From f8a3b17fcc71b8a3e1eb4b1317905f88300f8328 Mon Sep 17 00:00:00 2001 From: crpruett Date: Mon, 4 May 2026 15:46:36 -0400 Subject: [PATCH 1/5] Mealie-Synology Deployment editions --- apps/base/mealie/data-migration.yaml | 22 ++++++++++++++++++++++ apps/base/mealie/deployment.yaml | 4 ++-- apps/base/mealie/syn-storage.yaml | 12 ++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 apps/base/mealie/data-migration.yaml create mode 100644 apps/base/mealie/syn-storage.yaml diff --git a/apps/base/mealie/data-migration.yaml b/apps/base/mealie/data-migration.yaml new file mode 100644 index 0000000..66367ea --- /dev/null +++ b/apps/base/mealie/data-migration.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Pod +metadata: + name: migrate-mealie-data +spec: + containers: + - name: migrate + image: alpine + command: ["sh", "-c", "cp -av /source/ . /dest/ && echo DONE Migrating!"] + volumeMounts: + - name: old-data + mountPath: /source + - name: new-data + mountPath: /dest + volumes: + - name: old-data + hostPath: + path: /home/ginrai/k3s-data/storage/pvc-9f08afc0-9d95-44fc-89f5-24919c713d44_mealie_mealie-data + - name: new-data + persistentVolumeClaim: + claimName: mealie-syn-data + restartPolicy: Never diff --git a/apps/base/mealie/deployment.yaml b/apps/base/mealie/deployment.yaml index 06c78af..88139af 100644 --- a/apps/base/mealie/deployment.yaml +++ b/apps/base/mealie/deployment.yaml @@ -6,7 +6,7 @@ metadata: name: mealie namespace: mealie spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: mealie @@ -29,4 +29,4 @@ spec: volumes: - name: mealie-data persistentVolumeClaim: - claimName: mealie-data + claimName: mealie-syn-data diff --git a/apps/base/mealie/syn-storage.yaml b/apps/base/mealie/syn-storage.yaml new file mode 100644 index 0000000..4c2ee01 --- /dev/null +++ b/apps/base/mealie/syn-storage.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mealie-syn-data + namespace: mealie +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: synology-iscsi-retain From e026722166d51239ac88337a7ff485365689e870 Mon Sep 17 00:00:00 2001 From: crpruett Date: Mon, 4 May 2026 16:19:50 -0400 Subject: [PATCH 2/5] Reverting Mealie DB changes --- apps/base/mealie/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/base/mealie/deployment.yaml b/apps/base/mealie/deployment.yaml index 88139af..6538c53 100644 --- a/apps/base/mealie/deployment.yaml +++ b/apps/base/mealie/deployment.yaml @@ -29,4 +29,4 @@ spec: volumes: - name: mealie-data persistentVolumeClaim: - claimName: mealie-syn-data + claimName: mealie-data From bfbe30a1f7995f01b96f7ddcf00ef44ebadc8ea0 Mon Sep 17 00:00:00 2001 From: crpruett Date: Mon, 4 May 2026 16:56:42 -0400 Subject: [PATCH 3/5] Migration attempt 2 --- apps/base/mealie/data-migration.yaml | 2 +- apps/base/mealie/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/base/mealie/data-migration.yaml b/apps/base/mealie/data-migration.yaml index 66367ea..701174c 100644 --- a/apps/base/mealie/data-migration.yaml +++ b/apps/base/mealie/data-migration.yaml @@ -6,7 +6,7 @@ spec: containers: - name: migrate image: alpine - command: ["sh", "-c", "cp -av /source/ . /dest/ && echo DONE Migrating!"] + command: ["sh", "-c", "cp -av /source/. /dest/ && echo DONE Migrating!"] volumeMounts: - name: old-data mountPath: /source diff --git a/apps/base/mealie/deployment.yaml b/apps/base/mealie/deployment.yaml index 6538c53..88139af 100644 --- a/apps/base/mealie/deployment.yaml +++ b/apps/base/mealie/deployment.yaml @@ -29,4 +29,4 @@ spec: volumes: - name: mealie-data persistentVolumeClaim: - claimName: mealie-data + claimName: mealie-syn-data From ab821ce185ed32de95ab16e73f6ea1d32d4ed9d8 Mon Sep 17 00:00:00 2001 From: crpruett Date: Mon, 4 May 2026 18:34:03 -0400 Subject: [PATCH 4/5] Synology secret, Mealie Synology Finalizations, etc. --- apps/base/mealie/kustomization.yaml | 3 ++- .../controllers/base/synology-csi/client-info-secret.yaml | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/apps/base/mealie/kustomization.yaml b/apps/base/mealie/kustomization.yaml index bac7d97..9f3563a 100644 --- a/apps/base/mealie/kustomization.yaml +++ b/apps/base/mealie/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - deployment.yaml - - storage.yaml + # - storage.yaml + - syn-storage.yaml - service.yaml - namespace.yaml diff --git a/infrastructure/controllers/base/synology-csi/client-info-secret.yaml b/infrastructure/controllers/base/synology-csi/client-info-secret.yaml index 8e2ff8b..5a44880 100644 --- a/infrastructure/controllers/base/synology-csi/client-info-secret.yaml +++ b/infrastructure/controllers/base/synology-csi/client-info-secret.yaml @@ -1,11 +1,11 @@ apiVersion: v1 data: - client-info.yml: LS0tCmNsaWVudHM6CiAgLSBob3N0OiAxOTIuMTY4LjcuMTQKICAgIHBvcnQ6IDUwMDAKICAgIGh0dHBzOiBmYWxzZQogICAgdXNlcm5hbWU6IGdpbnJhaQogICAgcGFzc3dvcmQ6IEl4aW9uWDIxIQogICMtIGhvc3Q6IDE5Mi4xNjguMS4yCiAgICMgcG9ydDogNTAwMAogICAgI2h0dHBzOiBmYWxzZQogICAgI3VzZXJuYW1lOiB1c2VybmFtZQogICAgI3Bhc3N3b3JkOiBwYXNzd29yZAoKI2hvc3Q6ICAgICAgICAgICAgICAgICAgICAgICMgaXB2NCBhZGRyZXNzIG9yIGRvbWFpbiBvZiB0aGUgRFNNCiNwb3J0OiAgICAgICAgICAgICAgICAgICAgICAjIHBvcnQgZm9yIGNvbm5lY3RpbmcgdG8gdGhlIERTTQojaHR0cHM6ICAgICAgICAgICAgICAgICAgICAgIyBzZXQgdGhpcyB0cnVlIHRvIHVzZSBodHRwcy4geW91IG5lZWQgdG8gc3BlY2lmeSB0aGUgcG9ydCB0byBEU00gSFRUUFMgcG9ydCBhcyB3ZWxsCiN1c2VybmFtZTogICAgICAgICAgICAgICAgICAjIHVzZXJuYW1lCiNwYXNzd29yZDogICAgICAgICAgICAgICAgICAjIHBhc3N3b3JkCg== + client-info.yaml: LS0tCmNsaWVudHM6CiAgLSBob3N0OiAxOTIuMTY4LjcuMTQKICAgIHBvcnQ6IDUwMDAKICAgIGh0dHBzOiBmYWxzZQogICAgdXNlcm5hbWU6IGdhbGxhbnRtb24KICAgIHBhc3N3b3JkOiBEaWdpbW9uQzIxIQogICMtIGhvc3Q6IDE5Mi4xNjguMS4yCiAgICMgcG9ydDogNTAwMAogICAgI2h0dHBzOiBmYWxzZQogICAgI3VzZXJuYW1lOiB1c2VybmFtZQogICAgI3Bhc3N3b3JkOiBwYXNzd29yZAoKI2hvc3Q6ICAgICAgICAgICAgICAgICAgICAgICMgaXB2NCBhZGRyZXNzIG9yIGRvbWFpbiBvZiB0aGUgRFNNCiNwb3J0OiAgICAgICAgICAgICAgICAgICAgICAjIHBvcnQgZm9yIGNvbm5lY3RpbmcgdG8gdGhlIERTTQojaHR0cHM6ICAgICAgICAgICAgICAgICAgICAgIyBzZXQgdGhpcyB0cnVlIHRvIHVzZSBodHRwcy4geW91IG5lZWQgdG8gc3BlY2lmeSB0aGUgcG9ydCB0byBEU00gSFRUUFMgcG9ydCBhcyB3ZWxsCiN1c2VybmFtZTogICAgICAgICAgICAgICAgICAjIHVzZXJuYW1lCiNwYXNzd29yZDogICAgICAgICAgICAgICAgICAjIHBhc3N3b3JkCg== kind: Secret metadata: - creationTimestamp: "2026-04-28T19:27:25Z" + creationTimestamp: "2026-05-04T22:30:05Z" name: client-info-secret namespace: synology-csi - resourceVersion: "270754" - uid: 4aaa7acb-0ffd-433b-988d-b39437389b5e + resourceVersion: "2303696" + uid: 24aa7bf1-0702-493f-8bb6-777d01b7981a type: Opaque From 6ceecbffeb689c97d532ac4fc496a165409cdb5d Mon Sep 17 00:00:00 2001 From: crpruett Date: Tue, 5 May 2026 19:56:43 -0400 Subject: [PATCH 5/5] Mealie and Synology --- apps/staging/mealie/kustomization-patch.yaml | 38 +++++ apps/staging/mealie/kustomization.yaml | 31 ++++ .../base/synology-csi/client-info-secret.yaml | 3 - .../base/synology-csi/kustomization.yaml | 16 +- .../{ => old-files}/controller.yaml | 0 .../{ => old-files}/csi-driver.yaml | 0 .../synology-csi/{ => old-files}/node.yaml | 0 .../{ => old-files}/storage-class-smb.yaml | 0 .../{ => old-files}/storage-class.yaml | 0 .../synology-csi-controller-role.yaml | 122 +++++++++++++++ .../synology-csi-controller-rolebind.yaml | 15 ++ .../synology-csi/synology-csi-controller.yaml | 146 ++++++++++++++++++ .../synology-csi/synology-csi-driver.yaml | 16 ++ .../synology-csi/synology-csi-node-role.yaml | 48 ++++++ .../synology-csi-node-rolebind.yaml | 15 ++ .../base/synology-csi/synology-csi-node.yaml | 131 ++++++++++++++++ .../base/synology-csi/synology-csi-sa.yaml | 34 ++++ .../synology-csi-snapshotter-role.yaml | 43 ++++++ .../synology-csi-snapshotter-rolebind.yaml | 15 ++ .../synology-csi-snapshotter.yaml | 102 ++++++++++++ 20 files changed, 767 insertions(+), 8 deletions(-) create mode 100644 apps/staging/mealie/kustomization-patch.yaml rename infrastructure/controllers/base/synology-csi/{ => old-files}/controller.yaml (100%) rename infrastructure/controllers/base/synology-csi/{ => old-files}/csi-driver.yaml (100%) rename infrastructure/controllers/base/synology-csi/{ => old-files}/node.yaml (100%) rename infrastructure/controllers/base/synology-csi/{ => old-files}/storage-class-smb.yaml (100%) rename infrastructure/controllers/base/synology-csi/{ => old-files}/storage-class.yaml (100%) create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-controller-role.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-controller-rolebind.