Add proxmox-csi plugin

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
2026-02-05 00:15:51 +00:00 · 2024-04-30 13:02:58 +02:00
42 changed files with 1781 additions and 0 deletions
--- a/packages/system/proxmox-csi/Chart.yaml
+++ b/packages/system/proxmox-csi/Chart.yaml
@@ -0,0 +1,2 @@
 name: app
 version: 0.0.0
--- a/packages/system/proxmox-csi/Makefile
+++ b/packages/system/proxmox-csi/Makefile
@@ -0,0 +1,13 @@
 include ../../hack/app-helm.mk
 update:
 	rm -rf charts
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/sergelogvinov/proxmox-cloud-controller-manager | awk -F'[/^]' 'END{print $$3}') && \
 	curl -sSL https://github.com/sergelogvinov/proxmox-cloud-controller-manager/archive/refs/tags/$${tag}.tar.gz | \
 	tar xzvf - --strip 1 proxmox-cloud-controller-manager-$${tag#*v}/charts
 	sed -i 's/^  namespace: .*/  namespace: kube-system/' charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/sergelogvinov/proxmox-csi-plugin | awk -F'[/^]' 'END{print $$3}') && \
 	curl -sSL https://github.com/sergelogvinov/proxmox-csi-plugin/archive/refs/tags/$${tag}.tar.gz | \
 	tar xzvf - --strip 1 proxmox-csi-plugin-$${tag#*v}/charts
 	rm -f charts/proxmox-csi-plugin/templates/namespace.yaml
 	patch -p 3 < patches/namespace.patch
--- a/packages/system/proxmox-csi/README.md
+++ b/packages/system/proxmox-csi/README.md
@@ -0,0 +1,6 @@
 # Proxmox CSI Plugin
 Plugin that provides CSI interface for Proxmox
 - GitHub: https://github.com/sergelogvinov/proxmox-csi-plugin
 - Telegram: https://t.me/ru_talos
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/.helmignore
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml
@@ -0,0 +1,24 @@
 apiVersion: v2
 name: proxmox-cloud-controller-manager
 description: A Helm chart for Kubernetes
 type: application
 home: https://github.com/sergelogvinov/proxmox-cloud-controller-manager
 icon: https://proxmox.com/templates/yoo_nano2/favicon.ico
 sources:
 - https://github.com/sergelogvinov/proxmox-cloud-controller-manager
 keywords:
 - ccm
 maintainers:
 - name: sergelogvinov
  url: https://github.com/sergelogvinov
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.6
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: v0.2.0
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md
@@ -0,0 +1,81 @@
 # proxmox-cloud-controller-manager
 ![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
 A Helm chart for Kubernetes
 **Homepage:** <https://github.com/sergelogvinov/proxmox-cloud-controller-manager>
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | sergelogvinov |  | <https://github.com/sergelogvinov> |
 ## Source Code
 * <https://github.com/sergelogvinov/proxmox-cloud-controller-manager>
 Example:
 ```yaml
 # proxmox-ccm.yaml
 config:
  clusters:
    - url: https://cluster-api-1.exmple.com:8006/api2/json
      insecure: false
      token_id: "kubernetes@pve!csi"
      token_secret: "key"
      region: cluster-1
 enabledControllers:
  # Remove `cloud-node` if you use it with Talos CCM
  - cloud-node
  - cloud-node-lifecycle
 # Deploy CCM only on control-plane nodes
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 ```
 Deploy chart:
 ```shell
 helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
 		proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager
 ```
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | replicaCount | int | `1` |  |
 | image.repository | string | `"ghcr.io/sergelogvinov/proxmox-cloud-controller-manager"` | Proxmox CCM image. |
 | image.pullPolicy | string | `"IfNotPresent"` | Always or IfNotPresent |
 | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | fullnameOverride | string | `""` |  |
 | extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager |
 | enabledControllers | list | `["cloud-node","cloud-node-lifecycle"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node,cloud-node-lifecycle` controllers. |
 | logVerbosityLevel | int | `2` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. |
 | existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. |
 | existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. |
 | config | object | `{"clusters":[]}` | Proxmox cluster config. |
 | serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
 | priorityClassName | string | `"system-cluster-critical"` | CCM pods' priorityClassName. |
 | podAnnotations | object | `{}` | Annotations for data pods. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | podSecurityContext | object | `{"fsGroup":10258,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":10258,"runAsNonRoot":true,"runAsUser":10258}` | Pods Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}}` | Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
 | nodeSelector | object | `{}` | Node labels for data pods assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
 | affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl
@@ -0,0 +1,52 @@
 {{ template "chart.header" . }}
 {{ template "chart.deprecationWarning" . }}
 {{ template "chart.badgesSection" . }}
 {{ template "chart.description" . }}
 {{ template "chart.homepageLine" . }}
 {{ template "chart.maintainersSection" . }}
 {{ template "chart.sourcesSection" . }}
 {{ template "chart.requirementsSection" . }}
 Example:
 ```yaml
 # proxmox-ccm.yaml
 config:
  clusters:
    - url: https://cluster-api-1.exmple.com:8006/api2/json
      insecure: false
      token_id: "kubernetes@pve!csi"
      token_secret: "key"
      region: cluster-1
 enabledControllers:
  # Remove `cloud-node` if you use it with Talos CCM
  - cloud-node
  - cloud-node-lifecycle
 # Deploy CCM only on control-plane nodes
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 ```
 Deploy chart:
 ```shell
 helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
 		proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager
 ```
 {{ template "chart.valuesSection" . }}
 {{ template "helm-docs.versionFooter" . }}
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml
