kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-gce-pd-node
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: gcp-compute-persistent-disk-csi-driver
  template:
    metadata:
      labels:
        app: gcp-compute-persistent-disk-csi-driver
    spec:
      # Host network must be used for interaction with Workload Identity in GKE
      # since it replaces GCE Metadata Server with GKE Metadata Server. Remove
      # this requirement when issue is resolved and before any exposure of
      # metrics ports.
      hostNetwork: true
      priorityClassName: csi-gce-pd-node
      serviceAccountName: csi-gce-pd-node-sa
      containers:
        - name: csi-driver-registrar
          image: {{ csi_node_driver_registrar_image_repo }}:{{ csi_node_driver_registrar_image_tag }}
          args:
            - "--v=5"
            - "--csi-address=/csi/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/plugins/pd.csi.storage.gke.io/csi.sock"
          lifecycle:
            preStop:
              exec:
                command: ["/bin/sh", "-c", "rm -rf /registration/pd.csi.storage.gke.io /registration/pd.csi.storage.gke.io-reg.sock"]
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: plugin-dir
              mountPath: /csi
            - name: registration-dir
              mountPath: /registration
        - name: gce-pd-driver
          securityContext:
            privileged: true
          # Don't change base image without changing pdImagePlaceholder in
          # test/k8s-integration/main.go
          image: {{ gcp_pd_csi_plugin_image_repo }}:{{ gcp_pd_csi_plugin_image_tag }}
          args:
            - "--v=5"
            - "--endpoint=unix:/csi/csi.sock"
          volumeMounts:
            - name: kubelet-dir
              mountPath: /var/lib/kubelet
              mountPropagation: "Bidirectional"
            - name: plugin-dir
              mountPath: /csi
            - name: device-dir
              mountPath: /dev
            # The following mounts are required to trigger host udevadm from
            # container
            - name: udev-rules-etc
              mountPath: /etc/udev
            - name: udev-rules-lib
              mountPath: /lib/udev
            - name: udev-socket
              mountPath: /run/udev
            - name: sys
              mountPath: /sys
      nodeSelector:
        kubernetes.io/os: linux
      volumes:
        - name: registration-dir
          hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
        - name: kubelet-dir
          hostPath:
            path: /var/lib/kubelet
            type: Directory
        - name: plugin-dir
          hostPath:
            path: /var/lib/kubelet/plugins/pd.csi.storage.gke.io/
            type: DirectoryOrCreate
        - name: device-dir
          hostPath:
            path: /dev
            type: Directory
        # The following mounts are required to trigger host udevadm from
        # container
        - name: udev-rules-etc
          hostPath:
            path: /etc/udev
            type: Directory
        - name: udev-rules-lib
          hostPath:
            path: /lib/udev
            type: Directory
        - name: udev-socket
          hostPath:
            path: /run/udev
            type: Directory
        - name: sys
          hostPath:
            path: /sys
            type: Directory
      # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
      # See "special case". This will tolerate everything. Node component should
      # be scheduled on all nodes.
      tolerations:
      - operator: Exists