Values.controller.livenessProbe.healthPort }} + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + - name: blob +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + args: + - "--v={{ .Values.controller.logLevel }}" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" + - "--drivername={{ .Values.driver.name }}" + - "--custom-user-agent={{ .Values.driver.customUserAgent }}" + - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" + - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}" + - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" + - "--allow-empty-cloud-config={{ .Values.controller.allowEmptyCloudConfig }}" + ports: + - containerPort: {{ .Values.controller.livenessProbe.healthPort }} + name: healthz + protocol: TCP + - containerPort: {{ .Values.controller.metricsPort }} + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: AZURE_ENVIRONMENT_FILEPATH + value: /etc/kubernetes/azurestackcloud.json + {{- end }} + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + - name: ssl-pki + mountPath: /etc/pki/ca-trust/extracted + readOnly: true + {{- end }} + resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} + - name: csi-resizer +{{- if hasPrefix "/" .Values.image.csiResizer.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" +{{- else }} + image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" +{{- end }} + args: + - "-csi-address=$(ADDRESS)" + - "-v=2" + - "-leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" + - '-handle-volume-inuse-error=false' + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + volumes: + - name: socket-dir + emptyDir: {} + - name: azure-cred + hostPath: + path: /etc/kubernetes/ + type: DirectoryOrCreate + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + - name: ssl-pki + hostPath: + path: /etc/pki/ca-trust/extracted + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} diff --git a/charts/v4.1.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v4.1.0/blob-csi-driver/templates/csi-blob-driver.yaml new file mode 100644 index 000000000..9a6aea64a --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/csi-blob-driver.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: {{ .Values.driver.name }} + labels: + {{- include "blob.labels" . | nindent 4 }} +spec: + attachRequired: false + podInfoOnMount: true + fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }} + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/charts/v4.1.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v4.1.0/blob-csi-driver/templates/csi-blob-node.yaml new file mode 100644 index 000000000..13e4291ed --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/csi-blob-node.yaml @@ -0,0 +1,288 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .Values.node.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.node.name }} + {{- include "blob.labels" . | nindent 4 }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: {{ .Values.node.maxUnavailable }} + type: RollingUpdate + selector: + matchLabels: + app: {{ .Values.node.name }} + {{- include "blob.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: {{ .Values.node.name }} + {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} + {{- if .Values.podLabels }} +{{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} +{{- if .Values.node.enableBlobfuseProxy }} + hostPID: true +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ .Values.serviceAccount.node }} + nodeSelector: + kubernetes.io/os: linux +{{- with .Values.node.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + {{- if .Values.node.affinity }} +{{- toYaml .Values.node.affinity | nindent 8 }} + {{- end }} + priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault +{{- with .Values.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.node.enableBlobfuseProxy }} + initContainers: + - name: install-blobfuse-proxy +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE + value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" + - name: BLOBFUSE_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" + - name: INSTALL_BLOBFUSE2 + value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}" + - name: BLOBFUSE2_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}" + - name: SET_MAX_OPEN_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" + - name: MAX_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" + - name: DISABLE_UPDATEDB + value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-etc + mountPath: /host/etc +{{- end }} + containers: + - name: liveness-probe + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir +{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- else }} + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- end }} + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port={{ .Values.node.livenessProbe.healthPort }} + - --v=2 + resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} + - name: node-driver-registrar +{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" +{{- else }} + image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" +{{- end }} + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + livenessProbe: + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + timeoutSeconds: 15 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} + - name: blob +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + args: + - "--v={{ .Values.node.logLevel }}" + - "--endpoint=$(CSI_ENDPOINT)" + - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" + - "--edgecache-mount-endpoint=$(EDGECACHE_MOUNT_ENDPOINT)" + - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--drivername={{ .Values.driver.name }}" + - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" + - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" + - "--custom-user-agent={{ .Values.driver.customUserAgent }}" + - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" + - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}" + - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}" + - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}" + - "--mount-permissions={{ .Values.node.mountPermissions }}" + - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}" + ports: + - containerPort: {{ .Values.node.livenessProbe.healthPort }} + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: EDGECACHE_MOUNT_ENDPOINT + value: unix:///csi/csi_mounts.sock + - name: BLOBFUSE_PROXY_ENDPOINT + value: unix:///csi/blobfuse-proxy.