@@ -0,0 +1,27 @@
 image:
  repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager
  pullPolicy: Always
  tag: edge
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 logVerbosityLevel: 4
 enabledControllers:
  - cloud-node
  - cloud-node-lifecycle
 config:
  clusters:
    - url: https://cluster-api-1.exmple.com:8006/api2/json
      insecure: false
      token_id: "user!token-id"
      token_secret: "secret"
      region: cluster-1
    - url: https://cluster-api-2.exmple.com:8006/api2/json
      insecure: false
      token_id: "user!token-id"
      token_secret: "secret"
      region: cluster-2
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/NOTES.txt
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/NOTES.txt
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl
@@ -0,0 +1,69 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "proxmox-cloud-controller-manager.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "proxmox-cloud-controller-manager.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "proxmox-cloud-controller-manager.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "proxmox-cloud-controller-manager.labels" -}}
 helm.sh/chart: {{ include "proxmox-cloud-controller-manager.chart" . }}
 {{ include "proxmox-cloud-controller-manager.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "proxmox-cloud-controller-manager.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "proxmox-cloud-controller-manager.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "proxmox-cloud-controller-manager.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "proxmox-cloud-controller-manager.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
 {{/*
 Generate string of enabled controllers. Might have a trailing comma (,) which needs to be trimmed.
 */}}
 {{- define "proxmox-cloud-controller-manager.enabledControllers" }}
 {{- range .Values.enabledControllers -}}{{ . }},{{- end -}}
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml
@@ -0,0 +1,102 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
  labels:
    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
  namespace: {{ .Release.Namespace }}
 spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: {{ .Values.updateStrategy.type }}
  selector:
    matchLabels:
      {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
      {{- if .Values.config }}
        checksum/config: {{ toJson .Values.config | sha256sum }}
      {{- end }}
      {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 8 }}
    spec:
      enableServiceLinks: false
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args:
            - --v={{ .Values.logVerbosityLevel }}
            - --cloud-provider=proxmox
            - --cloud-config=/etc/proxmox/config.yaml
            - --controllers={{- trimAll "," (include "proxmox-cloud-controller-manager.enabledControllers" . ) }}
            - --leader-elect-resource-name=cloud-controller-manager-proxmox
            - --use-service-account-credentials
            - --secure-port=10258
          {{- with .Values.extraArgs }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: 10258
              scheme: HTTPS
            initialDelaySeconds: 20
            periodSeconds: 30
            timeoutSeconds: 5
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            - name: cloud-config
              mountPath: /etc/proxmox
              readOnly: true
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 14 }}
      volumes:
        {{- if .Values.existingConfigSecret }}
        - name: cloud-config
          secret:
            secretName: {{ .Values.existingConfigSecret }}
            items:
              - key: {{ .Values.existingConfigSecretKey }}
                path: config.yaml
            defaultMode: 416
        {{- else }}
        - name: cloud-config
          secret:
            secretName: {{ include "proxmox-cloud-controller-manager.fullname" . }}
            defaultMode: 416
        {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml
@@ -0,0 +1,53 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}
  labels:
    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - get
  - create
  - update
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
  - update
 - apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
  - update
  - patch
  - delete
 - apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
 - apiGroups:
  - ""
  resources:
  - serviceaccounts
  verbs:
  - create
  - get
 - apiGroups:
  - ""
  resources:
  - serviceaccounts/token
  verbs:
  - create
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
@@ -0,0 +1,26 @@
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}
 subjects:
 - kind: ServiceAccount
  name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}:extension-apiserver-authentication-reader
  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
 subjects:
  - kind: ServiceAccount
    name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
    namespace: {{ .Release.Namespace }}
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml
@@ -0,0 +1,11 @@
 {{- if ne (len .Values.config.clusters) 0 }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
  labels:
    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
  namespace: {{ .Release.Namespace }}
 data:
  config.yaml: {{ toYaml .Values.config | b64enc | quote }}
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/serviceaccount.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }}
  labels:
    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml
@@ -0,0 +1,13 @@
 image:
  pullPolicy: Always
  tag: edge
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 logVerbosityLevel: 4
 enabledControllers:
  - cloud-node
  - cloud-node-lifecycle
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml
@@ -0,0 +1,8 @@
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 logVerbosityLevel: 4
 enabledControllers:
  - cloud-node-lifecycle
--- a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml
@@ -0,0 +1,125 @@
 # Default values for proxmox-cloud-controller-manager.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
  # -- Proxmox CCM image.
  repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager
  # -- Always or IfNotPresent
  pullPolicy: IfNotPresent
  # -- Overrides the image tag whose default is the chart appVersion.
  tag: ""
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 # -- Any extra arguments for talos-cloud-controller-manager
 extraArgs: []
  # - --cluster-name=kubernetes
 # -- List of controllers should be enabled.
 # Use '*' to enable all controllers.
 # Support only `cloud-node,cloud-node-lifecycle` controllers.
 enabledControllers:
  - cloud-node
  - cloud-node-lifecycle
  # - route
  # - service
 # -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md
 # for description of individual verbosity levels.
 logVerbosityLevel: 2
 # -- Proxmox cluster config stored in secrets.
 existingConfigSecret: ~
 # -- Proxmox cluster config stored in secrets key.
 existingConfigSecretKey: config.yaml
 # -- Proxmox cluster config.
 config:
  clusters: []
  #   - url: https://cluster-api-1.exmple.com:8006/api2/json
  #     insecure: false
  #     token_id: "login!name"
  #     token_secret: "secret"
  #     region: cluster-1
 # -- Pods Service Account.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 # -- CCM pods' priorityClassName.
 priorityClassName: system-cluster-critical
 # -- Annotations for data pods.
 # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
 # -- Pods Security Context.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 podSecurityContext:
  runAsNonRoot: true
  runAsUser: 10258
  runAsGroup: 10258
  fsGroup: 10258
  fsGroupChangePolicy: "OnRootMismatch"
 # -- Container Security Context.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  seccompProfile:
    type: RuntimeDefault
 # -- Resource requests and limits.
 # ref: https://kubernetes.io/docs/user-guide/compute-resources/
 resources:
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  requests:
