gitea_admin/application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add helm charts

Browse Source
This commit is contained in:
Ybehrooz
2025-11-09 13:22:40 +03:30
parent 282c3e52d0
commit 38e4d749ad
1352 changed files with 190457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
backing-services/aws-ebs-csi-driver/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

382
backing-services/aws-ebs-csi-driver/CHANGELOG.md Normal file
View File

@@ -0,0 +1,382 @@
# Helm chart
## v2.32.0
* Bump driver version to `v1.32.0`
* Bump CSI sidecar container versions
* Add `patch` permission to `PV` to `external-provisioner` role (required by v5 and later)
* Add terminationGracePeriodSeconds as a helm parameter ([#2060](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2060), [@ElijahQuinones](https://github.com/ElijahQuinones))
* Use release namespace in ClusterRoleBinding subject namespace ([#2059](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2059), [@etutuit](https://github.com/etutuit))
* Add parameter to override node DaemonSet namespace ([#2052](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2052), [@RuStyC0der](https://github.com/RuStyC0der))
* Set RuntimeDefault as default seccompProfile in securityContext ([#2061](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2061), [@torredil](https://github.com/torredil))
* Increase default provisioner, resizer, snapshotter `retry-interval-max` ([#2057](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2057), [@AndrewSirenko](https://github.com/AndrewSirenko))
## v2.31.0
* Bump driver version to `v1.31.0`
* Expose dnsConfig in Helm Chart for Custom DNS Configuration ([#2034](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2045), [@omerap12](https://github.com/omerap12))
* Make scrape interval configurable ([#2035](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2035), [@omerap12](https://github.com/omerap12))
* Add defaultStorageClass parameter ([#2039](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2039), [@torredil](https://github.com/torredil))
* Upgrade sidecar containers ([#2041](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2041), [@torredil](https://github.com/torredil))
## v2.30.0
* Bump driver version to `v1.30.0`
* Update voluemessnapshotcontents/status RBAC ([#1991](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1991), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Upgrade dependencies ([#2016](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2016), [@torredil](https://github.com/torredil))
## v2.29.1
* Bump driver version to `v1.29.1`
* Remove `--reuse-values` deprecation warning
## v2.29.0
### Urgent Upgrade Notes
*(No, really, you MUST read this before you upgrade)*
The EBS CSI Driver Helm chart no longer supports upgrading with `--reuse-values`. This chart will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`.
For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864).
### Other Changes
* Bump driver version to `v1.29.0` and sidecars to latest versions
* Add helm-tester enabled flag ([#1954](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1954), [@nunodomingues-td](https://github.com/nunodomingues-td))
## v2.28.1
* Add `reservedVolumeAttachments` that overrides heuristic-determined reserved attachments via `--reserved-volume-attachments` CLI option from [PR #1919](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1919) through Helm ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Add `additionalArgs` parameter to node daemonSet ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko))
## v2.28.0
### Urgent Upgrade Notes
*(No, really, you MUST read this before you upgrade)*
This is the last minor version of the EBS CSI Driver Helm chart to support upgrading with `--reuse-values`. Future versions of the chart (starting with `v2.29.0`) will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`.
For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864).
### Other Changes
* Bump driver version to `v1.28.0` and sidecars to latest versions
* Add labels to leases role used by EBS CSI controller ([#1914](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1914), [@cHiv0rz](https://github.com/cHiv0rz))
* Enforce `linux` and `amd64` node affinity for helm tester pod ([#1922](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1922), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Add configuration for `DaemonSet` annotations ([#1923](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1923), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Incorporate KubeLinter recommended best practices for chart tester pod ([#1924](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1924), [@torredil](https://github.com/torredil))
* Add configuration for chart tester pod image ([#1928](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1928), [@AndrewSirenko](https://github.com/AndrewSirenko))
## v2.27.0
* Bump driver version to `v1.27.0`
* Add parameters for tuning revisionHistoryLimit and emptyDir volumes ([#1840](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1840), [@bodgit](https://github.com/bodgit))
## v2.26.1
* Bump driver version to `v1.26.1`
* Bump sidecar container versions to fix [restart bug in external attacher, provisioner, resizer, snapshotter, and node-driver-registrar](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1875) ([#1886](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1886), [@AndrewSirenko](https://github.com/AndrewSirenko))
## v2.26.0
* Bump driver version to `v1.26.0`
* Bump sidecar container versions ([#1867](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1867), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Add warning about --reuse-values deprecation to NOTES.txt ([#1865](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1865), [@ConnorJC3](https://github.com/ConnorJC3))
## v2.25.0
* Bump driver version to `v1.25.0`
* Update default sidecar timeout values ([#1824](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1824), [@torredil](https://github.com/torredil))
* Increase default QPS and worker threads of sidecars ([#1834](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1834), [@ConnorJC3](https://github.com/ConnorJC3))
* Node-driver-registrar sidecar fixes ([#1815](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1815), [@jukie](https://github.com/jukie))
* Suggest eks.amazonaws.com/role-arn in values.yaml if EKS IAM for SA is used ([#1804](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1804), [@tporeba](https://github.com/tporeba))
## v2.24.1
* Bump driver version to `v1.24.1`
* Upgrade sidecar images
## v2.24.0
* Bump driver version to `v1.24.0`
* Add additionalClusterRoleRules to sidecar chart templates. ([#1757](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1757), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Allow passing template value for clusterName ([#1753](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1753), [@monicastanciu](https://github.com/monicastanciu))
* Make hostNetwork configurable for daemonset ([#1716](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1716), [@bseenu](https://github.com/bseenu))
* Add labels to volumesnapshotclass ([#1754](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1754), [@fad3t](https://github.com/fad3t))
* Update default API version for PodDisruptionBudget ([#1751](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1751), [@AndrewSirenko](https://github.com/AndrewSirenko))
## v2.23.2
* Bump driver version to `v1.23.2`
* Upgrade sidecar images
## v2.23.1
* Bump driver version to `v1.23.1`
## v2.23.0
* Add `node.enableLinux` parameter ([#1732](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1732), [@monicastanciu](https://github.com/monicastanciu))
* Additional Node DaemonSets bug fixes ([#1739](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1739), [@monicastanciu](https://github.com/monicastanciu))
* Additional DaemonSets feature ([#1722](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1722), [@ConnorJC3](https://github.com/ConnorJC3))
* Add doc of chart value additionalArgs ([#1697](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1697), [@zitudu](https://github.com/zitudu))
## v2.22.1
* Bump driver version to `v1.22.1`
## v2.22.0
* Default PodDisruptionBudget to policy/v1 ([#1707](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1707), [@iNoahNothing](https://github.com/iNoahNothing))
## v2.21.0
* Bump driver version to `v1.21.0`
* Enable additional volume mounts on node pods ([#1670](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1670), [@AndrewSirenko](https://github.com/AndrewSirenko))
* Enable customization of aws-secret name and keys in Helm Chart ([#1668](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1668), [@AndrewSirenko](https://github.com/AndrewSirenko))
* The sidecars have been updated. The new versions are:
- csi-snapshotter: `v6.2.2`
## v2.20.0
* Bump driver version to `v1.20.0`
* Enable leader election in csi-resizer sidecar ([#1606](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1606), [@rdpsin](https://github.com/rdpsin))
* Namespace-scoped leases permissions ([#1614](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1614), [@torredil](https://github.com/torredil))
* Add additionalArgs parameter for sidecars ([#1627](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1627), [@ConnorJC3](https://github.com/ConnorJC3))
* Avoid generating manifests with empty envFrom fields ([#1630](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1630), [@mvgmb](https://github.com/mvgmb))
* Allow to set automountServiceAccountToken in ServiceAccount ([#1619](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1619), [@kahirokunn](https://github.com/kahirokunn))
## v2.19.0
* Bump driver version to `v1.19.0`
* The sidecars have been updated. The new versions are:
- csi-provisioner: `v3.5.0`
- csi-attacher: `v4.3.0`
- livenessprobe: `v2.10.0`
- csi-resizer: `v1.8.0`
- node-driver-registrar: `v2.8.0`
* Remove CPU limits ([#1596](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1596), [@torredil](https://github.com/torredil))
## v2.18.0
### Urgent Upgrade Notes
*(No, really, you MUST read this before you upgrade)*
The Helm chart now defaults to using specific releases of the EKS-D sidecars, rather than the `-latest` versions. This is done so the chart will specify an exact container image, as well as for consistency with the EKS Addons version of the driver.
The new sidecar tags are:
* csi-provisioner: `v3.4.1-eks-1-26-7`
* csi-attacher: `v4.2.0-eks-1-26-7`
* csi-snapshotter: `v6.2.1-eks-1-26-7`
* livenessprobe: `v2.9.0-eks-1-26-7`
* csi-resizer: `v1.7.0-eks-1-26-7`
* node-driver-registrar: `v2.7.0-eks-1-26-7`
### Improvements
* Bump driver version to `v1.18.0`
* Increase speed and reliability of `helm test` ([#1533](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1533), [@torredil](https://github.com/torredil))
* Support `VolumeSnapshotClass` in helm chart ([#1540](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1540), [@hanyuel](https://github.com/hanyuel))
## v2.17.2
* Bump driver version to `v1.17.0`
* Bump `external-resizer` version to `v4.2.0`
* All other sidecars have been updated to the latest rebuild (without an associated version change)
## v2.17.1
* Bump driver version to `v1.16.1`
## v2.17.0
* Bump driver version to `v1.16.0`
* Add support for JSON logging ([#1467](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1467), [@torredil](https://github.com/torredil))
* `--logging-format` flag has been added to set the log format. Valid values are `text` and `json`. The default value is `text`.
* `--logtostderr` is deprecated.
* Long arguments prefixed with `-` are no longer supported, and must be prefixed with `--`. For example, `--volume-attach-limit` instead of `-volume-attach-limit`.
* The sidecars have been updated. The new versions are:
- csi-provisioner: `v3.4.0`
- csi-attacher: `v4.1.0`
- csi-snapshotter: `v6.2.1`
- livenessprobe: `v2.9.0`
- csi-resizer: `v1.7.0`
- node-driver-registrar: `v2.7.0`
## v2.16.0
* Bump driver version to `v1.15.0`
* Change default sidecars to EKS-D ([#1475](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1475), [@ConnorJC3](https://github.com/ConnorJC3), [@torredil](https://github.com/torredil))
* The sidecars have been updated. The new versions are:
- csi-provisioner: `v3.3.0`
- csi-attacher: `v4.0.0`
- csi-snapshotter: `v6.1.0`
- livenessprobe: `v2.8.0`
- csi-resizer: `v1.6.0`
- node-driver-registrar: `v2.6.2`
## v2.15.1
* Bugfix: Prevent deployment of testing resources during normal installation by adding `helm.sh/hook: test` annotation.
## v2.15.0
* Set sensible default resource requests/limits
* Add sensible default update strategy
* Add podAntiAffinity so controller pods prefer scheduling on separate nodes if possible
* Add container registry parameter
## v2.14.2
* Bump driver version to `v1.14.1`
## v2.14.1
* Add `controller.sdkDebugLog` parameter
## v2.14.0
* Bump driver version to `v1.14.0`
## v2.13.0
* Bump app/driver to version `v1.13.0`
* Expose volumes and volumeMounts for the ebs-csi-controller deployment ([#1400](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1436), [@cnmcavoy](https://github.com/cnmcavoy))
* refactor: Move the default controller tolerations in the helm chart values ([#1427](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1427), [@cnmcavoy](https://github.com/Linutux42))
* Add serviceMonitor.labels parameter ([#1419](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1419), [@torredil](https://github.com/torredil))
* Add parameter to force enable snapshotter sidecar ([#1418](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1418), [@ConnorJC3](https://github.com/ConnorJC3))
## v2.12.1
* Bump app/driver to version `v1.12.1`
## v2.12.0
* Bump app/driver to version `v1.12.0`
* Move default toleration to values.yaml so it can be overriden if desired by users ([#1400](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1400), [@cnmcavoy](https://github.com/cnmcavoy))
* Add enableMetrics configuration ([#1380](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1380), [@torredil](https://github.com/torredil))
* add initContainer to the controller's template ([#1379](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1379), [@InsomniaCoder](https://github.com/InsomniaCoder))
* Add controller nodeAffinity to prefer EC2 over Fargate ([#1360](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1360), [@torredil](https://github.com/torredil))
## v2.11.1
* Add `useOldCSIDriver` parameter to use old `CSIDriver` object.
## v2.11.0
**Important Notice:** This version updates the `CSIDriver` object in order to fix [a bug with static volumes and the `fsGroup` parameter](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1365). This upgrade will fail on existing clusters because the associated field in `CSIDriver` is immutable.
Users upgrading to this version should pre-delete the existing `CSIDriver` object (example: `kubectl delete csidriver ebs.csi.aws.com`). This will not affect any existing volumes, but will cause the EBS CSI Driver to be unavailable to handle future requests, and should be immediately followed by an upgrade. For users that cannot delete the `CSIDriver` object, v2.11.1 implements a new parameter `useOldCSIDriver` that will use the previous `CSIDriver`.
* Bump app/driver to version `v1.11.3`
* Add support for leader election tuning for `csi-provisioner` and `csi-attacher` ([#1371](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1371), [@moogzy](https://github.com/moogzy))
* Change `fsGroupPolicy` to `File` ([#1377](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1377), [@ConnorJC3](https://github.com/ConnorJC3))
* Allow all taint for `csi-node` by default ([#1381](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1381), [@gtxu](https://github.com/gtxu))
## v2.10.1
* Bump app/driver to version `v1.11.2`
## v2.10.0
* Implement securityContext for containers
* Add securityContext for node pod
* Utilize more secure defaults for securityContext
## v2.9.0
* Bump app/driver to version `v1.10.0`
* Feature: Reference `configMaps` across multiple resources using `envFrom` ([#1312](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1312), [@jebbens](https://github.com/jebbens))
## v2.8.1
* Bump app/driver to version `v1.9.0`
* Update livenessprobe to version `v2.6.0`
## v2.8.0
* Feature: Support custom affinity definition on node daemon set ([#1277](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1277), [@vauchok](https://github.com/vauchok))
## v2.7.1
* Bump app/driver to version `v1.8.0`
## v2.7.0
* Support optional ec2 endpoint configuration.
* Fix node driver registrar socket path.
* Fix hardcoded kubelet path.
## v2.6.11
* Bump app/driver to version `v1.7.0`
* Set handle-volume-inuse-error to `false`
## v2.6.10
* Add quotes around the `extra-tags` argument in order to prevent special characters such as `":"` from breaking the manifest YAML after template rendering.
## v2.6.9
* Update csi-snapshotter to version `v6.0.1`
* Update external-attacher to version `v3.4.0`
* Update external-resizer to version `v1.4.0`
* Update external-provisioner to version `v3.1.0`
* Update node-driver-registrar to version `v2.5.1`
* Update livenessprobe to version `v2.5.0`
## v2.6.8
* Bump app/driver to version `v1.6.2`
* Bump sidecar version for nodeDriverRegistrar, provisioner to be consistent with EKS CSI Driver Add-on
## v2.6.7
* Bump app/driver to version `v1.6.1`
## v2.6.6
* Bump app/driver to version `v1.6.0`
## v2.6.5
* Bump app/driver to version `v1.5.3`
## v2.6.4
* Remove exposure all secrets to external-snapshotter-role
## v2.6.3
* Bump app/driver to version `v1.5.1`
## v2.6.2
* Update csi-resizer version to v1.1.0
## v2.6.1
* Add securityContext support for controller Deployment
## v2.5.0
* Bump app/driver version to `v1.5.0`
## v2.4.1
* Replace deprecated arg `--extra-volume-tags` by `--extra-tags`
## v2.4.0
* Bump app/driver version to `v1.4.0`
## v2.3.1
* Bump app/driver version to `v1.3.1`
## v2.3.0
* Support overriding controller `--default-fstype` flag via values
## v2.2.1
* Bump app/driver version to `v1.3.0`
## v2.2.0
* Support setting imagePullPolicy for all containers
## v2.1.1
* Bump app/driver version to `v1.2.1`
## v2.1.0
* Custom `controller.updateStrategy` to set controller deployment strategy.
## v2.0.4
* Use chart app version as default image tag
* Add updateStrategy to daemonsets
## v2.0.3
* Bump app/driver version to `v1.2.0`
## v2.0.2
* Bump app/driver version to `v1.1.3`
## v2.0.1
* Only create Windows daemonset if enableWindows is true
* Update Windows daemonset to align better to the Linux one
## v2.0.0
* Remove support for Helm 2
* Remove deprecated values
* No longer install snapshot controller or its CRDs
* Reorganize additional values
[Upgrade instructions](/docs/README.md#upgrading-from-version-1x-to-2x-of-the-helm-chart)
## v1.2.4
* Bump app/driver version to `v1.1.1`
* Install VolumeSnapshotClass, VolumeSnapshotContent, VolumeSnapshot CRDs if enableVolumeSnapshot is true
* Only run csi-snapshotter sidecar if enableVolumeSnapshot is true or if CRDs are already installed

16
backing-services/aws-ebs-csi-driver/Chart.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v2
appVersion: 1.32.0
description: A Helm chart for AWS EBS CSI Driver
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
keywords:
- aws
- ebs
- csi
kubeVersion: '>=1.17.0-0'
maintainers:
- name: Kubernetes Authors
url: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/
name: aws-ebs-csi-driver
sources:
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
version: 2.32.0

5
backing-services/aws-ebs-csi-driver/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,5 @@
To verify that aws-ebs-csi-driver has started, run:
kubectl get pod -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality.

85
backing-services/aws-ebs-csi-driver/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,85 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "aws-ebs-csi-driver.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "aws-ebs-csi-driver.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "aws-ebs-csi-driver.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "aws-ebs-csi-driver.labels" -}}
{{ include "aws-ebs-csi-driver.selectorLabels" . }}
{{- if ne .Release.Name "kustomize" }}
helm.sh/chart: {{ include "aws-ebs-csi-driver.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/component: csi-driver
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{- if .Values.customLabels }}
{{ toYaml .Values.customLabels }}
{{- end }}
{{- end -}}
{{/*
Common selector labels
*/}}
{{- define "aws-ebs-csi-driver.selectorLabels" -}}
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
{{- if ne .Release.Name "kustomize" }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end -}}
{{/*
Convert the `--extra-tags` command line arg from a map.
*/}}
{{- define "aws-ebs-csi-driver.extra-volume-tags" -}}
{{- $result := dict "pairs" (list) -}}
{{- range $key, $value := .Values.controller.extraVolumeTags -}}
{{- $noop := printf "%s=%v" $key $value | append $result.pairs | set $result "pairs" -}}
{{- end -}}
{{- if gt (len $result.pairs) 0 -}}
{{- printf "- \"--extra-tags=%s\"" (join "," $result.pairs) -}}
{{- end -}}
{{- end -}}
{{/*
Handle http proxy env vars
*/}}
{{- define "aws-ebs-csi-driver.http-proxy" -}}
- name: HTTP_PROXY
value: {{ .Values.proxy.http_proxy | quote }}
- name: HTTPS_PROXY
value: {{ .Values.proxy.http_proxy | quote }}
- name: NO_PROXY
value: {{ .Values.proxy.no_proxy | quote }}
{{- end -}}

263
backing-services/aws-ebs-csi-driver/templates/_node-windows.tpl Normal file
View File

@@ -0,0 +1,263 @@
{{- define "node-windows" }}
{{- if .Values.node.enableWindows }}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ printf "%s-windows" .NodeName }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
spec:
{{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }}
revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
app: {{ .NodeName }}
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
updateStrategy:
{{ toYaml .Values.node.updateStrategy | nindent 4 }}
template:
metadata:
labels:
app: {{ .NodeName }}
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
{{- if .Values.node.podLabels }}
{{- toYaml .Values.node.podLabels | nindent 8 }}
{{- end }}
{{- with .Values.node.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.node.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
kubernetes.io/os: windows
{{- with .Values.node.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.node.serviceAccount.name }}
terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriodSeconds }}
priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }}
tolerations:
{{- if .Values.node.tolerateAllTaints }}
- operator: Exists
{{- else }}
{{- with .Values.node.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.node.windowsHostProcess }}
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
{{- end }}
containers:
- name: ebs-plugin
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.node.windowsHostProcess }}
command:
- "aws-ebs-csi-driver.exe"
{{- end }}
args:
- node
- --endpoint=$(CSI_ENDPOINT)
{{- with .Values.node.volumeAttachLimit }}
- --volume-attach-limit={{ . }}
{{- end }}
{{- with .Values.node.loggingFormat }}
- --logging-format={{ . }}
{{- end }}
- --v={{ .Values.node.logLevel }}
{{- if .Values.node.otelTracing }}
- --enable-otel-tracing=true
{{- end}}
{{- if .Values.node.windowsHostProcess }}
- --windows-host-process=true
{{- end }}
env:
- name: CSI_ENDPOINT
{{- if .Values.node.windowsHostProcess }}
value: unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
value: unix:/csi/csi.sock
{{- end }}
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.node.otelTracing }}
- name: OTEL_SERVICE_NAME
value: {{ .otelServiceName }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .otelExporterEndpoint }}
{{- end }}
{{- with .Values.node.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: kubelet-dir
mountPath: C:\var\lib\kubelet
mountPropagation: "None"
- name: plugin-dir
mountPath: C:\csi
{{- if not .Values.node.windowsHostProcess }}
- name: csi-proxy-disk-pipe
mountPath: \\.\pipe\csi-proxy-disk-v1
- name: csi-proxy-volume-pipe
mountPath: \\.\pipe\csi-proxy-volume-v1
- name: csi-proxy-filesystem-pipe
mountPath: \\.\pipe\csi-proxy-filesystem-v1
{{- end }}
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
{{- with .Values.node.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if not .Values.node.windowsHostProcess }}
securityContext:
windowsOptions:
runAsUserName: "ContainerAdministrator"
{{- end }}
lifecycle:
preStop:
exec:
command: ["/bin/aws-ebs-csi-driver", "pre-stop-hook"]
- name: node-driver-registrar
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }}
{{- if .Values.node.windowsHostProcess }}
command:
- "csi-node-driver-registrar.exe"
{{- end }}
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
{{- if .Values.node.windowsHostProcess }}
- --plugin-registration-path=$(PLUGIN_REG_DIR)
{{- end }}
- --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }}
env:
- name: ADDRESS
{{- if .Values.node.windowsHostProcess }}
value: unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
value: unix:/csi/csi.sock
{{- end }}
- name: DRIVER_REG_SOCK_PATH
{{- if .Values.node.windowsHostProcess }}
value: C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
value: C:\var\lib\kubelet\plugins\ebs.csi.aws.com\csi.sock
{{- end }}
{{- if .Values.node.windowsHostProcess }}
- name: PLUGIN_REG_DIR
value: C:\\var\\lib\\kubelet\\plugins_registry\\
{{- end }}
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.nodeDriverRegistrar.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /csi-node-driver-registrar.exe
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
initialDelaySeconds: 30
timeoutSeconds: 15
periodSeconds: 90
volumeMounts:
- name: plugin-dir
mountPath: C:\csi
- name: registration-dir
mountPath: C:\registration
- name: probe-dir
mountPath: C:\var\lib\kubelet\plugins\ebs.csi.aws.com
{{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: liveness-probe
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
{{- if .Values.node.windowsHostProcess }}
command:
- "livenessprobe.exe"
{{- end }}
args:
{{- if .Values.node.windowsHostProcess }}
- --csi-address=unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock
{{- else }}
- --csi-address=unix:/csi/csi.sock
{{- end }}
volumeMounts:
- name: plugin-dir
mountPath: C:\csi
{{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
volumes:
- name: kubelet-dir
hostPath:
path: C:\var\lib\kubelet
type: Directory
- name: plugin-dir
hostPath:
path: C:\var\lib\kubelet\plugins\ebs.csi.aws.com
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: C:\var\lib\kubelet\plugins_registry
type: Directory
{{- if not .Values.node.windowsHostProcess }}
- name: csi-proxy-disk-pipe
hostPath:
path: \\.\pipe\csi-proxy-disk-v1
type: ""
- name: csi-proxy-volume-pipe
hostPath:
path: \\.\pipe\csi-proxy-volume-v1
type: ""
- name: csi-proxy-filesystem-pipe
hostPath:
path: \\.\pipe\csi-proxy-filesystem-v1
type: ""
{{- end }}
- name: probe-dir
{{- if .Values.node.probeDirVolume }}
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}

