diff --git a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml index a8b47fc0..15a574b2 100644 --- a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -24,6 +24,8 @@ spec: {{- include "nfs-subdir-external-provisioner.podLabels" . | nindent 8 }} spec: serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -43,6 +45,8 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: - name: {{ .Values.nfs.volumeName }} mountPath: /persistentvolumes diff --git a/charts/nfs-subdir-external-provisioner/values.yaml b/charts/nfs-subdir-external-provisioner/values.yaml index 20720b19..e7d4a78d 100644 --- a/charts/nfs-subdir-external-provisioner/values.yaml +++ b/charts/nfs-subdir-external-provisioner/values.yaml @@ -74,6 +74,10 @@ podAnnotations: {} ## Set pod priorityClassName # priorityClassName: "" +podSecurityContext: {} + +securityContext: {} + serviceAccount: # Specifies whether a ServiceAccount should be created create: true diff --git a/deploy/objects/clusterrolebinding.yaml b/deploy/objects/clusterrolebinding.yaml index 0e949a27..4f085e02 100644 --- a/deploy/objects/clusterrolebinding.yaml +++ b/deploy/objects/clusterrolebinding.yaml @@ -5,6 +5,7 @@ metadata: subjects: - kind: ServiceAccount name: nfs-client-provisioner + # replace with namespace where provisioner is deployed namespace: default roleRef: kind: ClusterRole diff --git a/deploy/objects/deployment.yaml b/deploy/objects/deployment.yaml index df10aa3f..26d2a234 100644 --- a/deploy/objects/deployment.yaml +++ b/deploy/objects/deployment.yaml @@ -1,11 +1,18 @@ +apiVersion: apps/v1 kind: Deployment -apiVersion: extensions/v1beta1 metadata: name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default spec: replicas: 1 strategy: type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner template: metadata: labels: @@ -22,11 +29,11 @@ spec: - name: PROVISIONER_NAME value: k8s-sigs.io/nfs-subdir-external-provisioner - name: NFS_SERVER - value: 10.10.10.60 + value: 10.3.243.101 - name: NFS_PATH value: /ifs/kubernetes volumes: - name: nfs-client-root nfs: - server: 10.10.10.60 + server: 10.3.243.101 path: /ifs/kubernetes diff --git a/deploy/objects/role.yaml b/deploy/objects/role.yaml index 28721e82..bcd83d3f 100644 --- a/deploy/objects/role.yaml +++ b/deploy/objects/role.yaml @@ -2,6 +2,8 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default rules: - apiGroups: [""] resources: ["endpoints"] diff --git a/deploy/objects/rolebinding.yaml b/deploy/objects/rolebinding.yaml index b5faf2d8..76a51e57 100644 --- a/deploy/objects/rolebinding.yaml +++ b/deploy/objects/rolebinding.yaml @@ -2,6 +2,8 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default subjects: - kind: ServiceAccount name: nfs-client-provisioner diff --git a/deploy/objects/serviceaccount.yaml b/deploy/objects/serviceaccount.yaml index edead9ad..b76dcd62 100644 --- a/deploy/objects/serviceaccount.yaml +++ b/deploy/objects/serviceaccount.yaml @@ -2,3 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default