{{- /* Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} {{- if .Values.csiProvider.enabled }} apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "vault.csi-provider.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.csiProvider.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/part-of: vault app.kubernetes.io/component: csi-provider {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: {{- if .Values.csiProvider.updateStrategy }} updateStrategy: {{- toYaml .Values.csiProvider.updateStrategy | nindent 4 }} {{- end }} {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.csiProvider.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/part-of: vault app.kubernetes.io/component: csi-provider template: metadata: {{- if .Values.csiProvider.podAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.podAnnotations "context" $) | nindent 8 }} {{- end }} labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} app.kubernetes.io/part-of: vault app.kubernetes.io/component: csi-provider spec: serviceAccountName: {{ template "vault.csi-provider.serviceAccountName" . }} {{- include "vault.imagePullSecrets" . | nindent 6 }} {{- if .Values.csiProvider.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.csiProvider.affinity }} affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.csiProvider.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.csiProvider.podAffinityPreset "component" "csi-provider" "customLabels" $podLabels "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.csiProvider.podAntiAffinityPreset "component" "csi-provider" "customLabels" $podLabels "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.csiProvider.nodeAffinityPreset.type "key" .Values.csiProvider.nodeAffinityPreset.key "values" .Values.csiProvider.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.csiProvider.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.csiProvider.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.csiProvider.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.tolerations "context" .) | nindent 8 }} {{- end }} {{- if .Values.csiProvider.priorityClassName }} priorityClassName: {{ .Values.csiProvider.priorityClassName | quote }} {{- end }} {{- if .Values.csiProvider.schedulerName }} schedulerName: {{ .Values.csiProvider.schedulerName | quote }} {{- end }} {{- if .Values.csiProvider.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if .Values.csiProvider.podSecurityContext.enabled }} securityContext: {{- omit .Values.csiProvider.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.csiProvider.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.csiProvider.terminationGracePeriodSeconds }} {{- end }} initContainers: {{- if .Values.csiProvider.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.initContainers "context" $) | nindent 8 }} {{- end }} containers: - name: csi-provider image: {{ template "vault.csi-provider.image" . }} imagePullPolicy: {{ .Values.csiProvider.image.pullPolicy }} {{- if .Values.csiProvider.provider.containerSecurityContext.enabled }} securityContext: {{- omit .Values.csiProvider.provider.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if .Values.csiProvider.provider.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if .Values.csiProvider.provider.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.args "context" $) | nindent 12 }} {{- else }} args: - --endpoint=/provider/vault.sock - --hmac-secret-name={{ printf "%s-hmac-key" (include "vault.csi-provider.fullname" .) }} - --debug={{ .Values.csiProvider.image.debug }} {{- end }} env: - name: VAULT_ADDR value: "unix:///var/run/vault/agent.sock" {{- if .Values.csiProvider.provider.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.extraEnvVars "context" $) | nindent 12 }} {{- end }} envFrom: {{- if .Values.csiProvider.provider.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.csiProvider.provider.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.extraEnvVarsSecret "context" $) }} {{- end }} {{- if .Values.csiProvider.provider.resources }} resources: {{- toYaml .Values.csiProvider.provider.resources | nindent 12 }} {{- end }} ports: - name: http-health containerPort: {{ .Values.csiProvider.provider.containerPorts.health }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.csiProvider.provider.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.csiProvider.provider.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.csiProvider.provider.livenessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /health/ready port: http-health {{- end }} {{- if .Values.csiProvider.provider.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.csiProvider.provider.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.csiProvider.provider.readinessProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /health/ready port: http-health {{- end }} {{- if .Values.csiProvider.provider.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.csiProvider.provider.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.csiProvider.provider.startupProbe "enabled") "context" $) | nindent 12 }} httpGet: path: /health/ready port: http-health {{- end }} {{- end }} {{- if .Values.csiProvider.provider.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: providervol mountPath: "/provider" - name: agent-unix-socket mountPath: /var/run/vault {{- if .Values.csiProvider.provider.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.provider.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} - name: agent image: {{ template "vault.csi-provider.image" . }} imagePullPolicy: {{ .Values.csiProvider.image.pullPolicy }} {{- if .Values.csiProvider.agent.containerSecurityContext.enabled }} securityContext: {{- omit .Values.csiProvider.agent.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if .Values.csiProvider.agent.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if .Values.csiProvider.agent.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.args "context" $) | nindent 12 }} {{- else }} args: - agent - -config=/bitnami/vault/conf/config.hcl {{- if .Values.csiProvider.image.debug }} - -log-level=debug {{- end }} {{- end }} env: {{- if .Values.csiProvider.agent.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.extraEnvVars "context" $) | nindent 12 }} {{- end }} envFrom: {{- if .Values.csiProvider.agent.extraEnvVarsCM }} - configMapRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.extraEnvVarsCM "context" $) }} {{- end }} {{- if .Values.csiProvider.agent.extraEnvVarsSecret }} - secretRef: name: {{ include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.extraEnvVarsSecret "context" $) }} {{- end }} {{- if .Values.csiProvider.agent.resources }} resources: {{- toYaml .Values.csiProvider.agent.resources | nindent 12 }} {{- end }} ports: - name: tcp containerPort: {{ .Values.csiProvider.agent.containerPorts.tcp }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.csiProvider.agent.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.csiProvider.agent.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.csiProvider.agent.livenessProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: tcp {{- end }} {{- if .Values.csiProvider.agent.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.csiProvider.agent.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.csiProvider.agent.readinessProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: tcp {{- end }} {{- if .Values.csiProvider.agent.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.csiProvider.agent.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.csiProvider.agent.startupProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: tcp {{- end }} {{- end }} {{- if .Values.csiProvider.agent.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: - name: config mountPath: /bitnami/vault/config - name: agent-unix-socket mountPath: /var/run/vault {{- if .Values.csiProvider.agent.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.agent.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.csiProvider.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.csiProvider.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - name: providervol hostPath: path: {{ .Values.csiProvider.secretStoreHostPath }} - name: config configMap: name: {{ include "vault.csi-provider.configmapName" . }} - name: agent-unix-socket emptyDir: medium: Memory - name: tmp emptyDir: {} {{- if .Values.csiProvider.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.csiProvider.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- end }}