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-controller.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-driver.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-node-role.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-node-rolebind.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-node.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-sa.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-role.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-rolebind.yaml create mode 100644 infrastructure/controllers/base/synology-csi/synology-csi-snapshotter.yaml diff --git a/apps/staging/mealie/kustomization-patch.yaml b/apps/staging/mealie/kustomization-patch.yaml new file mode 100644 index 0000000..05410e1 --- /dev/null +++ b/apps/staging/mealie/kustomization-patch.yaml @@ -0,0 +1,38 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base/mealie +images: + - name: ghcr.io/mealie-recipes/mealie + newTag: v3.16.0 +patches: + - target: + kind: PersistentVolumeClaim + name: mealie-syn-data + namespace: mealie + patch: |- + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mealie-syn-data + spec: + storageClassName: synology-iscsi-retain + resources: + storage: 5Gi + - target: + kind: Deployment + name: mealie + namespace: mealie + patch: |- + apiVersion: v1 + kind: Deployment + metadata: + name: mealie + spec: + replicas: 1 + template: + spec: + volumes: + - name: mealie-data + persistentVolumeClaim: + claimName: mealie-syn-data diff --git a/apps/staging/mealie/kustomization.yaml b/apps/staging/mealie/kustomization.yaml index c2933c3..05410e1 100644 --- a/apps/staging/mealie/kustomization.yaml +++ b/apps/staging/mealie/kustomization.yaml @@ -5,3 +5,34 @@ resources: images: - name: ghcr.io/mealie-recipes/mealie newTag: v3.16.0 +patches: + - target: + kind: PersistentVolumeClaim + name: mealie-syn-data + namespace: mealie + patch: |- + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: mealie-syn-data + spec: + storageClassName: synology-iscsi-retain + resources: + storage: 5Gi + - target: + kind: Deployment + name: mealie + namespace: mealie + patch: |- + apiVersion: v1 + kind: Deployment + metadata: + name: mealie + spec: + replicas: 1 + template: + spec: + volumes: + - name: mealie-data + persistentVolumeClaim: + claimName: mealie-syn-data diff --git a/infrastructure/controllers/base/synology-csi/client-info-secret.yaml b/infrastructure/controllers/base/synology-csi/client-info-secret.yaml index 5a44880..d3e099f 100644 --- a/infrastructure/controllers/base/synology-csi/client-info-secret.yaml +++ b/infrastructure/controllers/base/synology-csi/client-info-secret.yaml @@ -3,9 +3,6 @@ data: client-info.yaml: LS0tCmNsaWVudHM6CiAgLSBob3N0OiAxOTIuMTY4LjcuMTQKICAgIHBvcnQ6IDUwMDAKICAgIGh0dHBzOiBmYWxzZQogICAgdXNlcm5hbWU6IGdhbGxhbnRtb24KICAgIHBhc3N3b3JkOiBEaWdpbW9uQzIxIQogICMtIGhvc3Q6IDE5Mi4xNjguMS4yCiAgICMgcG9ydDogNTAwMAogICAgI2h0dHBzOiBmYWxzZQogICAgI3VzZXJuYW1lOiB1c2VybmFtZQogICAgI3Bhc3N3b3JkOiBwYXNzd29yZAoKI2hvc3Q6ICAgICAgICAgICAgICAgICAgICAgICMgaXB2NCBhZGRyZXNzIG9yIGRvbWFpbiBvZiB0aGUgRFNNCiNwb3J0OiAgICAgICAgICAgICAgICAgICAgICAjIHBvcnQgZm9yIGNvbm5lY3RpbmcgdG8gdGhlIERTTQojaHR0cHM6ICAgICAgICAgICAgICAgICAgICAgIyBzZXQgdGhpcyB0cnVlIHRvIHVzZSBodHRwcy4geW91IG5lZWQgdG8gc3BlY2lmeSB0aGUgcG9ydCB0byBEU00gSFRUUFMgcG9ydCBhcyB3ZWxsCiN1c2VybmFtZTogICAgICAgICAgICAgICAgICAjIHVzZXJuYW1lCiNwYXNzd29yZDogICAgICAgICAgICAgICAgICAjIHBhc3N3b3JkCg== kind: Secret metadata: - creationTimestamp: "2026-05-04T22:30:05Z" name: client-info-secret namespace: synology-csi - resourceVersion: "2303696" - uid: 24aa7bf1-0702-493f-8bb6-777d01b7981a type: Opaque diff --git a/infrastructure/controllers/base/synology-csi/kustomization.yaml b/infrastructure/controllers/base/synology-csi/kustomization.yaml index adddd27..1eb242d 100644 --- a/infrastructure/controllers/base/synology-csi/kustomization.yaml +++ b/infrastructure/controllers/base/synology-csi/kustomization.yaml @@ -1,10 +1,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - csi-driver.yaml - - node.yaml - - controller.yaml + - synology-csi-driver.yaml + - synology-csi-node.yaml + - synology-csi-controller.yaml + - synology-csi-snapshotter.yaml - client-info-secret.yaml - storage-class-retain.yaml - #- storage-class-smb.yaml - #- storage-class.yaml + - synology-csi-controller-role.yaml + - synology-csi-controller-rolebind.yaml + - synology-csi-node-role.yaml + - synology-csi-node-rolebind.yaml + - synology-csi-sa.yaml + - synology-csi-snapshotter-role.yaml + - synology-csi-snapshotter-rolebind.yaml diff --git a/infrastructure/controllers/base/synology-csi/controller.yaml b/infrastructure/controllers/base/synology-csi/old-files/controller.yaml similarity index 100% rename from infrastructure/controllers/base/synology-csi/controller.yaml rename to infrastructure/controllers/base/synology-csi/old-files/controller.yaml diff --git a/infrastructure/controllers/base/synology-csi/csi-driver.yaml b/infrastructure/controllers/base/synology-csi/old-files/csi-driver.yaml similarity index 100% rename from infrastructure/controllers/base/synology-csi/csi-driver.yaml rename to infrastructure/controllers/base/synology-csi/old-files/csi-driver.yaml diff --git a/infrastructure/controllers/base/synology-csi/node.yaml b/infrastructure/controllers/base/synology-csi/old-files/node.yaml similarity index 100% rename from infrastructure/controllers/base/synology-csi/node.yaml rename to infrastructure/controllers/base/synology-csi/old-files/node.yaml diff --git a/infrastructure/controllers/base/synology-csi/storage-class-smb.yaml b/infrastructure/controllers/base/synology-csi/old-files/storage-class-smb.yaml similarity index 100% rename from infrastructure/controllers/base/synology-csi/storage-class-smb.yaml rename to infrastructure/controllers/base/synology-csi/old-files/storage-class-smb.yaml diff --git a/infrastructure/controllers/base/synology-csi/storage-class.yaml b/infrastructure/controllers/base/synology-csi/old-files/storage-class.yaml similarity index 100% rename from infrastructure/controllers/base/synology-csi/storage-class.yaml rename to infrastructure/controllers/base/synology-csi/old-files/storage-class.yaml diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-controller-role.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-controller-role.yaml new file mode 100644 index 0000000..5a752e2 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-controller-role.yaml @@ -0,0 +1,122 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"synology-csi-controller-role"},"rules":[{"apiGroups":[""],"resources":["events"],"verbs":["get","list","watch","create","update","patch"]},{"apiGroups":[""],"resources":["persistentvolumeclaims"],"verbs":["get","list","watch","update","patch"]},{"apiGroups":[""],"resources":["persistentvolumeclaims/status"],"verbs":["get","list","watch","update","patch"]},{"apiGroups":[""],"resources":["persistentvolumes"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["pods"],"verbs":["get","list","watch"]},{"apiGroups":["storage.k8s.io"],"resources":["csinodes"],"verbs":["get","list","watch"]},{"apiGroups":["csi.storage.k8s.io"],"resources":["csinodeinfos"],"verbs":["get","list","watch"]},{"apiGroups":["storage.k8s.io"],"resources":["volumeattachments","volumeattachments/status"],"verbs":["get","list","watch","update","patch"]},{"apiGroups":["storage.k8s.io"],"resources":["storageclasses"],"verbs":["get","list","watch"]},{"apiGroups":["snapshot.storage.k8s.io"],"resources":["volumesnapshots"],"verbs":["get","list"]},{"apiGroups":["snapshot.storage.k8s.io"],"resources":["volumesnapshotcontents"],"verbs":["get","list"]},{"apiGroups":[""],"resources":["secrets"],"verbs":["get"]}]} + name: synology-csi-controller-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + - volumeattachments/status + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-controller-rolebind.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-controller-rolebind.yaml new file mode 100644 index 0000000..4f75790 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-controller-rolebind.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"synology-csi-controller-role"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"synology-csi-controller-role"},"subjects":[{"kind":"ServiceAccount","name":"csi-controller-sa","namespace":"synology-csi"}]} + name: synology-csi-controller-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: synology-csi-controller-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: synology-csi diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-controller.