245
backing-services/aws-ebs-csi-driver/templates/_node.tpl Normal file
View File

@@ -0,0 +1,245 @@
{{- define "node" }}
{{- if or (eq (default true .Values.node.enableLinux) true) }}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .NodeName }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
{{- with .Values.node.daemonSetAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }}
revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
app: {{ .NodeName }}
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
updateStrategy:
{{- toYaml .Values.node.updateStrategy | nindent 4 }}
template:
metadata:
labels:
app: {{ .NodeName }}
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
{{- if .Values.node.podLabels }}
{{- toYaml .Values.node.podLabels | nindent 8 }}
{{- end }}
{{- with .Values.node.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.node.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
kubernetes.io/os: linux
{{- with .Values.node.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.node.serviceAccount.name }}
terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriodSeconds }}
priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }}
tolerations:
{{- if .Values.node.tolerateAllTaints }}
- operator: Exists
{{- else }}
{{- with .Values.node.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
- key: "ebs.csi.aws.com/agent-not-ready"
operator: "Exists"
{{- end }}
hostNetwork: {{ .Values.node.hostNetwork }}
{{- with .Values.node.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ebs-plugin
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- node
- --endpoint=$(CSI_ENDPOINT)
{{- with .Values.node.reservedVolumeAttachments }}
- --reserved-volume-attachments={{ . }}
{{- end }}
{{- with .Values.node.volumeAttachLimit }}
- --volume-attach-limit={{ . }}
{{- end }}
{{- with .Values.node.loggingFormat }}
- --logging-format={{ . }}
{{- end }}
- --v={{ .Values.node.logLevel }}
{{- if .Values.node.otelTracing }}
- --enable-otel-tracing=true
{{- end}}
{{- range .Values.node.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.node.otelTracing }}
- name: OTEL_SERVICE_NAME
value: {{ .otelServiceName }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .otelExporterEndpoint }}
{{- end }}
{{- with .Values.node.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: kubelet-dir
mountPath: {{ .Values.node.kubeletPath }}
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: device-dir
mountPath: /dev
{{- with .Values.node.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
{{- with .Values.node.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.node.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
lifecycle:
preStop:
exec:
command: ["/bin/aws-ebs-csi-driver", "pre-stop-hook"]
- name: node-driver-registrar
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }}
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }}
{{- range .Values.sidecars.nodeDriverRegistrar.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: {{ printf "%s/plugins/ebs.csi.aws.com/csi.sock" (trimSuffix "/" .Values.node.kubeletPath) }}
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.nodeDriverRegistrar.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.nodeDriverRegistrar.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: probe-dir
mountPath: {{ printf "%s/plugins/ebs.csi.aws.com/" (trimSuffix "/" .Values.node.kubeletPath) }}
{{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.nodeDriverRegistrar.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: liveness-probe
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
args:
- --csi-address=/csi/csi.sock
{{- range .Values.sidecars.livenessProbe.additionalArgs }}
- {{ . }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: plugin-dir
mountPath: /csi
{{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.livenessProbe.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
volumes:
- name: kubelet-dir
hostPath:
path: {{ .Values.node.kubeletPath }}
type: Directory
- name: plugin-dir
hostPath:
path: {{ printf "%s/plugins/ebs.csi.aws.com/" (trimSuffix "/" .Values.node.kubeletPath) }}
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: {{ printf "%s/plugins_registry/" (trimSuffix "/" .Values.node.kubeletPath) }}
type: Directory
- name: device-dir
hostPath:
path: /dev
type: Directory
- name: probe-dir
{{- if .Values.node.probeDirVolume }}
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.node.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

26
backing-services/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml Normal file
View File

@@ -0,0 +1,26 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-attacher-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "csi.storage.k8s.io" ]
resources: [ "csinodeinfos" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments/status" ]
verbs: [ "patch" ]
{{- with .Values.sidecars.attacher.additionalClusterRoleRules }}
{{- . | toYaml | nindent 2 }}
{{- end }}

17
backing-services/aws-ebs-csi-driver/templates/clusterrole-csi-node.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-node-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get"]

41
backing-services/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml Normal file
View File

@@ -0,0 +1,41 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-provisioner-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "patch", "delete" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshots" ]
verbs: [ "get", "list" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotcontents" ]
verbs: [ "get", "list" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "csinodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattributesclasses" ]
verbs: [ "get" ]
{{- with .Values.sidecars.provisioner.additionalClusterRoleRules }}
{{- . | toYaml | nindent 2 }}
{{- end }}

37
backing-services/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml Normal file
View File

@@ -0,0 +1,37 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-resizer-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list", "watch"]
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims/status" ]
verbs: [ "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattributesclasses" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.sidecars.resizer.additionalClusterRoleRules }}
{{- . | toYaml | nindent 2 }}
{{- end }}

30
backing-services/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml Normal file
View File

@@ -0,0 +1,30 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-snapshotter-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
# Secret permission is optional.
# Enable it if your driver needs secret.
# For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass.
# See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details.
# - apiGroups: [ "" ]
# resources: [ "secrets" ]
# verbs: [ "get", "list" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotcontents" ]
verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotcontents/status" ]
verbs: [ "update", "patch" ]
{{- with .Values.sidecars.snapshotter.additionalClusterRoleRules }}
{{- . | toYaml | nindent 2 }}
{{- end }}

15
backing-services/aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-attacher-binding
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-external-attacher-role
apiGroup: rbac.authorization.k8s.io

15
backing-services/aws-ebs-csi-driver/templates/clusterrolebinding-csi-node.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-node-getter-binding
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.node.serviceAccount.name }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-csi-node-role
apiGroup: rbac.authorization.k8s.io

15
backing-services/aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-provisioner-binding
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-external-provisioner-role
apiGroup: rbac.authorization.k8s.io

15
backing-services/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-resizer-binding
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-external-resizer-role
apiGroup: rbac.authorization.k8s.io

15
backing-services/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-snapshotter-binding
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-external-snapshotter-role
apiGroup: rbac.authorization.k8s.io

519
backing-services/aws-ebs-csi-driver/templates/controller.yaml Normal file
View File

@@ -0,0 +1,519 @@
# Controller Service
kind: Deployment
apiVersion: apps/v1
metadata:
name: ebs-csi-controller
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
{{- with .Values.controller.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.controller.replicaCount }}
{{- if or (kindIs "float64" .Values.controller.revisionHistoryLimit) (kindIs "int64" .Values.controller.revisionHistoryLimit) }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
{{- end }}
{{- with .Values.controller.updateStrategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
app: ebs-csi-controller
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
app: ebs-csi-controller
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{- tpl ( .Values.controller.podAnnotations | toYaml ) . | nindent 8 }}
{{- end }}
spec:
nodeSelector:
kubernetes.io/os: linux
{{- with .Values.controller.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.controller.serviceAccount.name }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- with default .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.controller.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
{{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }}
{{- $constraints := list }}
{{- range .Values.controller.topologySpreadConstraints }}
{{- $constraints = mustAppend $constraints (mergeOverwrite . $tscLabelSelector) }}
{{- end }}
topologySpreadConstraints:
{{- $constraints | toYaml | nindent 8 }}
{{- end }}
{{- with .Values.controller.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ebs-plugin
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
{{- if ne .Release.Name "kustomize" }}
- controller
{{- else }}
# - {all,controller,node} # specify the driver mode
{{- end }}
- --endpoint=$(CSI_ENDPOINT)
{{- if .Values.controller.extraVolumeTags }}
{{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }}
{{- end }}
{{- with (tpl (default "" .Values.controller.k8sTagClusterId) . ) }}
- --k8s-tag-cluster-id={{ . }}
{{- end }}
{{- if and (.Values.controller.enableMetrics) (not .Values.controller.httpEndpoint) }}
- --http-endpoint=0.0.0.0:3301
{{- end}}
{{- with .Values.controller.httpEndpoint }}
- --http-endpoint={{ . }}
{{- end }}
{{- if .Values.controller.sdkDebugLog }}
- --aws-sdk-debug-log=true
{{- end}}
{{- if .Values.controller.batching }}
- --batching=true
{{- end}}
{{- with .Values.controller.loggingFormat }}
- --logging-format={{ . }}
{{- end }}
{{- with .Values.controller.userAgentExtra }}
- --user-agent-extra={{ . }}
{{- end }}
{{- if .Values.controller.otelTracing }}
- --enable-otel-tracing=true
{{- end}}
- --v={{ .Values.controller.logLevel }}
{{- range .Values.controller.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- with .Values.awsAccessSecret }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ .name }}
key: {{ .keyId }}
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .name }}
key: {{ .accessKey }}
optional: true
{{- end }}
- name: AWS_EC2_ENDPOINT
valueFrom:
configMapKeyRef:
name: aws-meta
key: endpoint
optional: true
{{- with .Values.controller.region }}
- name: AWS_REGION
value: {{ . }}
{{- end }}
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.controller.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.otelTracing }}
- name: OTEL_SERVICE_NAME
value: {{ .otelServiceName }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ .otelExporterEndpoint }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: healthz
containerPort: 9808
protocol: TCP
{{- if .Values.controller.enableMetrics }}
- name: metrics
containerPort: 3301
protocol: TCP
{{- end}}
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
{{- with .Values.controller.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.controller.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: csi-provisioner
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }}
args:
{{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.provisioner.additionalArgs)) }}
- --timeout=60s
{{- end }}
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.provisioner.logLevel }}
- --feature-gates=Topology=true
{{- if .Values.controller.extraCreateMetadata }}
- --extra-create-metadata
{{- end}}
- --leader-election={{ .Values.sidecars.provisioner.leaderElection.enabled | required "leader election state for csi-provisioner is required, must be set to true || false." }}
{{- if .Values.sidecars.provisioner.leaderElection.enabled }}
{{- if .Values.sidecars.provisioner.leaderElection.leaseDuration }}
- --leader-election-lease-duration={{ .Values.sidecars.provisioner.leaderElection.leaseDuration }}
{{- end }}
{{- if .Values.sidecars.provisioner.leaderElection.renewDeadline}}
- --leader-election-renew-deadline={{ .Values.sidecars.provisioner.leaderElection.renewDeadline }}
{{- end }}
{{- if .Values.sidecars.provisioner.leaderElection.retryPeriod }}
- --leader-election-retry-period={{ .Values.sidecars.provisioner.leaderElection.retryPeriod }}
{{- end }}
{{- end }}
- --default-fstype={{ .Values.controller.defaultFsType }}
{{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-worker-threads)" (join " " .Values.sidecars.provisioner.additionalArgs)) }}
- --kube-api-qps=20
- --kube-api-burst=100
- --worker-threads=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.provisioner.additionalArgs)) }}
- --retry-interval-max=30m
{{- end }}
{{- range .Values.sidecars.provisioner.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.provisioner.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.provisioner.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.provisioner.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: csi-attacher
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }}
args:
{{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.attacher.additionalArgs)) }}
- --timeout=60s
{{- end }}
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.attacher.logLevel }}
- --leader-election={{ .Values.sidecars.attacher.leaderElection.enabled | required "leader election state for csi-attacher is required, must be set to true || false." }}
{{- if .Values.sidecars.attacher.leaderElection.enabled }}
{{- if .Values.sidecars.attacher.leaderElection.leaseDuration }}
- --leader-election-lease-duration={{ .Values.sidecars.attacher.leaderElection.leaseDuration }}
{{- end }}
{{- if .Values.sidecars.attacher.leaderElection.renewDeadline}}
- --leader-election-renew-deadline={{ .Values.sidecars.attacher.leaderElection.renewDeadline }}
{{- end }}
{{- if .Values.sidecars.attacher.leaderElection.retryPeriod }}
- --leader-election-retry-period={{ .Values.sidecars.attacher.leaderElection.retryPeriod }}
{{- end }}
{{- end }}
{{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-worker-threads)" (join " " .Values.sidecars.attacher.additionalArgs)) }}
- --kube-api-qps=20
- --kube-api-burst=100
- --worker-threads=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.attacher.additionalArgs)) }}
- --retry-interval-max=5m
{{- end }}
{{- range .Values.sidecars.attacher.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.attacher.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.attacher.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.attacher.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if or .Values.sidecars.snapshotter.forceEnable (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }}
- name: csi-snapshotter
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.snapshotter.image.pullPolicy }}
args:
- --csi-address=$(ADDRESS)
- --leader-election=true
{{- if .Values.controller.extraCreateMetadata }}
- --extra-create-metadata
{{- end}}
{{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-worker-threads)" (join " " .Values.sidecars.snapshotter.additionalArgs)) }}
- --kube-api-qps=20
- --kube-api-burst=100
- --worker-threads=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.snapshotter.additionalArgs)) }}
- --retry-interval-max=30m
{{- end }}
{{- range .Values.sidecars.snapshotter.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.snapshotter.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.snapshotter.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.snapshotter.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if (.Values.controller.volumeModificationFeature).enabled }}
- name: volumemodifier
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.volumemodifier.image.repository .Values.sidecars.volumemodifier.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.volumemodifier.image.pullPolicy }}
args:
{{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.volumemodifier.additionalArgs)) }}
- --timeout=60s
{{- end }}
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.volumemodifier.logLevel }}
- --leader-election={{ .Values.sidecars.volumemodifier.leaderElection.enabled | required "leader election state for csi-volumemodifier is required, must be set to true || false." }}
{{- if .Values.sidecars.volumemodifier.leaderElection.enabled }}
{{- if .Values.sidecars.volumemodifier.leaderElection.leaseDuration }}
- --leader-election-lease-duration={{ .Values.sidecars.volumemodifier.leaderElection.leaseDuration }}
{{- end }}
{{- if .Values.sidecars.volumemodifier.leaderElection.renewDeadline}}
- --leader-election-renew-deadline={{ .Values.sidecars.volumemodifier.leaderElection.renewDeadline }}
{{- end }}
{{- if .Values.sidecars.volumemodifier.leaderElection.retryPeriod }}
- --leader-election-retry-period={{ .Values.sidecars.volumemodifier.leaderElection.retryPeriod }}
{{- end }}
{{- end }}
{{- range .Values.sidecars.volumemodifier.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.volumemodifier.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.volumemodifier.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.volumemodifier.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
- name: csi-resizer
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.resizer.image.pullPolicy }}
args:
{{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.resizer.additionalArgs)) }}
- --timeout=60s
{{- end }}
- --csi-address=$(ADDRESS)
- --v={{ .Values.sidecars.resizer.logLevel }}
- --handle-volume-inuse-error=false
{{- with .Values.sidecars.resizer.leaderElection }}
- --leader-election={{ .enabled | default true }}
{{- if .leaseDuration }}
- --leader-election-lease-duration={{ .leaseDuration }}
{{- end }}
{{- if .renewDeadline }}
- --leader-election-renew-deadline={{ .renewDeadline }}
{{- end }}
{{- if .retryPeriod }}
- --leader-election-retry-period={{ .retryPeriod }}
{{- end }}
{{- end }}
{{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-workers)" (join " " .Values.sidecars.resizer.additionalArgs)) }}
- --kube-api-qps=20
- --kube-api-burst=100
- --workers=100
{{- end }}
{{- if not (regexMatch "(-retry-interval-max)" (join " " .Values.sidecars.resizer.additionalArgs)) }}
- --retry-interval-max=30m
{{- end }}
{{- range .Values.sidecars.resizer.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
{{- if .Values.proxy.http_proxy }}
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.resizer.env }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- with default .Values.controller.resources .Values.sidecars.resizer.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.resizer.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: liveness-probe
image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
args:
- --csi-address=/csi/csi.sock
{{- range .Values.sidecars.livenessProbe.additionalArgs }}
- {{ . }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom:
{{- . | toYaml | nindent 12 }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /csi
{{- with default .Values.controller.resources .Values.sidecars.livenessProbe.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.sidecars.livenessProbe.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
volumes:
- name: socket-dir
{{- if .Values.controller.socketDirVolume }}
{{- toYaml .Values.controller.socketDirVolume | nindent 10 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml .Values.controller.dnsConfig | nindent 4 }}
{{- end }}

12
backing-services/aws-ebs-csi-driver/templates/csidriver.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: {{ ternary "storage.k8s.io/v1" "storage.k8s.io/v1beta1" (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.Version) }}
kind: CSIDriver
metadata:
name: ebs.csi.aws.com
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
spec:
attachRequired: true
podInfoOnMount: false
{{- if not .Values.useOldCSIDriver }}
fsGroupPolicy: File
{{- end }}

11
backing-services/aws-ebs-csi-driver/templates/ebs-csi-default-sc.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.defaultStorageClass.enabled }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ebs-csi-default-sc
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
{{- end }}

42
backing-services/aws-ebs-csi-driver/templates/metrics.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.controller.enableMetrics -}}
---
apiVersion: v1
kind: Service
metadata:
name: ebs-csi-controller
namespace: {{ .Release.Namespace }}
labels:
app: ebs-csi-controller
spec:
selector:
app: ebs-csi-controller
ports:
- name: metrics
port: 3301
targetPort: 3301
type: ClusterIP
---
{{- if or .Values.controller.serviceMonitor.forceEnable (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: ebs-csi-controller
namespace: {{ .Release.Namespace }}
labels:
app: ebs-csi-controller
{{- if .Values.controller.serviceMonitor.labels }}
{{- toYaml .Values.controller.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app: ebs-csi-controller
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- targetPort: 3301
path: /metrics
interval: {{ .Values.controller.serviceMonitor.interval | default "15s"}}
{{- end }}
{{- end }}

13
backing-services/aws-ebs-csi-driver/templates/node-windows.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{$defaultArgs := dict
"NodeName" "ebs-csi-node"
}}
{{- include "node-windows" (deepCopy $ | mustMerge $defaultArgs) -}}
{{- range $name, $values := .Values.additionalDaemonSets }}
{{$args := dict
"NodeName" (printf "ebs-csi-node-%s" $name)
"Values" (dict
"node" (deepCopy $.Values.node | mustMerge $values)
)
}}
{{- include "node-windows" (deepCopy $ | mustMerge $args) -}}
{{- end }}

46
backing-services/aws-ebs-csi-driver/templates/node.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{$defaultArgs := dict
"NodeName" "ebs-csi-node"
}}
{{- include "node" (deepCopy $ | mustMerge $defaultArgs) -}}
{{- range $name, $values := .Values.additionalDaemonSets }}
{{$args := dict
"NodeName" (printf "ebs-csi-node-%s" $name)
"Values" (dict
"node" (deepCopy $.Values.node | mustMerge $values)
)
}}
{{- include "node" (deepCopy $ | mustMerge $args) -}}
{{- end }}
{{- if .Values.a1CompatibilityDaemonSet }}
{{$args := dict
"NodeName" "ebs-csi-node-a1compat"
"Values" (dict
"image" (dict
"tag" (printf "%s-a1compat" (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)))
)
"node" (dict
"affinity" (dict
"nodeAffinity" (dict
"requiredDuringSchedulingIgnoredDuringExecution" (dict
"nodeSelectorTerms" (list
(dict "matchExpressions" (list
(dict
"key" "eks.amazonaws.com/compute-type"
"operator" "NotIn"
"values" (list "fargate")
)
(dict
"key" "node.kubernetes.io/instance-type"
"operator" "In"
"values" (list "a1.medium" "a1.large" "a1.xlarge" "a1.2xlarge" "a1.4xlarge")
)
))
)
)
)
)
)
)
}}
{{- include "node" (deepCopy $ | mustMerge $args) -}}
{{- end }}

17
backing-services/aws-ebs-csi-driver/templates/poddisruptionbudget-controller.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: ebs-csi-controller
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: ebs-csi-controller
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
{{- if le (.Values.controller.replicaCount | int) 2 }}
maxUnavailable: 1
{{- else }}
minAvailable: 2
{{- end }}

11
backing-services/aws-ebs-csi-driver/templates/role-leases.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: {{ .Release.Namespace }}
name: ebs-csi-leases-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]

15
backing-services/aws-ebs-csi-driver/templates/rolebinding-leases.yaml Normal file
View File

@@ -0,0 +1,15 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-leases-rolebinding
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: ebs-csi-leases-role
apiGroup: rbac.authorization.k8s.io

21
backing-services/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.controller.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.controller.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
{{- with .Values.controller.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if eq .Release.Name "kustomize" }}
#Enable if EKS IAM roles for service accounts (IRSA) is used. See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html for details.
#annotations:
# eks.amazonaws.com/role-arn: arn:<partition>:iam::<account>:role/ebs-csi-role
{{- end }}
{{- if .Values.controller.serviceAccount.automountServiceAccountToken }}
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
{{- end }}
{{- end -}}

16
backing-services/aws-ebs-csi-driver/templates/serviceaccount-csi-node.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.node.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.node.serviceAccount.name }}
namespace: {{ .Values.node.namespaceOverride | default .Release.Namespace }}
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
{{- with .Values.node.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.node.serviceAccount.automountServiceAccountToken }}
automountServiceAccountToken: {{ .Values.node.serviceAccount.automountServiceAccountToken }}
{{- end }}
{{- end -}}

15
backing-services/aws-ebs-csi-driver/templates/storageclass.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- range .Values.storageClasses }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .name }}
{{- with .annotations }}
annotations: {{- . | toYaml | trim | nindent 4 }}
{{- end }}
{{- with .labels }}
labels: {{- . | toYaml | trim | nindent 4 }}
{{- end }}
provisioner: ebs.csi.aws.com
{{ omit (dict "volumeBindingMode" "WaitForFirstConsumer" | merge .) "name" "annotations" "labels" | toYaml }}
{{- end }}

238
backing-services/aws-ebs-csi-driver/templates/tests/helm-tester.yaml Normal file
View File