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: AZURE_ENVIRONMENT_FILEPATH + value: /etc/kubernetes/azurestackcloud.json + {{- end }} + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: {{ .Values.linux.kubelet }}/ + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /mnt + name: blob-cache + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + - name: ssl-pki + mountPath: /etc/pki/ca-trust/extracted + readOnly: true + {{- end }} + resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} + volumes: +{{- if .Values.node.enableBlobfuseProxy }} + - name: host-usr + hostPath: + path: /usr + - name: host-etc + hostPath: + path: /etc +{{- end }} + - hostPath: + path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: {{ .Values.linux.kubelet }}/ + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: {{ .Values.linux.kubelet }}/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /etc/kubernetes/ + type: DirectoryOrCreate + name: azure-cred + - hostPath: + path: {{ .Values.node.blobfuseCachePath }} + name: blob-cache + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + - name: ssl-pki + hostPath: + path: /etc/pki/ca-trust/extracted + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} diff --git a/charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml new file mode 100644 index 000000000..833dcc640 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml @@ -0,0 +1,115 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-external-provisioner-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-csi-provisioner-binding + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.rbac.name }}-external-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-external-resizer-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-csi-resizer-role + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.rbac.name }}-external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-controller-secret-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-controller-secret-binding + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-{{ .Values.rbac.name }}-controller-secret-role + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml new file mode 100644 index 000000000..f4eb48e93 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml @@ -0,0 +1,38 @@ +{{- if .Values.rbac.create -}} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-node-secret-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + + # the node plugin must apply annotations to the PVC for edgecache volumes + # it gets the PVC's through the PV's + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-node-secret-binding + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-{{ .Values.rbac.name }}-node-secret-role + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml new file mode 100644 index 000000000..7433bccf1 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml new file mode 100644 index 000000000..a25090e30 --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v4.1.0/blob-csi-driver/values.yaml b/charts/v4.1.0/blob-csi-driver/values.yaml new file mode 100644 index 000000000..1ff9bbfaf --- /dev/null +++ b/charts/v4.1.0/blob-csi-driver/values.yaml @@ -0,0 +1,173 @@ +image: + baseRepo: mcr.microsoft.com + blob: + repository: /k8s/csi/blob-csi + tag: latest + pullPolicy: IfNotPresent + csiProvisioner: + repository: /oss/kubernetes-csi/csi-provisioner + tag: v3.5.0 + pullPolicy: IfNotPresent + livenessProbe: + repository: /oss/kubernetes-csi/livenessprobe + tag: v2.10.0 + pullPolicy: IfNotPresent + nodeDriverRegistrar: + repository: /oss/kubernetes-csi/csi-node-driver-registrar + tag: v2.8.0 + pullPolicy: IfNotPresent + csiResizer: + repository: /oss/kubernetes-csi/csi-resizer + tag: v1.8.0 + pullPolicy: IfNotPresent + +cloud: AzurePublicCloud + +## Reference to one or more secrets to be used when pulling images +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# - name: myRegistryKeySecretName + +serviceAccount: + create: true # When true, service accounts will be created for you. Set to false if you want to use your own. + controller: csi-blob-controller-sa # Name of Service Account to be created or used + node: csi-blob-node-sa # Name of Service Account to be created or used + +rbac: + create: true + name: blob + +## Collection of annotations to add to all the pods +podAnnotations: {} +## Collection of labels to add to all the pods +podLabels: {} +# -- Custom labels to add into metadata +customLabels: {} + # k8s-app: blob-csi-driver + +## Leverage a PriorityClass to ensure your pods survive resource shortages +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +priorityClassName: system-cluster-critical +## Security context give the opportunity to run container as nonroot by setting a securityContext +## by example : +## securityContext: { runAsUser: 1001 } +securityContext: {} + +controller: + name: csi-blob-controller + cloudConfigSecretName: azure-cloud-provider + cloudConfigSecretNamespace: kube-system + allowEmptyCloudConfig: true + hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting + metricsPort: 29634 + livenessProbe: + healthPort: 29632 + replicas: 2 + runOnMaster: false + runOnControlPlane: false + logLevel: 5 + resources: + csiProvisioner: + limits: + memory: 500Mi + requests: + cpu: 10m + memory: 20Mi + livenessProbe: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + blob: + limits: + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + csiResizer: + limits: + memory: 500Mi + requests: + cpu: 10m + memory: 20Mi + affinity: {} + nodeSelector: {} + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + +node: + name: csi-blob-node + cloudConfigSecretName: azure-cloud-provider + cloudConfigSecretNamespace: kube-system + allowEmptyCloudConfig: true + allowInlineVolumeKeyAccessWithIdentity: false + maxUnavailable: 1 + livenessProbe: + healthPort: 29633 + logLevel: 5 + enableBlobfuseProxy: false + blobfuseProxy: + installBlobfuse: true + blobfuseVersion: "1.4.5" + installBlobfuse2: true + blobfuse2Version: "2.0.3" + setMaxOpenFileNum: true + maxOpenFileNum: "9000000" + disableUpdateDB: true + blobfuseCachePath: /mnt + appendTimeStampInCacheDir: false + mountPermissions: 0777 + resources: + livenessProbe: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + nodeDriverRegistrar: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + blob: + limits: + memory: 2100Mi + requests: + cpu: 10m + memory: 20Mi + affinity: {} + nodeSelector: {} + tolerations: + - operator: "Exists" + +feature: + fsGroupPolicy: ReadWriteOnceWithFSType + enableGetVolumeStats: false + +driver: + name: blob.csi.azure.com + customUserAgent: "" + userAgentSuffix: "OSS-helm" + azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR + httpsProxy: "" + httpProxy: "" + +linux: + kubelet: /var/lib/kubelet + distro: debian + +workloadIdentity: + clientID: "" + # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster + # then set tenantID with the application or user-assigned managed identity tenant ID + tenantID: ""