    cpu: 10m
    memory: 32Mi
 # -- Deployment update stategy type.
 # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment
 updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
 # -- Node labels for data pods assignment.
 # ref: https://kubernetes.io/docs/user-guide/node-selection/
 nodeSelector: {}
  # node-role.kubernetes.io/control-plane: ""
 # -- Tolerations for data pods assignment.
 # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/control-plane
    operator: Exists
  - effect: NoSchedule
    key: node.cloudprovider.kubernetes.io/uninitialized
    operator: Exists
 # -- Affinity for data pods assignment.
 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 affinity: {}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml
@@ -0,0 +1,26 @@
 apiVersion: v2
 name: proxmox-csi-plugin
 description: A CSI plugin for Proxmox
 type: application
 home: https://github.com/sergelogvinov/proxmox-csi-plugin
 icon: https://proxmox.com/templates/yoo_nano2/favicon.ico
 sources:
 - https://github.com/sergelogvinov/proxmox-csi-plugin
 keywords:
 - storage
 - block-storage
 - volume
 maintainers:
 - name: sergelogvinov
  url: https://github.com/sergelogvinov
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.6
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: v0.3.0
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md
@@ -0,0 +1,116 @@
 # proxmox-csi-plugin
 ![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.0](https://img.shields.io/badge/AppVersion-v0.3.0-informational?style=flat-square)
 A CSI plugin for Proxmox
 **Homepage:** <https://github.com/sergelogvinov/proxmox-csi-plugin>
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | sergelogvinov |  | <https://github.com/sergelogvinov> |
 ## Source Code
 * <https://github.com/sergelogvinov/proxmox-csi-plugin>
 Example:
 ```yaml
 # proxmox-csi.yaml
 config:
  clusters:
    - url: https://cluster-api-1.exmple.com:8006/api2/json
      insecure: false
      token_id: "kubernetes-csi@pve!csi"
      token_secret: "key"
      region: cluster-1
 # Deploy Node CSI driver only on proxmox nodes
 node:
  nodeSelector:
    # It will work only with Talos CCM, remove it overwise
    node.cloudprovider.kubernetes.io/platform: nocloud
  tolerations:
    - operator: Exists
 # Deploy CSI controller only on control-plane nodes
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 # Define storage classes
 # See https://pve.proxmox.com/wiki/Storage
 storageClass:
  - name: proxmox-data-xfs
    storage: data
    reclaimPolicy: Delete
    fstype: xfs
  - name: proxmox-data
    storage: data
    reclaimPolicy: Delete
    fstype: ext4
    cache: writethrough
 ```
 Deploy chart:
 ```shell
 helm upgrade -i --namespace=csi-proxmox -f proxmox-csi.yaml \
 		proxmox-csi-plugin charts/proxmox-csi-plugin/
 ```
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | replicaCount | int | `1` |  |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | fullnameOverride | string | `""` |  |
 | priorityClassName | string | `"system-cluster-critical"` | Controller pods priorityClassName. |
 | serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
 | provisionerName | string | `"csi.proxmox.sinextra.dev"` | CSI Driver provisioner name. Currently, cannot be customized. |
 | clusterID | string | `"kubernetes"` | Cluster name. Currently, cannot be customized. |
 | logVerbosityLevel | int | `5` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. |
 | timeout | string | `"3m"` | Connection timeout between sidecars. |
 | existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. |
 | existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. |
 | configFile | string | `"/etc/proxmox/config.yaml"` | Proxmox cluster config path. |
 | config | object | `{"clusters":[]}` | Proxmox cluster config. |
 | storageClass | list | `[]` | Storage class defenition. |
 | controller.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/proxmox-csi-controller","tag":""}` | Controller CSI Driver. |
 | controller.plugin.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Controller resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | controller.attacher.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-attacher","tag":"v4.3.0"}` | CSI Attacher. |
 | controller.attacher.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Attacher resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | controller.provisioner.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-provisioner","tag":"v3.5.0"}` | CSI Provisioner. |
 | controller.provisioner.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Provisioner resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | controller.resizer.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-resizer","tag":"v1.8.0"}` | CSI Resizer. |
 | controller.resizer.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Resizer resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | node.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/proxmox-csi-node","tag":""}` | Node CSI Driver. |
 | node.plugin.resources | object | `{}` | Node CSI Driver resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | node.driverRegistrar.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.8.0"}` | Node CSI driver registrar. |
 | node.driverRegistrar.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Node registrar resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | node.nodeSelector | object | `{}` | Node labels for node-plugin assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | node.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/unschedulable","operator":"Exists"},{"effect":"NoSchedule","key":"node.kubernetes.io/disk-pressure","operator":"Exists"}]` | Tolerations for node-plugin assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
