kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-secrets-store namespace: kube-system spec: selector: matchLabels: app: csi-secrets-store template: metadata: labels: app: csi-secrets-store annotations: kubectl.kubernetes.io/default-container: secrets-store spec: serviceAccountName: secrets-store-csi-driver containers: - name: node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1 args: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-secrets-store/csi.sock imagePullPolicy: IfNotPresent volumeMounts: - name: plugin-dir mountPath: /csi - name: registration-dir mountPath: /registration resources: limits: cpu: 100m memory: 100Mi requests: cpu: 10m memory: 20Mi - name: secrets-store image: registry.k8s.io/csi-secrets-store/driver:v1.4.8 args: - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - "--provider-volume=/var/run/secrets-store-csi-providers" - "--additional-provider-volume-paths=/etc/kubernetes/secrets-store-csi-providers" - "--metrics-addr=:8095" - "--enable-secret-rotation=false" - "--rotation-poll-interval=2m" - "--provider-health-check=false" - "--provider-health-check-interval=2m" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName imagePullPolicy: IfNotPresent securityContext: privileged: true ports: - containerPort: 9808 name: healthz protocol: TCP - containerPort: 8095 name: metrics protocol: TCP livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: healthz initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 15 volumeMounts: - name: plugin-dir mountPath: /csi - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: Bidirectional - name: providers-dir mountPath: /etc/kubernetes/secrets-store-csi-providers - name: providers-dir-0 mountPath: /var/run/secrets-store-csi-providers resources: limits: cpu: 200m memory: 200Mi requests: cpu: 50m memory: 100Mi - name: liveness-probe image: registry.k8s.io/sig-storage/livenessprobe:v2.13.1 imagePullPolicy: IfNotPresent args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - --http-endpoint=0.0.0.0:9808 - -v=2 volumeMounts: - name: plugin-dir mountPath: /csi resources: limits: cpu: 100m memory: 100Mi requests: cpu: 10m memory: 20Mi volumes: - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: Directory - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/csi-secrets-store/ type: DirectoryOrCreate - name: providers-dir hostPath: path: /etc/kubernetes/secrets-store-csi-providers type: DirectoryOrCreate - name: providers-dir-0 hostPath: path: /var/run/secrets-store-csi-providers type: DirectoryOrCreate tolerations: - operator: Exists nodeSelector: kubernetes.io/os: linux