@@ -0,0 +1,238 @@
{{- if .Values.helmTester.enabled -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ebs-csi-driver-test
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-driver-test
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
rules:
- apiGroups: [ "" ]
resources:
- events
- nodes
- pods
- replicationcontrollers
- serviceaccounts
- configmaps
- persistentvolumes
- persistentvolumeclaims
verbs: [ "list" ]
- apiGroups: [ "" ]
resources:
- services
- nodes
- nodes/proxy
- persistentvolumes
- persistentvolumeclaims
- pods
- pods/log
verbs: [ "get" ]
- apiGroups: [ "" ]
resources:
- namespaces
- persistentvolumes
- persistentvolumeclaims
- pods
- pods/exec
verbs: [ "create" ]
- apiGroups: [ "" ]
resources:
- namespaces
- persistentvolumes
- persistentvolumeclaims
- pods
verbs: [ "delete" ]
- apiGroups: [ "" ]
resources:
- persistentvolumeclaims
verbs: [ "update" ]
- apiGroups: [ "" ]
resources:
- pods/ephemeralcontainers
verbs: [ "patch" ]
- apiGroups: [ "" ]
resources:
- serviceaccounts
- configmaps
verbs: [ "watch" ]
- apiGroups: [ "apps" ]
resources:
- replicasets
- daemonsets
verbs: [ "list" ]
- apiGroups: [ "storage.k8s.io" ]
resources:
- storageclasses
verbs: [ "create" ]
- apiGroups: [ "storage.k8s.io" ]
resources:
- storageclasses
- csinodes
verbs: [ "get" ]
- apiGroups: [ "storage.k8s.io" ]
resources:
- storageclasses
verbs: [ "delete" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources:
- volumesnapshots
- volumesnapshotclasses
- volumesnapshotcontents
verbs: [ "create" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources:
- volumesnapshots
- volumesnapshotclasses
- volumesnapshotcontents
verbs: [ "get" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources:
- volumesnapshotcontents
verbs: [ "update" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources:
- volumesnapshots
- volumesnapshotclasses
- volumesnapshotcontents
verbs: [ "delete" ]
- apiGroups: [ "authorization.k8s.io" ]
resources:
- clusterroles
verbs: [ "list" ]
- apiGroups: [ "authorization.k8s.io" ]
resources:
- subjectaccessreviews
verbs: [ "create" ]
- apiGroups: [ "rbac.authorization.k8s.io" ]
resources:
- clusterroles
verbs: [ "list" ]
- apiGroups: [ "rbac.authorization.k8s.io" ]
resources:
- clusterrolebindings
verbs: [ "create" ]
- apiGroups: [ "apiextensions.k8s.io" ]
resources:
- customresourcedefinitions
verbs: [ "get" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-driver-test
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
subjects:
- kind: ServiceAccount
name: ebs-csi-driver-test
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-csi-driver-test
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
data:
manifests.yaml: |
ShortName: ebs
StorageClass:
FromFile: storageclass.yaml
SnapshotClass:
FromName: true
DriverInfo:
Name: ebs.csi.aws.com
SupportedSizeRange:
Min: 1Gi
Max: 16Ti
SupportedFsType:
xfs: {}
ext4: {}
SupportedMountOption:
dirsync: {}
TopologyKeys: ["topology.ebs.csi.aws.com/zone"]
Capabilities:
persistence: true
fsGroup: true
block: true
exec: true
snapshotDataSource: true
pvcDataSource: false
multipods: true
controllerExpansion: true
nodeExpansion: true
volumeLimits: true
topology: true
storageclass.yaml: |
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs.csi.aws.com
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
metadata:
name: ebs-csi-driver-test
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
---
apiVersion: v1
kind: Pod
metadata:
name: ebs-csi-driver-test
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
"ignore-check.kube-linter.io/run-as-non-root": "kubetest2 image runs as root"
"ignore-check.kube-linter.io/no-read-only-root-fs": "test pod requires privileged access"
spec:
containers:
- name: kubetest2
image: {{ .Values.helmTester.image }}
resources:
requests:
cpu: 2000m
memory: 4Gi
limits:
memory: 4Gi
command: [ "/bin/sh", "-c" ]
args:
- |
cp /etc/config/storageclass.yaml /workspace/storageclass.yaml
kubectl config set-cluster cluster --server=https://kubernetes.default --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-context kubetest2 --cluster=cluster
kubectl config set-credentials sa --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
kubectl config set-context kubetest2 --user=sa && kubectl config use-context kubetest2
export FOCUS_REGEX='\bebs.csi.aws.com\b.+(validate content|resize volume|offline PVC|AllowedTopologies|store data'
if kubectl get crd volumesnapshots.snapshot.storage.k8s.io; then
FOCUS_REGEX="${FOCUS_REGEX}|snapshot fields)"
else
FOCUS_REGEX="${FOCUS_REGEX})"
fi
export KUBE_VERSION=$(kubectl version --output json | jq -r '.serverVersion.major + "." + .serverVersion.minor')
kubetest2 noop --run-id='e2e-kubernetes' --test=ginkgo -- --test-package-version="$(curl -L https://dl.k8s.io/release/stable-${KUBE_VERSION}.txt)" --skip-regex='[Disruptive]|[Serial]' --focus-regex="$FOCUS_REGEX" --parallel=25 --test-args='-storage.testdriver=/etc/config/manifests.yaml'
volumeMounts:
- name: config-vol
mountPath: /etc/config
# kubekins-e2e v1 image is linux amd64 only.
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
serviceAccountName: ebs-csi-driver-test
volumes:
- name: config-vol
configMap:
name: ebs-csi-driver-test
restartPolicy: Never
{{- end }}

20
backing-services/aws-ebs-csi-driver/templates/volumesnapshotclass.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if or .Values.sidecars.snapshotter.forceEnable (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }}
{{- range .Values.volumeSnapshotClasses }}
---
kind: VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1
metadata:
name: {{ .name }}
{{- with .annotations }}
annotations: {{- . | toYaml | trim | nindent 4 }}
{{- end }}
{{- with .labels }}
labels: {{- . | toYaml | trim | nindent 4 }}
{{- end }}
driver: ebs.csi.aws.com
deletionPolicy: {{ .deletionPolicy }}
{{- with .parameters }}
parameters: {{- . | toYaml | trim | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

