# DO NOT EDIT: generated by 'kustomize build' apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-controller-sa namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-dashboard-sa namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-node-sa namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-dashboard-role rules: - apiGroups: - "" resources: - pods - persistentvolumes - persistentvolumeclaims - persistentvolumeclaims/status - nodes verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - get - list - watch - create - update - patch - apiGroups: - "" resources: - pods/log verbs: - get - apiGroups: - batch resources: - jobs verbs: - get - list - watch - apiGroups: - "" resources: - nodes/proxy verbs: - '*' - apiGroups: - "" resources: - persistentvolumes verbs: - get - list - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - watch - list - delete - update - create - apiGroups: - "" resources: - configmaps verbs: - get - watch - list - delete - update - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-external-node-service-role rules: - apiGroups: - "" resources: - pods verbs: - get - list - create - update - delete - patch - watch - apiGroups: - "" resources: - pods/log verbs: - get - apiGroups: - "" resources: - secrets verbs: - get - create - update - delete - patch - apiGroups: - batch resources: - jobs verbs: - get - create - update - delete - patch - apiGroups: - "" resources: - nodes verbs: - get - list - apiGroups: - "" resources: - nodes/proxy verbs: - '*' - apiGroups: - "" resources: - persistentvolumes - persistentvolumeclaims verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-external-provisioner-role rules: - apiGroups: - "" resources: - persistentvolumes verbs: - get - list - watch - create - delete - patch - apiGroups: - "" resources: - persistentvolumeclaims - persistentvolumeclaims/status verbs: - get - list - watch - update - patch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - list - watch - create - update - patch - apiGroups: - storage.k8s.io resources: - csinodes verbs: - get - list - watch - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - secrets verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - pods - pods/log verbs: - get - list - watch - create - update - patch - delete - apiGroups: - batch resources: - jobs verbs: - get - create - update - patch - delete - list - watch - apiGroups: - "" resources: - endpoints verbs: - get - list - watch - create - update - patch - apiGroups: - apps resources: - daemonsets verbs: - get - list - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - watch - list - delete - update - create - apiGroups: - "" resources: - configmaps verbs: - get - watch - list - delete - update - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-dashboard-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: juicefs-csi-dashboard-role subjects: - kind: ServiceAccount name: juicefs-csi-dashboard-sa namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-node-service-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: juicefs-csi-external-node-service-role subjects: - kind: ServiceAccount name: juicefs-csi-node-sa namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: juicefs-external-provisioner-role subjects: - kind: ServiceAccount name: juicefs-csi-controller-sa namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: dashboard app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-dashboard namespace: kube-system spec: ports: - name: http port: 8088 protocol: TCP targetPort: 8088 selector: app: juicefs-csi-dashboard app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: dashboard app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-dashboard namespace: kube-system spec: replicas: 1 selector: matchLabels: app: juicefs-csi-dashboard app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master template: metadata: labels: app: juicefs-csi-dashboard app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master spec: containers: - args: - --static-dir=/dist env: - name: SYS_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: juicedata/csi-dashboard:v0.23.6 name: dashboard ports: - containerPort: 8088 resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 100m memory: 200Mi serviceAccountName: juicefs-csi-dashboard-sa tolerations: - key: CriticalAddonsOnly operator: Exists --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-controller namespace: kube-system spec: replicas: 2 selector: matchLabels: app: juicefs-csi-controller app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master serviceName: juicefs-csi-controller template: metadata: labels: app: juicefs-csi-controller app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master spec: containers: - args: - --endpoint=$(CSI_ENDPOINT) - --logtostderr - --nodeid=$(NODE_NAME) - --leader-election - --v=5 env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: JUICEFS_MOUNT_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: JUICEFS_MOUNT_PATH value: /var/lib/juicefs/volume - name: JUICEFS_CONFIG_PATH value: /var/lib/juicefs/config image: juicedata/juicefs-csi-driver:v0.23.6 livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 name: juicefs-plugin ports: - containerPort: 9909 name: healthz protocol: TCP resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 100m memory: 512Mi securityContext: capabilities: add: - SYS_ADMIN privileged: true volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir - mountPath: /jfs mountPropagation: Bidirectional name: jfs-dir - mountPath: /root/.juicefs mountPropagation: Bidirectional name: jfs-root-dir - args: - --csi-address=$(ADDRESS) - --timeout=60s - --leader-election - --v=5 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock image: registry.k8s.io/sig-storage/csi-provisioner:v2.2.2 name: csi-provisioner volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir - args: - --csi-address=$(ADDRESS) - --leader-election - --v=2 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock image: registry.k8s.io/sig-storage/csi-resizer:v1.9.0 name: csi-resizer volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir - args: - --csi-address=$(ADDRESS) - --health-port=$(HEALTH_PORT) env: - name: ADDRESS value: /csi/csi.sock - name: HEALTH_PORT value: "9909" image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir priorityClassName: system-cluster-critical serviceAccount: juicefs-csi-controller-sa tolerations: - key: CriticalAddonsOnly operator: Exists volumes: - emptyDir: {} name: socket-dir - hostPath: path: /var/lib/juicefs/volume type: DirectoryOrCreate name: jfs-dir - hostPath: path: /var/lib/juicefs/config type: DirectoryOrCreate name: jfs-root-dir volumeClaimTemplates: [] --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: app.kubernetes.io/component: node app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: juicefs-csi-node namespace: kube-system spec: selector: matchLabels: app: juicefs-csi-node app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master template: metadata: labels: app: juicefs-csi-node app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master spec: containers: - args: - --endpoint=$(CSI_ENDPOINT) - --logtostderr - --nodeid=$(NODE_NAME) - --v=5 - --enable-manager=true env: - name: CSI_ENDPOINT value: unix:/csi/csi.sock - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: JUICEFS_MOUNT_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: HOST_IP valueFrom: fieldRef: fieldPath: status.hostIP - name: KUBELET_PORT value: "10250" - name: JUICEFS_MOUNT_PATH value: /var/lib/juicefs/volume - name: JUICEFS_CONFIG_PATH value: /var/lib/juicefs/config image: juicedata/juicefs-csi-driver:v0.23.6 lifecycle: preStop: exec: command: - /bin/sh - -c - rm /csi/csi.sock livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 name: juicefs-plugin ports: - containerPort: 9909 name: healthz protocol: TCP resources: limits: cpu: 1000m memory: 1Gi requests: cpu: 100m memory: 512Mi securityContext: privileged: true volumeMounts: - mountPath: /var/lib/kubelet mountPropagation: Bidirectional name: kubelet-dir - mountPath: /csi name: plugin-dir - mountPath: /dev name: device-dir - mountPath: /jfs mountPropagation: Bidirectional name: jfs-dir - mountPath: /root/.juicefs mountPropagation: Bidirectional name: jfs-root-dir - args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=5 env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/csi-plugins/csi.juicefs.com/csi.sock image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0 name: node-driver-registrar volumeMounts: - mountPath: /csi name: plugin-dir - mountPath: /registration name: registration-dir - args: - --csi-address=$(ADDRESS) - --health-port=$(HEALTH_PORT) env: - name: ADDRESS value: /csi/csi.sock - name: HEALTH_PORT value: "9909" image: registry.k8s.io/sig-storage/livenessprobe:v2.11.0 name: liveness-probe volumeMounts: - mountPath: /csi name: plugin-dir dnsPolicy: ClusterFirstWithHostNet priorityClassName: system-node-critical serviceAccount: juicefs-csi-node-sa tolerations: - key: CriticalAddonsOnly operator: Exists volumes: - hostPath: path: /var/lib/kubelet type: Directory name: kubelet-dir - hostPath: path: /var/lib/kubelet/csi-plugins/csi.juicefs.com/ type: DirectoryOrCreate name: plugin-dir - hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory name: registration-dir - hostPath: path: /dev type: Directory name: device-dir - hostPath: path: /var/lib/juicefs/volume type: DirectoryOrCreate name: jfs-dir - hostPath: path: /var/lib/juicefs/config type: DirectoryOrCreate name: jfs-root-dir --- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: labels: app.kubernetes.io/instance: juicefs-csi-driver app.kubernetes.io/name: juicefs-csi-driver app.kubernetes.io/version: master name: csi.juicefs.com spec: attachRequired: false podInfoOnMount: true