 | livenessprobe.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/livenessprobe","tag":"v2.10.0"}` | Common livenessprobe sidecar. |
 | livenessprobe.failureThreshold | int | `5` | Failure threshold for livenessProbe |
 | livenessprobe.initialDelaySeconds | int | `10` | Initial delay seconds for livenessProbe |
 | livenessprobe.timeoutSeconds | int | `10` | Timeout seconds for livenessProbe |
 | livenessprobe.periodSeconds | int | `60` | Period seconds for livenessProbe |
 | livenessprobe.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Liveness probe resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | podAnnotations | object | `{}` | Annotations for controller pod. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | podSecurityContext | object | `{"fsGroup":65532,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | Controller Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Controller Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Controller deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
 | nodeSelector | object | `{}` | Node labels for controller assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | tolerations | list | `[]` | Tolerations for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
 | affinity | object | `{}` | Affinity for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl
@@ -0,0 +1,68 @@
 {{ template "chart.header" . }}
 {{ template "chart.deprecationWarning" . }}
 {{ template "chart.badgesSection" . }}
 {{ template "chart.description" . }}
 {{ template "chart.homepageLine" . }}
 {{ template "chart.maintainersSection" . }}
 {{ template "chart.sourcesSection" . }}
 {{ template "chart.requirementsSection" . }}
 Example:
 ```yaml
 # proxmox-csi.yaml
 config:
  clusters:
    - url: https://cluster-api-1.exmple.com:8006/api2/json
      insecure: false
      token_id: "kubernetes-csi@pve!csi"
      token_secret: "key"
      region: cluster-1
 # Deploy Node CSI driver only on proxmox nodes
 node:
  nodeSelector:
    # It will work only with Talos CCM, remove it overwise
    node.cloudprovider.kubernetes.io/platform: nocloud
  tolerations:
    - operator: Exists
 # Deploy CSI controller only on control-plane nodes
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 # Define storage classes
 # See https://pve.proxmox.com/wiki/Storage
 storageClass:
  - name: proxmox-data-xfs
    storage: data
    reclaimPolicy: Delete
    fstype: xfs
  - name: proxmox-data
    storage: data
    reclaimPolicy: Delete
    fstype: ext4
    cache: writethrough
 ```
 Deploy chart:
 ```shell
 helm upgrade -i --namespace=csi-proxmox -f proxmox-csi.yaml \
 		proxmox-csi-plugin charts/proxmox-csi-plugin/
 ```
 {{ template "chart.valuesSection" . }}
 {{ template "helm-docs.versionFooter" . }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml
@@ -0,0 +1,22 @@
 node:
  nodeSelector:
    node.cloudprovider.kubernetes.io/platform: nocloud
  tolerations:
    - operator: Exists
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 storageClass:
  - name: proxmox-data-xfs
    storage: data
    reclaimPolicy: Delete
    fstype: xfs
  - name: proxmox-data
    storage: data
    reclaimPolicy: Delete
    ssd: true
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/NOTES.txt
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/NOTES.txt
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/_helpers.tpl
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/_helpers.tpl
@@ -0,0 +1,71 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "proxmox-csi-plugin.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "proxmox-csi-plugin.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "proxmox-csi-plugin.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "proxmox-csi-plugin.labels" -}}
 helm.sh/chart: {{ include "proxmox-csi-plugin.chart" . }}
 app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "proxmox-csi-plugin.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/component: controller
 {{- end }}
 {{- define "proxmox-csi-plugin-node.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/component: node
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "proxmox-csi-plugin.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "proxmox-csi-plugin.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml
@@ -0,0 +1,37 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
 rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "patch", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims/status"]
    verbs: ["patch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get","list", "watch", "create", "update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml
@@ -0,0 +1,157 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: {{ .Values.updateStrategy.type }}
    rollingUpdate:
      {{- toYaml .Values.updateStrategy.rollingUpdate | nindent 6 }}
  selector:
    matchLabels:
      {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        checksum/config: {{ toJson .Values.config | sha256sum }}
      {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 8 }}
    spec:
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      enableServiceLinks: false
      serviceAccountName: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.controller.plugin.image.repository }}:{{ .Values.controller.plugin.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.controller.plugin.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
            - "--cloud-config={{ .Values.configFile }}"
          resources:
            {{- toYaml .Values.controller.plugin.resources | nindent 12 }}
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
            - name: cloud-config
              mountPath: /etc/proxmox/
        - name: csi-attacher
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.controller.attacher.image.repository }}:{{ .Values.controller.attacher.image.tag }}"
