Merge pull request #964 from andyzhangx/CVE-2025-22868

fix: CVE-2025-22868
2025-07-21 14:22:34 +08:00 · 2025-07-21 02:36:07 +00:00 · 2025-07-04 11:40:26 +03:00 · 2025-07-04 03:56:31 +00:00 · 2025-06-18 12:07:27 +03:00 · 2025-06-18 12:06:55 +03:00
5867 changed files with 748824 additions and 316773 deletions
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@ -17,6 +17,10 @@ about: Create a report to help us improve this project
 **Anything else we need to know?**:

 **Environment**:
+<!-- 
+Run following command to get CSI driver version:
+kubectl get po -n kube-system -o yaml | grep registry.k8s | grep smb
+-->
 - CSI Driver version:
 - Kubernetes version (use `kubectl version`):
 - OS (e.g. from /etc/os-release):
--- a/.github/ISSUE_TEMPLATE/support.md
+++ b/.github/ISSUE_TEMPLATE/support.md
@ -9,7 +9,7 @@ STOP -- PLEASE READ!

 GitHub is not the right place for support requests.

-If you're looking for help, post your question on the [Kubernetes Slack ](http://slack.k8s.io/) Sig-AZURE Channel.
+If you're looking for help, post your question on the [Kubernetes Slack ](http://slack.k8s.io/) sig-storage Channel.

 If the matter is security related, please disclose it privately via https://kubernetes.io/security/.
 -->
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@ -0,0 +1,31 @@
+version: 2
+updates:
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: daily
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+  open-pull-requests-limit: 1
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+      interval: "daily"
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+  open-pull-requests-limit: 1
+- package-ecosystem: "docker"
+  directory: "/cmd/smbplugin/"
+  schedule:
+    interval: "daily"
+    time: "01:00"
+    timezone: "Asia/Shanghai"
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+    - "kind/cleanup"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -38,17 +38,17 @@ jobs:

    steps:
    - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
      with:
        go-version: ^1.18
      id: go

    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@ -63,4 +63,4 @@ jobs:
        make all

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@ -8,9 +8,9 @@ jobs:
    name: Check for spelling errors
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
      - uses: codespell-project/actions-codespell@master
        with:
          check_filenames: true
          skip: ./.git,./.github/workflows/codespell.yml,.git,*.png,*.jpg,*.svg,*.sum,./vendor,go.sum
-          ignore_words_list: browseable
+          ignore_words_list: "browseable,ro"
--- a/.github/workflows/darwin.yaml
+++ b/.github/workflows/darwin.yaml
@ -11,13 +11,13 @@ jobs:
    steps:

    - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
      with:
        go-version: ^1.16
      id: go

    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4

    - name: Build Test
      run: |
--- a/.github/workflows/linux.yaml
+++ b/.github/workflows/linux.yaml
@ -11,32 +11,25 @@ jobs:
    steps:

    - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
      with:
        go-version: ^1.16
      id: go

    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4

    - name: Install packages
      run: |
        sudo apt update
-        sudo apt install cifs-utils procps conntrack -y
-        GO111MODULE=off go get github.com/rexray/gocsi/csc
+        sudo apt install cifs-utils procps -y

    - name: Build Test
      run: |
        export PATH=$PATH:$HOME/.local/bin
-        go test -covermode=count -coverprofile=profile.cov ./pkg/...
+        go test -race -covermode=atomic -coverprofile=profile.cov ./pkg/...
        export DOCKER_CLI_EXPERIMENTAL=enabled && make container

-    - name: Integration Testing
-      run: |
-        export PATH=$PATH:$HOME/.local/bin
-        make
-        make integration-test
-
    - name: Sanity test
      env:
        GITHUB_ACTIONS: true
@ -46,9 +39,10 @@ jobs:
        echo "is running in github actions: $GITHUB_ACTIONS"
        make sanity-test

