apiVersion: v1 kind: Template metadata: name: "local-storage-provisioner" objects: # $SERVICE_ACCOUNT must be able to manipulate with PVs - apiVersion: v1 kind: ClusterRoleBinding metadata: name: local-storage:provisioner-pv-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:persistent-volume-provisioner subjects: - kind: ServiceAccount name: ${SERVICE_ACCOUNT} namespace: ${NAMESPACE} # $SERVICE_ACCOUNT must be able to list nodes - apiVersion: v1 kind: ClusterRoleBinding metadata: name: local-storage:provisioner-node-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:node subjects: - kind: ServiceAccount name: ${SERVICE_ACCOUNT} namespace: ${NAMESPACE} # DaemonSet with provisioners - apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: local-volume-provisioner spec: template: metadata: labels: app: local-volume-provisioner spec: containers: - env: - name: MY_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: MY_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: VOLUME_CONFIG_NAME value: ${CONFIGMAP} image: quay.io/external_storage/local-volume-provisioner:v1.0.1 name: provisioner securityContext: runAsUser: 0 volumeMounts: - mountPath: /mnt/local-storage name: local-storage serviceAccountName: "${SERVICE_ACCOUNT}" volumes: - hostPath: path: /mnt/local-storage name: local-storage parameters: - name: SERVICE_ACCOUNT description: Name of service account that is able to run pods as root and use HostPath volumes. required: true value: local-storage-admin - name: NAMESPACE description: Name of namespace where local provisioners run required: true value: local-storage - name: CONFIGMAP description: Name of ConfigMap with local provisioner configuration. required: true value: local-storage-admin