apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" meta.helm.sh/release-name: ceph-csi-rbd meta.helm.sh/release-namespace: kube-system creationTimestamp: "2026-02-05T05:30:21Z" generation: 1 labels: app: ceph-csi-rbd app.kubernetes.io/managed-by: Helm chart: ceph-csi-rbd-3.11.0 component: nodeplugin heritage: Helm release: ceph-csi-rbd name: ceph-csi-rbd-nodeplugin namespace: kube-system resourceVersion: "927" uid: b459b2b7-842d-4c4f-b7a7-13ffc6608f84 spec: revisionHistoryLimit: 10 selector: matchLabels: app: ceph-csi-rbd component: nodeplugin release: ceph-csi-rbd template: metadata: creationTimestamp: null labels: app: ceph-csi-rbd chart: ceph-csi-rbd-3.11.0 component: nodeplugin heritage: Helm release: ceph-csi-rbd spec: containers: - args: - --nodeid=$(NODE_ID) - --pluginpath=/var/lib/kubelet/plugins - --stagingpath=/var/lib/kubelet/plugins/kubernetes.io/csi/ - --type=rbd - --nodeserver=true - --pidlimit=-1 - --endpoint=$(CSI_ENDPOINT) - --csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT) - --v=5 - --drivername=$(DRIVER_NAME) - --enable-read-affinity=false env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DRIVER_NAME value: rbd.csi.ceph.com - name: NODE_ID valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: CSI_ADDONS_ENDPOINT value: unix:///csi/csi-addons.sock image: quay.io/cephcsi/cephcsi:v3.11.0 imagePullPolicy: IfNotPresent name: csi-rbdplugin resources: {} securityContext: allowPrivilegeEscalation: true capabilities: add: - SYS_ADMIN privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /dev name: host-dev - mountPath: /run/mount name: host-mount - mountPath: /sys name: host-sys - mountPath: /etc/selinux name: etc-selinux readOnly: true - mountPath: /lib/modules name: lib-modules readOnly: true - mountPath: /etc/ceph-csi-config/ name: ceph-csi-config - mountPath: /etc/ceph/ name: ceph-config - mountPath: /etc/ceph-csi-encryption-kms-config/ name: ceph-csi-encryption-kms-config - mountPath: /var/lib/kubelet/plugins mountPropagation: Bidirectional name: plugin-dir - mountPath: /var/lib/kubelet/pods mountPropagation: Bidirectional name: mountpoint-dir - mountPath: /tmp/csi/keys name: keys-tmp-dir - mountPath: /var/log/ceph name: ceph-logdir - mountPath: /run/secrets/tokens name: oidc-token readOnly: true - args: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock env: - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 imagePullPolicy: IfNotPresent name: driver-registrar resources: {} securityContext: allowPrivilegeEscalation: true privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /registration name: registration-dir - args: - --type=liveness - --endpoint=$(CSI_ENDPOINT) - --metricsport=8081 - --metricspath=/metrics - --polltime=60s - --timeout=3s env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: quay.io/cephcsi/cephcsi:v3.11.0 imagePullPolicy: IfNotPresent name: liveness-prometheus ports: - containerPort: 8081 name: metrics protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: true privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /csi name: socket-dir dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: true priorityClassName: system-node-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: ceph-csi-rbd-nodeplugin serviceAccountName: ceph-csi-rbd-nodeplugin terminationGracePeriodSeconds: 30 volumes: - hostPath: path: /var/lib/kubelet/plugins/rbd.csi.ceph.com type: DirectoryOrCreate name: socket-dir - hostPath: path: /var/lib/kubelet/plugins_registry type: Directory name: registration-dir - hostPath: path: /var/lib/kubelet/plugins type: Directory name: plugin-dir - hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate name: mountpoint-dir - hostPath: path: /var/log/ceph type: DirectoryOrCreate name: ceph-logdir - hostPath: path: /dev type: "" name: host-dev - hostPath: path: /run/mount type: "" name: host-mount - hostPath: path: /sys type: "" name: host-sys - hostPath: path: /etc/selinux type: "" name: etc-selinux - hostPath: path: /lib/modules type: "" name: lib-modules - configMap: defaultMode: 420 name: ceph-config name: ceph-config - configMap: defaultMode: 420 name: ceph-csi-config name: ceph-csi-config - configMap: defaultMode: 420 name: ceph-csi-encryption-kms-config name: ceph-csi-encryption-kms-config - emptyDir: medium: Memory name: keys-tmp-dir - name: oidc-token projected: defaultMode: 420 sources: - serviceAccountToken: audience: ceph-csi-kms expirationSeconds: 3600 path: oidc-token updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 1 desiredNumberScheduled: 1 numberAvailable: 1 numberMisscheduled: 0 numberReady: 1 observedGeneration: 1 updatedNumberScheduled: 1