--- kind: Deployment apiVersion: apps/v1 metadata: name: csi-nfs-controller namespace: kube-system spec: replicas: 2 selector: matchLabels: app: csi-nfs-controller template: metadata: labels: app: csi-nfs-controller spec: serviceAccountName: csi-nfs-controller-sa nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical tolerations: - key: "node-role.kubernetes.io/master" operator: "Equal" value: "true" effect: "NoSchedule" containers: - name: csi-provisioner image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v1.4.0 args: - "-v=5" - "--csi-address=$(ADDRESS)" - "--enable-leader-election" - "--leader-election-type=leases" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - mountPath: /csi name: socket-dir resources: limits: cpu: 100m memory: 100Mi requests: cpu: 10m memory: 20Mi - name: liveness-probe image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.0.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - --health-port=29642 - --v=5 volumeMounts: - name: socket-dir mountPath: /csi resources: limits: cpu: 100m memory: 100Mi requests: cpu: 10m memory: 20Mi - name: nfs image: quay.io/k8scsi/nfsplugin:v2.0.0 securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true imagePullPolicy: IfNotPresent args: - "-v=5" - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock volumeMounts: - name: plugin-dir mountPath: /plugin - name: pods-mount-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" - mountPath: /csi name: socket-dir resources: limits: cpu: 200m memory: 200Mi requests: cpu: 10m memory: 20Mi volumes: - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/csi-nfsplugin type: DirectoryOrCreate - name: pods-mount-dir hostPath: path: /var/lib/kubelet/pods type: Directory - name: socket-dir emptyDir: {}