terraform-talos/oracle/deployments/oci-csi-node.yaml

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: oci-csi-iscsiadm
  namespace: kube-system
data:
  iscsiadm: |
    #!/bin/sh
    if [ -x /host/sbin/iscsiadm ]; then
      chroot /host /sbin/iscsiadm "$@"
    elif [ -x /host/usr/local/sbin/iscsiadm ]; then
      chroot /host /usr/local/sbin/iscsiadm "$@"
    elif [ -x /host/bin/iscsiadm ]; then
      chroot /host /bin/iscsiadm "$@"
    elif [ -x /host/usr/local/bin/iscsiadm ]; then
      chroot /host /usr/local/bin/iscsiadm "$@"
    else
      chroot /host iscsiadm "$@"
    fi
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: oci-fss-csi
  namespace: kube-system
data:
  mount: |-
    #!/bin/sh
    if [ -x /sbin/mount ]; then
    chroot /host mount "$@"
    elif [ -x /usr/local/sbin/mount ]; then
    chroot /host mount "$@"
    elif [ -x /usr/sbin/mount ]; then
    chroot /host mount "$@"
    elif [ -x /usr/local/bin/mount ]; then
    chroot /host mount "$@"
    else
    chroot /host mount "$@"
    fi
  umount: |-
    #!/bin/sh
    if [ -x /sbin/umount ]; then
    chroot /host umount "$@"
    elif [ -x /usr/local/sbin/umount ]; then
    chroot /host umount "$@"
    elif [ -x /usr/sbin/umount ]; then
    chroot /host umount "$@"
    elif [ -x /usr/local/bin/umount ]; then
    chroot /host umount "$@"
    else
    chroot /host umount "$@"
    fi
  umount.oci-fss: |-
    #!/bin/sh
    if [ -x /sbin/umount-oci-fss ]; then
    chroot /host umount.oci-fss "$@"
    elif [ -x /usr/local/sbin/umount-oci-fss ]; then
    chroot /host umount.oci-fss "$@"
    elif [ -x /usr/sbin/umount-oci-fss ]; then
    chroot /host umount.oci-fss "$@"
    elif [ -x /usr/local/bin/umount-oci-fss ]; then
    chroot /host umount.oci-fss "$@"
    else
    chroot /host umount.oci-fss "$@"
    fi
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  annotations:
    deprecated.daemonset.template.generation: "1"
  generation: 1
  name: csi-oci-node
  namespace: kube-system
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: csi-oci-node
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: csi-oci-node
        role: csi-oci
    spec:
      nodeSelector:
        node.cloudprovider.kubernetes.io/platform: oracle
      tolerations:
        - key: "node-role.kubernetes.io/control-plane"
          effect: NoSchedule
      containers:
        - name: oci-csi-node-driver
          args:
            - --v=2
            - --endpoint=unix:///csi/csi.sock
            - --nodeid=$(KUBE_NODE_NAME)
            - --loglevel=debug
            - --fss-endpoint=unix:///fss/csi.sock
          command:
            - /usr/local/bin/oci-csi-node-driver
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
            - name: PATH
              value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/bin:/host/sbin
          image: ghcr.io/oracle/cloud-provider-oci:v1.24.0
          securityContext:
            privileged: true
          volumeMounts:
            - mountPath: /csi
              name: plugin-dir
            - mountPath: /var/lib/kubelet
              mountPropagation: Bidirectional
              name: pods-mount-dir
            - mountPath: /dev
              name: device-dir
            - mountPath: /host
              name: host-root
            - mountPath: /sbin/iscsiadm
              name: chroot-iscsiadm
              subPath: iscsiadm
            - mountPath: /host/var/lib/kubelet
              mountPropagation: Bidirectional
              name: encrypt-pods-mount-dir
            - mountPath: /sbin/umount.oci-fss
              name: fss-driver-mounts
              subPath: umount.oci-fss
            - mountPath: /sbin/umount
              name: fss-driver-mounts
              subPath: umount
            - mountPath: /sbin/mount
              name: fss-driver-mounts
              subPath: mount
        - name: csi-node-registrar
          args:
            - --csi-address=/csi/csi.sock
            - --kubelet-registration-path=/var/lib/kubelet/plugins/blockvolume.csi.oraclecloud.com/csi.sock
          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1
          securityContext:
            privileged: true
          lifecycle:
            preStop:
              exec:
                command:
                  - /bin/sh
                  - -c
                  - rm -rf /registration/blockvolume.csi.oraclecloud.com /registration/blockvolume.csi.oraclecloud.com-reg.sock
          volumeMounts:
            - mountPath: /csi
              name: plugin-dir
            - mountPath: /registration
              name: registration-dir
      dnsPolicy: ClusterFirst
      hostNetwork: true
      restartPolicy: Always
      schedulerName: default-scheduler
      serviceAccount: csi-oci-node-sa
      serviceAccountName: csi-oci-node-sa
      terminationGracePeriodSeconds: 30
      volumes:
        - hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: DirectoryOrCreate
          name: registration-dir
        - hostPath:
            path: /var/lib/kubelet/plugins/blockvolume.csi.oraclecloud.com
            type: DirectoryOrCreate
          name: plugin-dir
        - hostPath:
            path: /var/lib/kubelet
            type: Directory
          name: pods-mount-dir
        - hostPath:
            path: /var/lib/kubelet
            type: Directory
          name: encrypt-pods-mount-dir
        - hostPath:
            path: /dev
            type: ""
          name: device-dir
        - hostPath:
            path: /
            type: Directory
          name: host-root
        - configMap:
            name: oci-csi-iscsiadm
            defaultMode: 0755
          name: chroot-iscsiadm
        - configMap:
            name: oci-fss-csi
            defaultMode: 0755
          name: fss-driver-mounts
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate