--- apiVersion: apps/v1 kind: DaemonSet metadata: name: csi‑rbdplugin namespace: ceph‑csi spec: selector: matchLabels: app: csi‑rbdplugin template: metadata: labels: app: csi‑rbdplugin spec: serviceAccountName: rbd‑csi‑nodeplugin hostNetwork: true hostPID: true priorityClassName: system‑node‑critical dnsPolicy: ClusterFirstWithHostNet containers: - name: csi‑rbdplugin securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: quay.io/cephcsi/cephcsi:v3.15 args: - "--nodeid=$(NODE_ID)" - "--pluginpath=/var/lib/kubelet/plugins" - "--stagingpath=/var/lib/kubelet/plugins/kubernetes.io/csi/" - "--type=rbd" - "--nodeserver=true" - "--endpoint=$(CSI_ENDPOINT)" - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" - "--v=5" - "--drivername=rbd.csi.ceph.com" - "--enableprofiling=false" env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: CSI_ADDONS_ENDPOINT value: unix:///csi/csi-addons.sock imagePullPolicy: IfNotPresent volumeMounts: - name: socket-dir mountPath: /csi - name: host-dev mountPath: /dev - name: host-sys mountPath: /sys - name: host-mount mountPath: /run/mount - name: etc-selinux mountPath: /etc/selinux readOnly: true - name: lib-modules mountPath: /lib/modules readOnly: true - name: plugin-dir mountPath: /var/lib/kubelet/plugins mountPropagation: "Bidirectional" - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" - name: keys-tmp-dir mountPath: /tmp/csi/keys - name: ceph-logdir mountPath: /var/log/ceph - name: ceph-config mountPath: /etc/ceph/ - name: ceph-csi-config mountPath: /etc/ceph-csi-config/ - name: ceph-csi-encryption-kms-config mountPath: /etc/ceph-csi-encryption-kms-config/ - name: oidc-token mountPath: /run/secrets/tokens readOnly: true # possibly sidecars like driver‑registrar, liveness, etc. volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/rbd.csi.ceph.com type: DirectoryOrCreate - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins type: Directory - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate - name: ceph-logdir hostPath: path: /var/log/ceph type: DirectoryOrCreate - name: host-dev hostPath: path: /dev - name: host-sys hostPath: path: /sys - name: etc-selinux hostPath: path: /etc/selinux type: DirectoryOrCreate - name: host-mount hostPath: path: /run/mount - name: lib-modules hostPath: path: /lib/modules type: DirectoryOrCreate - name: ceph-config configMap: name: ceph-config - name: ceph-csi-config configMap: name: ceph-csi-config - name: ceph-csi-encryption-kms-config configMap: name: ceph-csi-encryption-kms-config - name: keys-tmp-dir emptyDir: medium: Memory --- apiVersion: v1 kind: Service metadata: name: csi-metrics-rbdplugin namespace: ceph‑csi labels: app: csi‑metrics spec: ports: - name: http‑metrics port: 8080 protocol: TCP targetPort: 8680 selector: app: csi‑rbdplugin