          imagePullPolicy: {{ .Values.controller.attacher.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
            - "--timeout={{ .Values.timeout }}"
            - "--leader-election"
            - "--default-fstype=ext4"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources: {{ toYaml .Values.controller.attacher.resources | nindent 12 }}
        - name: csi-provisioner
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.controller.provisioner.image.repository }}:{{ .Values.controller.provisioner.image.tag }}"
          imagePullPolicy: {{ .Values.controller.provisioner.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
            - "--timeout={{ .Values.timeout }}"
            - "--leader-election"
            - "--default-fstype=ext4"
            - "--feature-gates=Topology=True"
            - "--enable-capacity"
            - "--capacity-ownerref-level=2"
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources: {{ toYaml .Values.controller.provisioner.resources | nindent 12 }}
        - name: csi-resizer
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.controller.resizer.image.repository }}:{{ .Values.controller.resizer.image.tag }}"
          imagePullPolicy: {{ .Values.controller.resizer.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
            - "--timeout={{ .Values.timeout }}"
            - "--handle-volume-inuse-error=false"
            - "--leader-election"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources: {{ toYaml .Values.controller.resizer.resources | nindent 12 }}
        - name: liveness-probe
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}"
          imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources: {{ toYaml .Values.livenessprobe.resources | nindent 12 }}
      volumes:
        - name: socket-dir
          emptyDir: {}
        {{- if .Values.existingConfigSecret }}
        - name: cloud-config
          secret:
            secretName: {{ .Values.existingConfigSecret }}
            items:
              - key: {{ .Values.existingConfigSecretKey }}
                path: config.yaml
        {{- else }}
        - name: cloud-config
          secret:
            secretName: {{ include "proxmox-csi-plugin.fullname" . }}
        {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 14 }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml
@@ -0,0 +1,21 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
 rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csistoragecapacities"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get"]
  - apiGroups: ["apps"]
    resources: ["replicasets"]
    verbs: ["get"]
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml
@@ -0,0 +1,26 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
 subjects:
  - kind: ServiceAccount
    name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
    namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
 subjects:
  - kind: ServiceAccount
    name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
    namespace: {{ .Release.Namespace }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml
@@ -0,0 +1,10 @@
 apiVersion: storage.k8s.io/v1
 kind: CSIDriver
 metadata:
  name: {{ .Values.provisionerName }}
 spec:
  attachRequired: true
  podInfoOnMount: true
  storageCapacity: true
  volumeLifecycleModes:
  - Persistent
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml
@@ -0,0 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
 rules:
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml
@@ -0,0 +1,135 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
 spec:
  updateStrategy:
    type: {{ .Values.updateStrategy.type }}
  selector:
    matchLabels:
      {{- include "proxmox-csi-plugin-node.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "proxmox-csi-plugin-node.selectorLabels" . | nindent 8 }}
    spec:
      priorityClassName: system-node-critical
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      enableServiceLinks: false
      serviceAccountName: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node
      securityContext:
        runAsUser: 0
        runAsGroup: 0
      containers:
        - name: {{ include "proxmox-csi-plugin.fullname" . }}-node
          securityContext:
            privileged: true
            capabilities:
              drop:
              - ALL
              add:
              - SYS_ADMIN
              - CHOWN
              - DAC_OVERRIDE
            seccompProfile:
              type: RuntimeDefault
          image: "{{ .Values.node.plugin.image.repository }}:{{ .Values.node.plugin.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.node.plugin.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
            - "--node-id=$(NODE_NAME)"
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          resources: {{- toYaml .Values.node.plugin.resources | nindent 12 }}
          volumeMounts:
            - name: socket
              mountPath: /csi
            - name: kubelet
              mountPath: /var/lib/kubelet
              mountPropagation: Bidirectional
            - name: dev
              mountPath: /dev
            - name: sys
              mountPath: /sys
        - name: csi-node-driver-registrar
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            # readOnlyRootFilesystem: true
            seccompProfile:
              type: RuntimeDefault
          image: "{{ .Values.node.driverRegistrar.image.repository }}:{{ .Values.node.driverRegistrar.image.tag }}"
          imagePullPolicy: {{ .Values.node.driverRegistrar.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/plugins/{{ .Values.provisionerName }}/csi.sock"
          volumeMounts:
            - name: socket
              mountPath: /csi
            - name: registration
              mountPath: /registration