+    - name: Install goveralls
+      run: go install github.com/mattn/goveralls@latest
+
    - name: Send coverage
      env:
        COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        GO111MODULE=off go get github.com/mattn/goveralls
-        $(go env GOPATH)/bin/goveralls -coverprofile=profile.cov -service=github
+      run: goveralls -coverprofile=profile.cov -service=github
--- a/.github/workflows/pluto.yaml
+++ b/.github/workflows/pluto.yaml
@ -11,7 +11,7 @@ jobs:
    steps:

    - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4

    # https://pluto.docs.fairwinds.com/advanced/#display-options
    - name: Download pluto
--- a/.github/workflows/shellcheck.yaml
+++ b/.github/workflows/shellcheck.yaml
@ -16,7 +16,7 @@ jobs:
    name: Shellcheck
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
    - name: Run ShellCheck
      uses: ludeeus/action-shellcheck@master
      env:
--- a/.github/workflows/static.yaml
+++ b/.github/workflows/static.yaml
@ -5,12 +5,15 @@ on:
 jobs:
    go_lint:
        name: Go Lint
-        runs-on: ubuntu-18.04
+        runs-on: ubuntu-latest
        steps:
-            - name: Checkout code
-              uses: actions/checkout@master
-            - name: Run linter
-              uses: golangci/golangci-lint-action@v2
+            - name: Set up Go 1.x
+              uses: actions/setup-go@v5
              with:
-                  version: v1.45
-                  args: -E=gofmt,deadcode,unused,varcheck,ineffassign,revive,misspell,exportloopref,asciicheck,bodyclose,contextcheck --timeout=30m0s
+                go-version: ^1.19
+            - uses: actions/checkout@master
+            - name: Run linter
+              uses: golangci/golangci-lint-action@v6
+              with:
+                  version: v1.64
+                  args: -E=gofmt,unused,ineffassign,revive,misspell,copyloopvar,asciicheck,bodyclose,contextcheck,dogsled,durationcheck,errname,forbidigo -D=staticcheck --timeout=30m0s
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@ -7,16 +7,16 @@ on:
 jobs:
  build:
    name: Build
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
    steps:
      - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
-          go-version: ^1.16
+          go-version: 1.24.4
        id: go

      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      
      - name: Build an image from Dockerfile
        run: |
@ -28,6 +28,8 @@ jobs:
      
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
+        env:
+          TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"
        with:
          image-ref: 'test/smb-csi:latest'
          format: 'table'
--- a/.github/workflows/ubuntu-e2e.yml
+++ b/.github/workflows/ubuntu-e2e.yml
@ -14,13 +14,13 @@ jobs:
    steps:

    - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
      with:
        go-version: ^1.16
      id: go

    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4

    - name: e2e tests
      run: |
--- a/.github/workflows/windows.yaml
+++ b/.github/workflows/windows.yaml
@ -12,12 +12,12 @@ jobs:
    runs-on: ${{ matrix.platform }}
    steps:
      - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
          go-version: ^1.16
        id: go
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      - name: Build Test
        run: |
          make smb-windows
--- a/.gitignore
+++ b/.gitignore
@ -68,3 +68,5 @@ cscope.*

 /bazel-*
 *.pyc
+
+bin
--- a/.golangci.yml
+++ b/.golangci.yml
@ -0,0 +1,12 @@
+linters-settings:
+  depguard:
+    rules:
+      main:
+        files:
+          - $all
+          - "!$test"
+        allow:
+          - $gostd
+          - k8s.io
+          - sigs.k8s.io
+          - github.com
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -13,7 +13,7 @@ We have full documentation on how to get started contributing here:

 - [Contributor License Agreement](https://git.k8s.io/community/CLA.md) Kubernetes projects require that you sign a Contributor License Agreement (CLA) before we can accept your pull requests
 - [Kubernetes Contributor Guide](http://git.k8s.io/community/contributors/guide) - Main contributor documentation, or you can just jump directly to the [contributing section](http://git.k8s.io/community/contributors/guide#contributing)
- [Contributor Cheat Sheet](https://git.k8s.io/community/contributors/guide/contributor-cheatsheet.md) - Common resources for existing developers
+- [Contributor Cheat Sheet](https://github.com/kubernetes/community/blob/master/contributors/guide/contributor-cheatsheet/README.md) - Common resources for existing developers