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-controller.yaml new file mode 100644 index 0000000..3529d69 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-controller.yaml @@ -0,0 +1,146 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps/v1","kind":"StatefulSet","metadata":{"annotations":{},"name":"synology-csi-controller","namespace":"synology-csi"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"synology-csi-controller"}},"serviceName":"synology-csi-controller","template":{"metadata":{"labels":{"app":"synology-csi-controller"}},"spec":{"containers":[{"args":["--timeout=60s","--csi-address=$(ADDRESS)","--v=5","--extra-create-metadata"],"env":[{"name":"ADDRESS","value":"/var/lib/csi/sockets/pluginproxy/csi.sock"}],"image":"registry.k8s.io/sig-storage/csi-provisioner:v3.0.0","imagePullPolicy":"Always","name":"csi-provisioner","securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN"]},"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/csi/sockets/pluginproxy/","name":"socket-dir"}]},{"args":["--v=5","--csi-address=$(ADDRESS)"],"env":[{"name":"ADDRESS","value":"/var/lib/csi/sockets/pluginproxy/csi.sock"}],"image":"registry.k8s.io/sig-storage/csi-attacher:v3.3.0","imagePullPolicy":"Always","name":"csi-attacher","securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN"]},"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/csi/sockets/pluginproxy/","name":"socket-dir"}]},{"args":["--v=5","--csi-address=$(ADDRESS)"],"env":[{"name":"ADDRESS","value":"/var/lib/csi/sockets/pluginproxy/csi.sock"}],"image":"registry.k8s.io/sig-storage/csi-resizer:v1.3.0","imagePullPolicy":"Always","name":"csi-resizer","securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN"]},"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/csi/sockets/pluginproxy/","name":"socket-dir"}]},{"args":["--nodeid=NotUsed","--endpoint=$(CSI_ENDPOINT)","--client-info","/etc/synology/client-info.yml","--log-level=info"],"env":[{"name":"CSI_ENDPOINT","value":"unix:///var/lib/csi/sockets/pluginproxy/csi.sock"}],"image":"synology/synology-csi:v1.2.1","imagePullPolicy":"IfNotPresent","name":"csi-plugin","securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN"]},"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/csi/sockets/pluginproxy/","name":"socket-dir"},{"mountPath":"/etc/synology","name":"client-info","readOnly":true}]}],"hostNetwork":true,"serviceAccountName":"csi-controller-sa","volumes":[{"emptyDir":{},"name":"socket-dir"},{"name":"client-info","secret":{"secretName":"client-info-secret"}}]}}}} + name: synology-csi-controller + namespace: synology-csi +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: synology-csi-controller + serviceName: synology-csi-controller + template: + metadata: + labels: + app: synology-csi-controller + spec: + containers: + - args: + - --timeout=60s + - --csi-address=$(ADDRESS) + - --v=5 + - --extra-create-metadata + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-provisioner:v3.0.0 + imagePullPolicy: Always + name: csi-provisioner + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-attacher:v3.3.0 + imagePullPolicy: Always + name: csi-attacher + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-resizer:v1.3.0 + imagePullPolicy: Always + name: csi-resizer + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --nodeid=NotUsed + - --endpoint=$(CSI_ENDPOINT) + - --client-info + - /etc/synology/client-info.yml + - --log-level=info + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + image: synology/synology-csi:v1.2.1 + imagePullPolicy: IfNotPresent + name: csi-plugin + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - mountPath: /etc/synology + name: client-info + readOnly: true + dnsPolicy: ClusterFirst + hostNetwork: true + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: csi-controller-sa + serviceAccountName: csi-controller-sa + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: socket-dir + - name: client-info + secret: + defaultMode: 420 + secretName: client-info-secret + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate +status: + availableReplicas: 1 + collisionCount: 0 + currentReplicas: 1 + currentRevision: synology-csi-controller-74d65d5d76 + observedGeneration: 1 + readyReplicas: 1 + replicas: 1 + updateRevision: synology-csi-controller-74d65d5d76 + updatedReplicas: 1 diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-driver.