          resources: {{- toYaml .Values.node.driverRegistrar.resources | nindent 12 }}
        - name: liveness-probe
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
            seccompProfile:
              type: RuntimeDefault
          image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}"
          imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }}
          args:
            - "-v={{ .Values.logVerbosityLevel }}"
            - "--csi-address=unix:///csi/csi.sock"
          volumeMounts:
            - name: socket
              mountPath: /csi
          resources: {{- toYaml .Values.livenessprobe.resources | nindent 12 }}
      volumes:
        - name: socket
          hostPath:
            path: /var/lib/kubelet/plugins/{{ .Values.provisionerName }}/
            type: DirectoryOrCreate
        - name: registration
          hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
        - name: kubelet
          hostPath:
            path: /var/lib/kubelet
            type: Directory
        - name: dev
          hostPath:
            path: /dev
            type: Directory
        - name: sys
          hostPath:
            path: /sys
            type: Directory
      {{- with .Values.node.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.node.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml
@@ -0,0 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
 subjects:
  - kind: ServiceAccount
    name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node
    namespace: {{ .Release.Namespace }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml
@@ -0,0 +1,12 @@
 {{- if ne (len .Values.config.clusters) 0 }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "proxmox-csi-plugin.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
 type: Opaque
 data:
  config.yaml: {{ toYaml .Values.config | b64enc | quote }}
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml
@@ -0,0 +1,25 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml
@@ -0,0 +1,20 @@
 {{- range $storage := .Values.storageClass }}
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
  name: {{ $storage.name }}
 provisioner: {{ $.Values.provisionerName }}
 allowVolumeExpansion: true
 volumeBindingMode: WaitForFirstConsumer
 reclaimPolicy: {{ default "Delete" $storage.reclaimPolicy }}
 parameters:
  csi.storage.k8s.io/fstype: {{ default "ext4" $storage.fstype }}
  storage: {{ $storage.storage }}
  {{- if $storage.cache }}
  cache: {{  $storage.cache }}
  {{- end }}
  {{- if $storage.ssd }}
  ssd: "true"
  {{- end }}
 ---
 {{- end }}
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml
@@ -0,0 +1,30 @@
 controller:
  plugin:
    image:
      pullPolicy: Always
      tag: edge
 node:
  plugin:
    image:
      pullPolicy: Always
      tag: edge
  nodeSelector:
    node.cloudprovider.kubernetes.io/platform: nocloud
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 storageClass:
  - name: proxmox-data-xfs
    storage: data
    reclaimPolicy: Delete
    fstype: xfs
  - name: proxmox-data
    storage: data
    ssd: true
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml
@@ -0,0 +1,21 @@
 node:
  nodeSelector:
    node.cloudprovider.kubernetes.io/platform: nocloud
  tolerations:
    - operator: Exists
 nodeSelector:
  node-role.kubernetes.io/control-plane: ""
 tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
 storageClass:
  - name: proxmox-data-xfs
    storage: data
    reclaimPolicy: Delete
    fstype: xfs
  - name: proxmox-data
    storage: data
    reclaimPolicy: Delete
--- a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml
+++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml
@@ -0,0 +1,222 @@
 # Default values for proxmox-csi-plugin.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 # -- Controller pods priorityClassName.
 priorityClassName: system-cluster-critical
 # -- Pods Service Account.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 # -- CSI Driver provisioner name.
 # Currently, cannot be customized.
 provisionerName: csi.proxmox.sinextra.dev
 # -- Cluster name.
 # Currently, cannot be customized.
 clusterID: kubernetes
 # -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md
 # for description of individual verbosity levels.
 logVerbosityLevel: 5
 # -- Connection timeout between sidecars.
 timeout: 3m
 # -- Proxmox cluster config stored in secrets.
 existingConfigSecret: ~
 # -- Proxmox cluster config stored in secrets key.
 existingConfigSecretKey: config.yaml
 # -- Proxmox cluster config path.
 configFile: /etc/proxmox/config.yaml
 # -- Proxmox cluster config.
 config:
  clusters: []
  #   - url: https://cluster-api-1.exmple.com:8006/api2/json
  #     insecure: false
  #     token_id: "login!name"
  #     token_secret: "secret"
  #     region: cluster-1
 # -- Storage class defenition.
 storageClass: []
  # - name: proxmox-data-xfs
  #   storage: data
  #   reclaimPolicy: Delete
  #   fstype: ext4|xfs
  #
  #   # https://pve.proxmox.com/wiki/Performance_Tweaks
  #   cache: directsync|none|writeback|writethrough
  #   ssd: true
 controller:
  plugin:
    # -- Controller CSI Driver.
    image:
      repository: ghcr.io/sergelogvinov/proxmox-csi-controller
      pullPolicy: IfNotPresent
      # Overrides the image tag whose default is the chart appVersion.
      tag: ""
    # -- Controller resource requests and limits.
    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
    resources:
      requests:
        cpu: 10m
        memory: 16Mi
  attacher:
    # -- CSI Attacher.
    image:
      repository: registry.k8s.io/sig-storage/csi-attacher
      pullPolicy: IfNotPresent
      tag: v4.3.0
    # -- Attacher resource requests and limits.
    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
    resources:
      requests:
        cpu: 10m
        memory: 16Mi
  provisioner:
    # -- CSI Provisioner.
    image:
