freeleaps-ops/cluster/manifests/freeleaps-storage-system/azure-blob-storage-csi/values.yaml

image:
  baseRepo: mcr.microsoft.com
  blob:
    repository: /k8s/csi/blob-csi
    tag: latest
    pullPolicy: IfNotPresent
  csiProvisioner:
    repository: /oss/kubernetes-csi/csi-provisioner
    tag: v5.1.0
    pullPolicy: IfNotPresent
  livenessProbe:
    repository: /oss/kubernetes-csi/livenessprobe
    tag: v2.14.0
    pullPolicy: IfNotPresent
  nodeDriverRegistrar:
    repository: /oss/kubernetes-csi/csi-node-driver-registrar
    tag: v2.12.0
    pullPolicy: IfNotPresent
  csiResizer:
    repository: /oss/kubernetes-csi/csi-resizer
    tag: v1.12.0
    pullPolicy: IfNotPresent

cloud: AzurePublicCloud

## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: myRegistryKeySecretName

serviceAccount:
  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
  controller: csi-blob-controller-sa # Name of Service Account to be created or used
  node: csi-blob-node-sa # Name of Service Account to be created or used

rbac:
  create: true
  name: blob

## Collection of annotations to add to all the pods
podAnnotations: {}
## Collection of labels to add to all the pods
podLabels: {}
# -- Custom labels to add into metadata
customLabels: {}
  # k8s-app: blob-csi-driver

## Leverage a PriorityClass to ensure your pods survive resource shortages
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: system-cluster-critical
## Security context give the opportunity to run container as nonroot by setting a securityContext
## by example :
## securityContext: { runAsUser: 1001 }
securityContext: {}

controller:
  name: csi-blob-controller
  cloudConfigSecretName: azure-cloud-provider
  cloudConfigSecretNamespace: freeleaps-storage-system
  allowEmptyCloudConfig: true
  hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting
  metricsPort: 29634
  livenessProbe:
    healthPort: 29632
  replicas: 2
  runOnMaster: false
  runOnControlPlane: true
  logLevel: 5
  resources:
    csiProvisioner:
      limits:
        memory: 500Mi
      requests:
        cpu: 10m
        memory: 20Mi
    livenessProbe:
      limits:
        memory: 100Mi
      requests:
        cpu: 10m
        memory: 20Mi
    blob:
      limits:
        memory: 800Mi
      requests:
        cpu: 10m
        memory: 20Mi
    csiResizer:
      limits:
        memory: 500Mi
      requests:
        cpu: 10m
        memory: 20Mi
  affinity: {}
  nodeSelector: {}
  tolerations:
    - key: "node-role.kubernetes.io/master"
      operator: "Exists"
      effect: "NoSchedule"
    - key: "node-role.kubernetes.io/controlplane"
      operator: "Exists"
      effect: "NoSchedule"
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"
    - key: "CriticalAddonsOnly"
      operator: "Exists"
      effect: "NoSchedule"

node:
  name: csi-blob-node
  cloudConfigSecretName: azure-cloud-provider
  cloudConfigSecretNamespace: freeleaps-storage-system
  allowEmptyCloudConfig: true
  allowInlineVolumeKeyAccessWithIdentity: false
  maxUnavailable: 1
  metricsPort: 29635
  livenessProbe:
    healthPort: 29633
  logLevel: 5
  enableBlobfuseProxy: true
  blobfuseProxy:
    installBlobfuse: false
    blobfuseVersion: "1.4.5"
    installBlobfuse2: true
    blobfuse2Version: "2.4.0"
    setMaxOpenFileNum: true
    maxOpenFileNum: "9000000"
    disableUpdateDB: true
    migrateK8sRepo: false
    setReadAheadSize: true
  blobfuseCachePath: /mnt
  appendTimeStampInCacheDir: false
  mountPermissions: 0777
  resources:
    livenessProbe:
      limits:
        memory: 100Mi
      requests:
        cpu: 10m
        memory: 20Mi
    nodeDriverRegistrar:
      limits:
        memory: 100Mi
      requests:
        cpu: 10m
        memory: 20Mi
    blob:
      limits:
        memory: 2100Mi
      requests:
        cpu: 10m
        memory: 20Mi
    aznfswatchdog:
      limits:
        memory: 100Mi
      requests:
        cpu: 10m
        memory: 20Mi
  affinity: {}
  nodeSelector: {}
  tolerations:
    - operator: "Exists"
  enableAznfsMount: true

feature:
  fsGroupPolicy: ReadWriteOnceWithFSType
  enableGetVolumeStats: false

driver:
  name: blob.csi.azure.com
  customUserAgent: ""
  userAgentSuffix: "OSS-helm"
  azureGoSDKLogLevel: "INFO" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR
  httpsProxy: ""
  httpProxy: ""

linux:
  kubelet: /var/lib/kubelet
  distro: debian

workloadIdentity:
  clientID: ""
  # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster
  # then set tenantID with the application or user-assigned managed identity tenant ID
  tenantID: ""