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-driver.yaml new file mode 100644 index 0000000..d9d4a30 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-driver.yaml @@ -0,0 +1,16 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"storage.k8s.io/v1","kind":"CSIDriver","metadata":{"annotations":{},"name":"csi.san.synology.com"},"spec":{"attachRequired":true,"podInfoOnMount":true,"volumeLifecycleModes":["Persistent"]}} + name: csi.san.synology.com +spec: + attachRequired: true + fsGroupPolicy: ReadWriteOnceWithFSType + podInfoOnMount: true + requiresRepublish: false + seLinuxMount: false + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-node-role.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-node-role.yaml new file mode 100644 index 0000000..9716e78 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-node-role.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"synology-csi-node-role"},"rules":[{"apiGroups":[""],"resources":["secrets"],"verbs":["get","list"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["get","list","update"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list"]},{"apiGroups":[""],"resources":["persistentvolumes"],"verbs":["get","list","watch","update"]},{"apiGroups":["storage.k8s.io"],"resources":["volumeattachments"],"verbs":["get","list","watch","update"]}]} + name: synology-csi-node-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-node-rolebind.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-node-rolebind.yaml new file mode 100644 index 0000000..de3277b --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-node-rolebind.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"synology-csi-node-role"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"synology-csi-node-role"},"subjects":[{"kind":"ServiceAccount","name":"csi-node-sa","namespace":"synology-csi"}]} + name: synology-csi-node-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: synology-csi-node-role +subjects: +- kind: ServiceAccount + name: csi-node-sa + namespace: synology-csi diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-node.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-node.yaml new file mode 100644 index 0000000..6c6b42d --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-node.yaml @@ -0,0 +1,131 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + deprecated.daemonset.template.generation: "2" + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps/v1","kind":"DaemonSet","metadata":{"annotations":{},"name":"synology-csi-node","namespace":"synology-csi"},"spec":{"selector":{"matchLabels":{"app":"synology-csi-node"}},"template":{"metadata":{"labels":{"app":"synology-csi-node"}},"spec":{"containers":[{"args":["--v=5","--csi-address=$(ADDRESS)","--kubelet-registration-path=$(REGISTRATION_PATH)"],"env":[{"name":"ADDRESS","value":"/csi/csi.sock"},{"name":"REGISTRATION_PATH","value":"/var/lib/kubelet/plugins/csi.san.synology.com/csi.sock"},{"name":"KUBE_NODE_NAME","valueFrom":{"fieldRef":{"fieldPath":"spec.nodeName"}}}],"image":"registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.3.0","imagePullPolicy":"Always","name":"csi-driver-registrar","securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/csi","name":"plugin-dir"},{"mountPath":"/registration","name":"registration-dir"}]},{"args":["--nodeid=$(KUBE_NODE_NAME)","--endpoint=$(CSI_ENDPOINT)","--client-info","/etc/synology/client-info.yml","--log-level=info","--chroot-dir=/host"],"env":[{"name":"CSI_ENDPOINT","value":"unix://csi/csi.sock"},{"name":"KUBE_NODE_NAME","valueFrom":{"fieldRef":{"fieldPath":"spec.nodeName"}}}],"image":"synology/synology-csi:v1.2.1","imagePullPolicy":"IfNotPresent","name":"csi-plugin","securityContext":{"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/kubelet","mountPropagation":"Bidirectional","name":"kubelet-dir"},{"mountPath":"/csi","name":"plugin-dir"},{"mountPath":"/etc/synology","name":"client-info","readOnly":true},{"mountPath":"/host","name":"host-root"},{"mountPath":"/dev","name":"device-dir"}]}],"hostNetwork":true,"serviceAccount":"csi-node-sa","volumes":[{"hostPath":{"path":"/var/lib/kubelet","type":"Directory"},"name":"kubelet-dir"},{"hostPath":{"path":"/var/lib/kubelet/plugins/csi.san.synology.com/","type":"DirectoryOrCreate"},"name":"plugin-dir"},{"hostPath":{"path":"/var/lib/kubelet/plugins_registry","type":"Directory"},"name":"registration-dir"},{"name":"client-info","secret":{"secretName":"client-info-secret"}},{"hostPath":{"path":"/","type":"Directory"},"name":"host-root"},{"hostPath":{"path":"/dev","type":"Directory"},"name":"device-dir"}]}}}} + name: synology-csi-node + namespace: synology-csi +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: synology-csi-node + template: + metadata: + annotations: + kubectl.kubernetes.io/restartedAt: "2026-05-02T10:08:38-04:00" + labels: + app: synology-csi-node + spec: + containers: + - args: + - --v=5 + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(REGISTRATION_PATH) + env: + - name: ADDRESS + value: /csi/csi.sock + - name: REGISTRATION_PATH + value: /var/lib/kubelet/plugins/csi.san.synology.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.3.0 + imagePullPolicy: Always + name: csi-driver-registrar + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --nodeid=$(KUBE_NODE_NAME) + - --endpoint=$(CSI_ENDPOINT) + - --client-info + - /etc/synology/client-info.yml + - --log-level=info + - --chroot-dir=/host + env: + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: synology/synology-csi:v1.2.1 + imagePullPolicy: IfNotPresent + name: csi-plugin + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /etc/synology + name: client-info + readOnly: true + - mountPath: /host + name: host-root + - mountPath: /dev + name: device-dir + dnsPolicy: ClusterFirst + hostNetwork: true + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: csi-node-sa + serviceAccountName: csi-node-sa + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/csi.san.synology.com/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - name: client-info + secret: + defaultMode: 420 + secretName: client-info-secret + - hostPath: + path: / + type: Directory + name: host-root + - hostPath: + path: /dev + type: Directory + name: device-dir + updateStrategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate +status: + currentNumberScheduled: 1 + desiredNumberScheduled: 1 + numberAvailable: 1 + numberMisscheduled: 0 + numberReady: 1 + observedGeneration: 2 + updatedNumberScheduled: 1 diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-sa.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-sa.yaml new file mode 100644 index 0000000..bb87fc8 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-sa.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +items: +- apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"csi-controller-sa","namespace":"synology-csi"}} + name: csi-controller-sa + namespace: synology-csi +- apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"csi-node-sa","namespace":"synology-csi"}} + name: csi-node-sa + namespace: synology-csi +- apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"csi-snapshotter-sa","namespace":"synology-csi"}} + name: csi-snapshotter-sa + namespace: synology-csi +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: default + namespace: synology-csi +kind: List +metadata: + resourceVersion: "" diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-role.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-role.yaml new file mode 100644 index 0000000..bbbcc03 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-role.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"synology-csi-snapshotter-role"},"rules":[{"apiGroups":[""],"resources":["events"],"verbs":["list","watch","create","update","patch"]},{"apiGroups":["snapshot.storage.k8s.io"],"resources":["volumesnapshotclasses"],"verbs":["get","list","watch"]},{"apiGroups":["snapshot.storage.k8s.io"],"resources":["volumesnapshotcontents"],"verbs":["create","get","list","watch","update","delete"]},{"apiGroups":["snapshot.storage.k8s.io"],"resources":["volumesnapshotcontents/status"],"verbs":["update"]}]} + name: synology-csi-snapshotter-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-rolebind.