 ## Mentorship

--- a/113
+++ b/113
@ -12,12 +12,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+CMDS=smbplugin
 PKG = github.com/kubernetes-csi/csi-driver-smb
-GIT_COMMIT ?= $(shell git rev-parse HEAD)
+GINKGO_FLAGS = -ginkgo.v -ginkgo.timeout=2h
+GO111MODULE = on
+ifndef GOPATH
+GOPATH := $(shell go env GOPATH)
+endif
+GOBIN ?= $(GOPATH)/bin
+DOCKER_CLI_EXPERIMENTAL = enabled
+IMAGENAME ?= smb-csi
+export GOPATH GOBIN GO111MODULE DOCKER_CLI_EXPERIMENTAL
+
+include release-tools/build.make
+
+GIT_COMMIT := $(shell git rev-parse HEAD)
 REGISTRY ?= andyzhangx
-REGISTRY_NAME = $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
-IMAGE_NAME ?= smb-csi
-IMAGE_VERSION ?= v1.6.0
+REGISTRY_NAME := $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
+IMAGE_VERSION ?= v1.18.0
 VERSION ?= latest
 # Use a custom version for E2E tests if we are testing in CI
 ifdef CI
@ -25,39 +37,34 @@ ifndef PUBLISH
 override IMAGE_VERSION := e2e-$(GIT_COMMIT)
 endif
 endif
-IMAGE_TAG = $(REGISTRY)/$(IMAGE_NAME):$(IMAGE_VERSION)
-IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGE_NAME):latest
-BUILD_DATE ?= $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
-LDFLAGS ?= "-X ${PKG}/pkg/smb.driverVersion=${IMAGE_VERSION} -X ${PKG}/pkg/smb.gitCommit=${GIT_COMMIT} -X ${PKG}/pkg/smb.buildDate=${BUILD_DATE} -s -w -extldflags '-static'"
-E2E_HELM_OPTIONS ?= --set image.smb.repository=$(REGISTRY)/$(IMAGE_NAME) --set image.smb.tag=$(IMAGE_VERSION) --set controller.dnsPolicy=ClusterFirstWithHostNet --set linux.dnsPolicy=ClusterFirstWithHostNet
+IMAGE_TAG = $(REGISTRY)/$(IMAGENAME):$(IMAGE_VERSION)
+IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGENAME):latest
+ifndef BUILD_DATE
+BUILD_DATE := $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
+endif
+LDFLAGS = -X ${PKG}/pkg/smb.driverVersion=${IMAGE_VERSION} -X ${PKG}/pkg/smb.gitCommit=${GIT_COMMIT} -X ${PKG}/pkg/smb.buildDate=${BUILD_DATE}
+EXT_LDFLAGS = -s -w -extldflags "-static"
+E2E_HELM_OPTIONS ?= --set image.smb.repository=$(REGISTRY)/$(IMAGENAME) --set image.smb.tag=$(IMAGE_VERSION) --set controller.runOnControlPlane=true
 E2E_HELM_OPTIONS += ${EXTRA_HELM_OPTIONS}
-GINKGO_FLAGS = -ginkgo.v
-GO111MODULE = on
-GOPATH ?= $(shell go env GOPATH)
-GOBIN ?= $(GOPATH)/bin
-DOCKER_CLI_EXPERIMENTAL = enabled
-export GOPATH GOBIN GO111MODULE DOCKER_CLI_EXPERIMENTAL
-
 # Generate all combination of all OS, ARCH, and OSVERSIONS for iteration
 ALL_OS = linux windows
 ALL_ARCH.linux = arm64 amd64 ppc64le
 ALL_OS_ARCH.linux = linux-arm64 linux-arm-v7 linux-amd64 linux-ppc64le
 ALL_ARCH.windows = amd64
-ALL_OSVERSIONS.windows := 1809 20H2 ltsc2022
+ALL_OSVERSIONS.windows := 1809 ltsc2022
 ALL_OS_ARCH.windows = $(foreach arch, $(ALL_ARCH.windows), $(foreach osversion, ${ALL_OSVERSIONS.windows}, windows-${osversion}-${arch}))
 ALL_OS_ARCH = $(foreach os, $(ALL_OS), ${ALL_OS_ARCH.${os}})

