Skip to content

Commit 12b4204

Browse files
hrakhrak
committed
Enable leader election, livenessprobe etc.
1 parent 9519206 commit 12b4204

File tree

2 files changed

+75
-6
lines changed

2 files changed

+75
-6
lines changed

deploy/k8s/controller-deployment.yaml

Lines changed: 48 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ metadata:
44
name: cloudstack-csi-controller
55
namespace: kube-system
66
spec:
7-
replicas: 1
7+
replicas: 3
88
strategy:
99
type: RollingUpdate
1010
rollingUpdate:
@@ -40,19 +40,44 @@ spec:
4040
env:
4141
- name: CSI_ENDPOINT
4242
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
43+
securityContext:
44+
runAsNonRoot: true
45+
runAsUser: 65532
46+
runAsGroup: 65532
4347
volumeMounts:
4448
- name: socket-dir
4549
mountPath: /var/lib/csi/sockets/pluginproxy/
4650
- name: cloudstack-conf
4751
mountPath: /etc/cloudstack-csi-driver
52+
ports:
53+
- name: healthz
54+
containerPort: 9808
55+
protocol: TCP
56+
livenessProbe:
57+
httpGet:
58+
path: /healthz
59+
port: healthz
60+
initialDelaySeconds: 30
61+
timeoutSeconds: 10
62+
periodSeconds: 180
63+
failureThreshold: 3
4864

4965
- name: external-provisioner
50-
image: registry.k8s.io/sig-storage/csi-provisioner:v3.3.1
66+
image: registry.k8s.io/sig-storage/csi-provisioner:v3.5.0
5167
imagePullPolicy: IfNotPresent
5268
args:
69+
- "--v=4"
70+
- "--timeout=300s"
5371
- "--csi-address=$(ADDRESS)"
54-
- "--v=5"
72+
- "--kube-api-qps=100"
73+
- "--kube-api-burst=100"
74+
- "--leader-election"
75+
- "--leader-election-lease-duration=120s"
76+
- "--leader-election-renew-deadline=60s"
77+
- "--leader-election-retry-period=30s"
78+
- "--default-fstype=ext4"
5579
- "--feature-gates=Topology=true"
80+
- "--strict-topology"
5681
env:
5782
- name: ADDRESS
5883
value: /var/lib/csi/sockets/pluginproxy/csi.sock
@@ -64,8 +89,27 @@ spec:
6489
image: registry.k8s.io/sig-storage/csi-attacher:v4.3.0
6590
imagePullPolicy: IfNotPresent
6691
args:
92+
- "--v=4"
93+
- "--timeout=300s"
94+
- "--csi-address=$(ADDRESS)"
95+
- "--leader-election"
96+
- "--leader-election-lease-duration=120s"
97+
- "--leader-election-renew-deadline=60s"
98+
- "--leader-election-retry-period=30s"
99+
- "--kube-api-qps=100"
100+
- "--kube-api-burst=100"
101+
env:
102+
- name: ADDRESS
103+
value: /var/lib/csi/sockets/pluginproxy/csi.sock
104+
volumeMounts:
105+
- name: socket-dir
106+
mountPath: /var/lib/csi/sockets/pluginproxy/
107+
108+
- name: liveness-probe
109+
image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
110+
args:
111+
- "--v=4"
67112
- "--csi-address=$(ADDRESS)"
68-
- "--v=5"
69113
env:
70114
- name: ADDRESS
71115
value: /var/lib/csi/sockets/pluginproxy/csi.sock

deploy/k8s/node-daemonset.yaml

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,9 @@ spec:
4141
fieldPath: spec.nodeName
4242
securityContext:
4343
privileged: true
44+
capabilities:
45+
add: ["SYS_ADMIN"]
46+
allowPrivilegeEscalation: true
4447
volumeMounts:
4548
- name: plugin-dir
4649
mountPath: /csi
@@ -55,6 +58,30 @@ spec:
5558
mountPath: /run/cloud-init/
5659
- name: cloudstack-conf
5760
mountPath: /etc/cloudstack-csi-driver
61+
ports:
62+
- name: healthz
63+
containerPort: 9808
64+
protocol: TCP
65+
livenessProbe:
66+
httpGet:
67+
path: /healthz
68+
port: healthz
69+
initialDelaySeconds: 10
70+
timeoutSeconds: 5
71+
periodSeconds: 5
72+
failureThreshold: 3
73+
74+
- name: liveness-probe
75+
image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
76+
args:
77+
- "--v=4"
78+
- "--csi-address=$(ADDRESS)"
79+
env:
80+
- name: ADDRESS
81+
value: /csi/csi.sock
82+
volumeMounts:
83+
- name: plugin-dir
84+
mountPath: /csi
5885

5986
- name: node-driver-registrar
6087
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0
@@ -68,8 +95,6 @@ spec:
6895
value: /csi/csi.sock
6996
- name: DRIVER_REG_SOCK_PATH
7097
value: /var/lib/kubelet/plugins/csi.cloudstack.apache.org/csi.sock
71-
securityContext:
72-
privileged: true
7398
volumeMounts:
7499
- name: plugin-dir
75100
mountPath: /csi

0 commit comments

Comments
 (0)