482
backing-services/aws-ebs-csi-driver/values.yaml Normal file
View File

@@ -0,0 +1,482 @@
# Default values for aws-ebs-csi-driver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver
# Overrides the image tag whose default is v{{ .Chart.AppVersion }}
tag: ""
pullPolicy: IfNotPresent
# -- Custom labels to add into metadata
customLabels: {}
# k8s-app: aws-ebs-csi-driver
sidecars:
provisioner:
env: []
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
tag: "v5.0.1-eks-1-30-8"
logLevel: 2
# Additional parameters provided by external-provisioner.
additionalArgs: []
# Grant additional permissions to external-provisioner
additionalClusterRoleRules:
resources: {}
# Tune leader lease election for csi-provisioner.
# Leader election is on by default.
leaderElection:
enabled: true
# Optional values to tune lease behavior.
# The arguments provided must be in an acceptable time.ParseDuration format.
# Ref: https://pkg.go.dev/flag#Duration
# leaseDuration: "15s"
# renewDeadline: "10s"
# retryPeriod: "5s"
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
attacher:
env: []
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher
tag: "v4.6.1-eks-1-30-8"
# Tune leader lease election for csi-attacher.
# Leader election is on by default.
leaderElection:
enabled: true
# Optional values to tune lease behavior.
# The arguments provided must be in an acceptable time.ParseDuration format.
# Ref: https://pkg.go.dev/flag#Duration
# leaseDuration: "15s"
# renewDeadline: "10s"
# retryPeriod: "5s"
logLevel: 2
# Additional parameters provided by external-attacher.
additionalArgs: []
# Grant additional permissions to external-attacher
additionalClusterRoleRules: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
snapshotter:
# Enables the snapshotter sidecar even if the snapshot CRDs are not installed
forceEnable: false
env: []
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter
tag: "v8.0.1-eks-1-30-8"
logLevel: 2
# Additional parameters provided by csi-snapshotter.
additionalArgs: []
# Grant additional permissions to csi-snapshotter
additionalClusterRoleRules: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
livenessProbe:
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
tag: "v2.13.0-eks-1-30-8"
# Additional parameters provided by livenessprobe.
additionalArgs: []
resources: {}
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
resizer:
env: []
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer
tag: "v1.11.1-eks-1-30-8"
# Tune leader lease election for csi-resizer.
# Leader election is on by default.
leaderElection:
enabled: true
# Optional values to tune lease behavior.
# The arguments provided must be in an acceptable time.ParseDuration format.
# Ref: https://pkg.go.dev/flag#Duration
# leaseDuration: "15s"
# renewDeadline: "10s"
# retryPeriod: "5s"
logLevel: 2
# Additional parameters provided by external-resizer.
additionalArgs: []
# Grant additional permissions to external-resizer
additionalClusterRoleRules: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
nodeDriverRegistrar:
env: []
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
tag: "v2.11.0-eks-1-30-8"
logLevel: 2
# Additional parameters provided by node-driver-registrar.
additionalArgs: []
resources: {}
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
livenessProbe:
exec:
command:
- /csi-node-driver-registrar
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
initialDelaySeconds: 30
periodSeconds: 90
timeoutSeconds: 15
volumemodifier:
env: []
image:
pullPolicy: IfNotPresent
repository: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s
tag: "v0.3.0"
leaderElection:
enabled: true
# Optional values to tune lease behavior.
# The arguments provided must be in an acceptable time.ParseDuration format.
# Ref: https://pkg.go.dev/flag#Duration
# leaseDuration: "15s"
# renewDeadline: "10s"
# retryPeriod: "5s"
logLevel: 2
# Additional parameters provided by volume-modifier-for-k8s.
additionalArgs: []
resources: {}
securityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
proxy:
http_proxy:
no_proxy:
imagePullSecrets: []
nameOverride:
fullnameOverride:
awsAccessSecret:
name: aws-secret
keyId: key_id
accessKey: access_key
controller:
batching: true
volumeModificationFeature:
enabled: false
# Additional parameters provided by aws-ebs-csi-driver controller.
additionalArgs: []
sdkDebugLog: false
loggingFormat: text
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- ebs-csi-controller
topologyKey: kubernetes.io/hostname
weight: 100
# The default filesystem type of the volume to provision when fstype is unspecified in the StorageClass.
# If the default is not set and fstype is unset in the StorageClass, then no fstype will be set
defaultFsType: ext4
env: []
# Use envFrom to reference ConfigMaps and Secrets across all containers in the deployment
envFrom: []
# If set, add pv/pvc metadata to plugin create requests as parameters.
extraCreateMetadata: true
# Extra volume tags to attach to each dynamically provisioned volume.
# ---
# extraVolumeTags:
# key1: value1
# key2: value2
extraVolumeTags: {}
httpEndpoint:
# (deprecated) The TCP network address where the prometheus metrics endpoint
# will run (example: `:8080` which corresponds to port 8080 on local host).
# The default is empty string, which means metrics endpoint is disabled.
# ---
enableMetrics: false
serviceMonitor:
# Enables the ServiceMonitor resource even if the prometheus-operator CRDs are not installed
forceEnable: false
# Additional labels for ServiceMonitor object
labels:
release: prometheus
interval: "15s"
# If set to true, AWS API call metrics will be exported to the following
# TCP endpoint: "0.0.0.0:3301"
# ---
# ID of the Kubernetes cluster used for tagging provisioned EBS volumes (optional).
k8sTagClusterId:
logLevel: 2
userAgentExtra: "helm"
nodeSelector: {}
deploymentAnnotations: {}
podAnnotations: {}
podLabels: {}
priorityClassName: system-cluster-critical
# AWS region to use. If not specified then the region will be looked up via the AWS EC2 metadata
# service.
# ---
# region: us-east-1
region:
replicaCount: 2
revisionHistoryLimit: 10
socketDirVolume:
emptyDir: {}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 0
# maxUnavailable: 1
resources:
requests:
cpu: 10m
memory: 40Mi
limits:
memory: 256Mi
serviceAccount:
# A service account will be created for you if set to true. Set to false if you want to use your own.
create: true
name: ebs-csi-controller-sa
annotations: {}
## Enable if EKS IAM for SA is used
# eks.amazonaws.com/role-arn: arn:<partition>:iam::<account>:role/ebs-csi-role
automountServiceAccountToken: true
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
tolerationSeconds: 300
# TSCs without the label selector stanza
#
# Example:
#
# topologySpreadConstraints:
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: ScheduleAnyway
# - maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: ScheduleAnyway
topologySpreadConstraints: []
# securityContext on the controller pod
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
# Add additional volume mounts on the controller with controller.volumes and controller.volumeMounts
volumes: []
# Add additional volumes to be mounted onto the controller:
# - name: custom-dir
# hostPath:
# path: /path/to/dir
# type: Directory
volumeMounts: []
# And add mount paths for those additional volumes:
# - name: custom-dir
# mountPath: /mount/path
# ---
# securityContext on the controller container (see sidecars for securityContext on sidecar containers)
containerSecurityContext:
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
initContainers: []
# containers to be run before the controller's container starts.
#
# Example:
#
# - name: wait
# image: busybox
# command: [ 'sh', '-c', "sleep 20" ]
# Enable opentelemetry tracing for the plugin running on the daemonset
otelTracing: {}
# otelServiceName: ebs-csi-controller
# otelExporterEndpoint: "http://localhost:4317"
# Enable dnsConfig for the controller and node pods
dnsConfig: {}
node:
env: []
envFrom: []
kubeletPath: /var/lib/kubelet
loggingFormat: text
logLevel: 2
priorityClassName:
additionalArgs: []
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
- key: node.kubernetes.io/instance-type
operator: NotIn
values:
- a1.medium
- a1.large
- a1.xlarge
- a1.2xlarge
- a1.4xlarge
nodeSelector: {}
daemonSetAnnotations: {}
podAnnotations: {}
podLabels: {}
terminationGracePeriodSeconds: 30
tolerateAllTaints: true
tolerations:
- operator: Exists
effect: NoExecute
tolerationSeconds: 300
resources:
requests:
cpu: 10m
memory: 40Mi
limits:
memory: 256Mi
revisionHistoryLimit: 10
probeDirVolume:
emptyDir: {}
serviceAccount:
create: true
name: ebs-csi-node-sa
annotations: {}
## Enable if EKS IAM for SA is used
# eks.amazonaws.com/role-arn: arn:<partition>:iam::<account>:role/ebs-csi-role
automountServiceAccountToken: true
# Enable the linux daemonset creation
enableLinux: true
enableWindows: false
# The number of attachment slots to reserve for system use (and not to be used for CSI volumes)
# When this parameter is not specified (or set to -1), the EBS CSI Driver will attempt to determine the number of reserved slots via heuristic
# Cannot be specified at the same time as `node.volumeAttachLimit`
reservedVolumeAttachments:
# The "maximum number of attachable volumes" per node
# Cannot be specified at the same time as `node.reservedVolumeAttachments`
volumeAttachLimit:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: "10%"
hostNetwork: false
# securityContext on the node pod
securityContext:
# The node pod must be run as root to bind to the registration/driver sockets
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
fsGroup: 0
# allows you to deploy aws-ebs-csi-node daemonset to separate namespace (make sure namespace exists before deploy)
namespaceOverride: ""
# Add additional volume mounts on the node pods with node.volumes and node.volumeMounts
volumes: []
# Add additional volumes to be mounted onto the node pods:
# - name: custom-dir
# hostPath:
# path: /path/to/dir
# type: Directory
volumeMounts: []
# And add mount paths for those additional volumes:
# - name: custom-dir
# mountPath: /mount/path
# ---
# securityContext on the node container (see sidecars for securityContext on sidecar containers)
# Privileged containers always run as `Unconfined`, which means that they are not restricted by a seccomp profile.
containerSecurityContext:
readOnlyRootFilesystem: true
privileged: true
# Enable opentelemetry tracing for the plugin running on the daemonset
otelTracing: {}
# otelServiceName: ebs-csi-node
# otelExporterEndpoint: "http://localhost:4317"
additionalDaemonSets:
# Additional node DaemonSets, using the node config structure
# See docs/additional-daemonsets.md for more information
#
# example:
# nodeSelector:
# node.kubernetes.io/instance-type: c5.large
# volumeAttachLimit: 15
# Enable compatibility for the A1 instance family via use of an AL2-based image in a separate DaemonSet
# a1CompatibilityDaemonSet: true
storageClasses: []
# Add StorageClass resources like:
# - name: ebs-sc
# # annotation metadata
# annotations:
# storageclass.kubernetes.io/is-default-class: "true"
# # label metadata
# labels:
# my-label-is: supercool
# # defaults to WaitForFirstConsumer
# volumeBindingMode: WaitForFirstConsumer
# # defaults to Delete
# reclaimPolicy: Retain
# parameters:
# encrypted: "true"
defaultStorageClass:
enabled: false
volumeSnapshotClasses: []
# Add VolumeSnapshotClass resources like:
# - name: ebs-vsc
# # annotation metadata
# annotations:
# snapshot.storage.kubernetes.io/is-default-class: "true"
# # label metadata
# labels:
# my-label-is: supercool
# # deletionPolicy must be specified
# deletionPolicy: Delete
# parameters:
# Use old CSIDriver without an fsGroupPolicy set
# Intended for use with older clusters that cannot easily replace the CSIDriver object
# This parameter should always be false for new installations
useOldCSIDriver: false
helmTester:
enabled: true
# Supply a custom image to the ebs-csi-driver-test pod in helm-tester.yaml
image: "gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240611-597c402033-master"