 # The current context of image building
 # The architecture of the image
 ARCH ?= amd64
-# OS Version for the Windows images: 1809, 1903, 1909, 2004
+# OS Version for the Windows images: 1809, ltsc2022
 OSVERSION ?= 1809
 # Output type of docker buildx build
 OUTPUT_TYPE ?= registry

 .EXPORT_ALL_VARIABLES:

-.PHONY: all
 all: smb

 .PHONY: update
@ -65,12 +72,6 @@ update:
 	hack/update-dependencies.sh
 	hack/verify-update.sh

-# There seems to be some shell quoting problem with cloudbuild.yaml, and trying
-# to pass multiple make targets appears as a single quoted string. See
-# cloudbuild.yaml for how this is used.
-.PHONY: cloudbuild
-cloudbuild: container-all push-manifest push-latest
-
 .PHONY: verify
 verify: unit-test
 	hack/verify-all.sh
@ -101,11 +102,16 @@ e2e-test:

 .PHONY: e2e-bootstrap
 e2e-bootstrap: install-helm
+ifdef WINDOWS_USE_HOST_PROCESS_CONTAINERS
+	(docker pull $(IMAGE_TAG) && docker pull $(IMAGE_TAG)-windows-hp) || make container-all push-manifest
+else
 	docker pull $(IMAGE_TAG) || make container-all push-manifest
+endif
 ifdef TEST_WINDOWS
 	helm upgrade csi-driver-smb charts/$(VERSION)/csi-driver-smb --namespace kube-system --wait --timeout=15m -v=5 --debug --install \
 		${E2E_HELM_OPTIONS} \
 		--set windows.enabled=true \
+		--set windows.useHostProcessContainers=${WINDOWS_USE_HOST_PROCESS_CONTAINERS} \
 		--set linux.enabled=false \
 		--set controller.replicas=1 \
 		--set controller.logLevel=6 \
@ -125,39 +131,60 @@ e2e-teardown:

 .PHONY: smb
 smb:
-	CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) go build -a -ldflags ${LDFLAGS} -mod vendor -o _output/${ARCH}/smbplugin ./pkg/smbplugin
+	CGO_ENABLED=0 GOOS=linux GOARCH=$(ARCH) go build -a -ldflags "${LDFLAGS} ${EXT_LDFLAGS}" -mod vendor -o _output/${ARCH}/smbplugin ./cmd/smbplugin

 .PHONY: smb-armv7
 smb-armv7:
-	CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -a -ldflags ${LDFLAGS} -mod vendor -o _output/arm/v7/smbplugin ./pkg/smbplugin
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -a -ldflags "${LDFLAGS} ${EXT_LDFLAGS}" -mod vendor -o _output/arm/v7/smbplugin ./cmd/smbplugin

 .PHONY: smb-windows
 smb-windows:
-	CGO_ENABLED=0 GOOS=windows go build -a -ldflags ${LDFLAGS} -mod vendor -o _output/${ARCH}/smbplugin.exe ./pkg/smbplugin
+	CGO_ENABLED=0 GOOS=windows go build -a -ldflags "${LDFLAGS} ${EXT_LDFLAGS}" -mod vendor -o _output/${ARCH}/smbplugin.exe ./cmd/smbplugin