      repository: registry.k8s.io/sig-storage/csi-provisioner
      pullPolicy: IfNotPresent
      tag: v3.5.0
    # -- Provisioner resource requests and limits.
    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
    resources:
      requests:
        cpu: 10m
        memory: 16Mi
  resizer:
    # -- CSI Resizer.
    image:
      repository: registry.k8s.io/sig-storage/csi-resizer
      pullPolicy: IfNotPresent
      tag: v1.8.0
    # -- Resizer resource requests and limits.
    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
    resources:
      requests:
        cpu: 10m
        memory: 16Mi
 node:
  plugin:
    # -- Node CSI Driver.
    image:
      repository: ghcr.io/sergelogvinov/proxmox-csi-node
      pullPolicy: IfNotPresent
      # Overrides the image tag whose default is the chart appVersion.
      tag: ""
    # -- Node CSI Driver resource requests and limits.
    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
    resources: {}
  driverRegistrar:
    # -- Node CSI driver registrar.
    image:
      repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
      pullPolicy: IfNotPresent
      tag: v2.8.0
    # -- Node registrar resource requests and limits.
    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
    resources:
      requests:
        cpu: 10m
        memory: 16Mi
  # -- Node labels for node-plugin assignment.
  # ref: https://kubernetes.io/docs/user-guide/node-selection/
  nodeSelector: {}
  # -- Tolerations for node-plugin assignment.
  # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  tolerations:
    - key: node.kubernetes.io/unschedulable
      operator: Exists
      effect: NoSchedule
    - key: node.kubernetes.io/disk-pressure
      operator: Exists
      effect: NoSchedule
 livenessprobe:
  # -- Common livenessprobe sidecar.
  image:
    repository: registry.k8s.io/sig-storage/livenessprobe
    pullPolicy: IfNotPresent
    tag: v2.10.0
  # -- Failure threshold for livenessProbe
  failureThreshold: 5
  # -- Initial delay seconds for livenessProbe
  initialDelaySeconds: 10
  # -- Timeout seconds for livenessProbe
  timeoutSeconds: 10
  # -- Period seconds for livenessProbe
  periodSeconds: 60
  # -- Liveness probe resource requests and limits.
  # ref: https://kubernetes.io/docs/user-guide/compute-resources/
  resources:
    requests:
      cpu: 10m
      memory: 16Mi
 # -- Annotations for controller pod.
 # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
 # -- Controller Security Context.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 podSecurityContext:
  runAsNonRoot: true
  runAsUser: 65532
  runAsGroup: 65532
  fsGroup: 65532
  fsGroupChangePolicy: OnRootMismatch
 # -- Controller Container Security Context.
 # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  seccompProfile:
    type: RuntimeDefault
  readOnlyRootFilesystem: true
 # -- Controller deployment update stategy type.
 # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment
 updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
 # -- Node labels for controller assignment.
 # ref: https://kubernetes.io/docs/user-guide/node-selection/
 nodeSelector: {}
  # node-role.kubernetes.io/control-plane: ""
 # -- Tolerations for controller assignment.
 # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: []
  # - key: node-role.kubernetes.io/control-plane
  #   effect: NoSchedule
 # -- Affinity for controller assignment.
 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 affinity: {}
--- a/packages/system/proxmox-csi/patches/namespace.patch
+++ b/packages/system/proxmox-csi/patches/namespace.patch
@@ -0,0 +1,13 @@
 diff --git a/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml b/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
 index 0ed037f..32b065e 100644
 --- a/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
 +++ b/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
@@ -9,7 +9,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
 -  namespace: kube-system
 +  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
--- a/packages/system/proxmox-csi/tests/1.yaml
+++ b/packages/system/proxmox-csi/tests/1.yaml
@@ -0,0 +1,30 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: task-pv-claim
 spec:
  storageClassName: proxmox-lvm
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: task-pv-pod
 spec:
  volumes:
    - name: task-pv-storage
      persistentVolumeClaim:
        claimName: task-pv-claim
  containers:
    - name: task-pv-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: task-pv-storage
--- a/packages/system/proxmox-csi/values.yaml
+++ b/packages/system/proxmox-csi/values.yaml
@@ -0,0 +1,22 @@
 proxmox-cloud-controller-manager:
  fullnameOverride: proxmox-cloud-controller-manager
  enabledControllers:
    - cloud-node
    - cloud-node-lifecycle
  # Deploy CCM only on control-plane nodes
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""
  tolerations:
    - key: node-role.kubernetes.io/control-plane
      effect: NoSchedule
 proxmox-csi-plugin:
  fullnameOverride: proxmox-csi-plugin
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""
  tolerations:
    - key: node-role.kubernetes.io/control-plane
      effect: NoSchedule