apiVersion: v1
kind: ServiceAccount
metadata:
  name: nfs-provisioner
---
kind: Pod
apiVersion: v1
metadata:
  name: nfs-provisioner
spec:
  serviceAccount: nfs-provisioner
  containers:
    - name: nfs-provisioner
      image: quay.io/kubernetes_incubator/nfs-provisioner:latest
      ports:
        - name: nfs
          containerPort: 2049
        - name: nfs-udp
          containerPort: 2049
          protocol: UDP
        - name: nlockmgr
          containerPort: 32803
        - name: nlockmgr-udp
          containerPort: 32803
          protocol: UDP
        - name: mountd
          containerPort: 20048
        - name: mountd-udp
          containerPort: 20048
          protocol: UDP
        - name: rquotad
          containerPort: 875
        - name: rquotad-udp
          containerPort: 875
          protocol: UDP
        - name: rpcbind
          containerPort: 111
        - name: rpcbind-udp
          containerPort: 111
          protocol: UDP
        - name: statd
          containerPort: 662
        - name: statd-udp
          containerPort: 662
          protocol: UDP
      securityContext:
        capabilities:
          add:
            - DAC_READ_SEARCH
      args:
        - "-provisioner=example.com/nfs"
        - "-grace-period=0"
      env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
      imagePullPolicy: "IfNotPresent"
      volumeMounts:
        - name: export-volume
          mountPath: /export
  volumes:
    - name: export-volume
      emptyDir: {}