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-rolebind.yaml new file mode 100644 index 0000000..ecc17e1 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter-rolebind.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"synology-csi-snapshotter-role"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"synology-csi-snapshotter-role"},"subjects":[{"kind":"ServiceAccount","name":"csi-snapshotter-sa","namespace":"synology-csi"}]} + name: synology-csi-snapshotter-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: synology-csi-snapshotter-role +subjects: +- kind: ServiceAccount + name: csi-snapshotter-sa + namespace: synology-csi diff --git a/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter.yaml b/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter.yaml new file mode 100644 index 0000000..5fb2d09 --- /dev/null +++ b/infrastructure/controllers/base/synology-csi/synology-csi-snapshotter.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps/v1","kind":"StatefulSet","metadata":{"annotations":{},"name":"synology-csi-snapshotter","namespace":"synology-csi"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"synology-csi-snapshotter"}},"serviceName":"synology-csi-snapshotter","template":{"metadata":{"labels":{"app":"synology-csi-snapshotter"}},"spec":{"containers":[{"args":["--v=5","--csi-address=$(ADDRESS)"],"env":[{"name":"ADDRESS","value":"/var/lib/csi/sockets/pluginproxy/csi.sock"}],"image":"registry.k8s.io/sig-storage/csi-snapshotter:v4.2.1","imagePullPolicy":"Always","name":"csi-snapshotter","securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN"]},"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/csi/sockets/pluginproxy/","name":"socket-dir"}]},{"args":["--nodeid=NotUsed","--endpoint=$(CSI_ENDPOINT)","--client-info","/etc/synology/client-info.yml","--log-level=info"],"env":[{"name":"CSI_ENDPOINT","value":"unix:///var/lib/csi/sockets/pluginproxy/csi.sock"}],"image":"synology/synology-csi:v1.2.1","imagePullPolicy":"IfNotPresent","name":"csi-plugin","securityContext":{"allowPrivilegeEscalation":true,"capabilities":{"add":["SYS_ADMIN"]},"privileged":true},"volumeMounts":[{"mountPath":"/var/lib/csi/sockets/pluginproxy/","name":"socket-dir"},{"mountPath":"/etc/synology","name":"client-info","readOnly":true}]}],"hostNetwork":true,"serviceAccountName":"csi-snapshotter-sa","volumes":[{"emptyDir":{},"name":"socket-dir"},{"name":"client-info","secret":{"secretName":"client-info-secret"}}]}}}} + name: synology-csi-snapshotter + namespace: synology-csi +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: OrderedReady + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: synology-csi-snapshotter + serviceName: synology-csi-snapshotter + template: + metadata: + labels: + app: synology-csi-snapshotter + spec: + containers: + - args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.1 + imagePullPolicy: Always + name: csi-snapshotter + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --nodeid=NotUsed + - --endpoint=$(CSI_ENDPOINT) + - --client-info + - /etc/synology/client-info.yml + - --log-level=info + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + image: synology/synology-csi:v1.2.1 + imagePullPolicy: IfNotPresent + name: csi-plugin + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - mountPath: /etc/synology + name: client-info + readOnly: true + dnsPolicy: ClusterFirst + hostNetwork: true + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: csi-snapshotter-sa + serviceAccountName: csi-snapshotter-sa + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: socket-dir + - name: client-info + secret: + defaultMode: 420 + secretName: client-info-secret + updateStrategy: + rollingUpdate: + partition: 0 + type: RollingUpdate +status: + availableReplicas: 1 + collisionCount: 0 + currentReplicas: 1 + currentRevision: synology-csi-snapshotter-76bd6dc95f + observedGeneration: 1 + readyReplicas: 1 + replicas: 1 + updateRevision: synology-csi-snapshotter-76bd6dc95f + updatedReplicas: 1