 .PHONY: smb-darwin
 smb-darwin:
-	CGO_ENABLED=0 GOOS=darwin go build -a -ldflags ${LDFLAGS} -mod vendor -o _output/${ARCH}/smbplugin ./pkg/smbplugin
+	CGO_ENABLED=0 GOOS=darwin go build -a -ldflags "${LDFLAGS} ${EXT_LDFLAGS}" -mod vendor -o _output/${ARCH}/smbplugin ./cmd/smbplugin

 .PHONY: container
 container: smb
-	docker build --no-cache -t $(IMAGE_TAG) --output=type=docker -f ./pkg/smbplugin/Dockerfile .
+	docker build --no-cache -t $(IMAGE_TAG) --output=type=docker -f ./cmd/smbplugin/Dockerfile .

 .PHONY: container-linux
 container-linux:
-	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="linux/$(ARCH)" \
-		-t $(IMAGE_TAG)-linux-$(ARCH) --build-arg ARCH=$(ARCH) -f ./pkg/smbplugin/Dockerfile .
+	docker buildx build --no-cache --pull --output=type=$(OUTPUT_TYPE) --platform="linux/$(ARCH)" \
+		--provenance=false --sbom=false \
+		-t $(IMAGE_TAG)-linux-$(ARCH) --build-arg ARCH=$(ARCH) -f ./cmd/smbplugin/Dockerfile .

 .PHONY: container-linux-armv7
 container-linux-armv7:
-	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="linux/arm/v7" \
-		-t $(IMAGE_TAG)-linux-arm-v7 --build-arg ARCH=arm/v7 -f ./pkg/smbplugin/Dockerfile .
+	docker buildx build --no-cache --pull --output=type=$(OUTPUT_TYPE) --platform="linux/arm/v7" \
+		--provenance=false --sbom=false \
+		-t $(IMAGE_TAG)-linux-arm-v7 --build-arg ARCH=arm/v7 -f ./cmd/smbplugin/Dockerfile .

 .PHONY: container-windows
 container-windows:
-	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="windows/$(ARCH)" \
+	docker buildx build --no-cache --pull --output=type=$(OUTPUT_TYPE) --platform="windows/$(ARCH)" \
 		 -t $(IMAGE_TAG)-windows-$(OSVERSION)-$(ARCH) --build-arg OSVERSION=$(OSVERSION) \
-		 --build-arg ARCH=$(ARCH) -f ./pkg/smbplugin/Windows.Dockerfile .
+		--provenance=false --sbom=false \
+		 --build-arg ARCH=$(ARCH) -f ./cmd/smbplugin/Dockerfile.Windows .
+# workaround: only build hostprocess image once
+ifdef WINDOWS_USE_HOST_PROCESS_CONTAINERS
+ifeq ($(OSVERSION),ltsc2022)
+	$(MAKE) container-windows-hostprocess
+	$(MAKE) container-windows-hostprocess-latest
+endif
+endif
+
+# Set --provenance=false to not generate the provenance (which is what causes the multi-platform index to be generated, even for a single platform).
+.PHONY: container-windows-hostprocess
+container-windows-hostprocess:
+	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="windows/$(ARCH)" --provenance=false --sbom=false \
+		-t $(IMAGE_TAG)-windows-hp -f ./cmd/smbplugin/Dockerfile.WindowsHostProcess .
+
+.PHONY: container-windows-hostprocess-latest
+container-windows-hostprocess-latest:
+	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="windows/$(ARCH)" --provenance=false --sbom=false \
+		-t $(IMAGE_TAG_LATEST)-windows-hp -f ./cmd/smbplugin/Dockerfile.WindowsHostProcess .

 .PHONY: container-all
 container-all: smb-windows
@ -190,6 +217,7 @@ push-manifest:
 		done; \
 	done
 	docker manifest push --purge $(IMAGE_TAG)
+	docker manifest inspect $(IMAGE_TAG)
 ifdef PUBLISH
 	docker manifest create $(IMAGE_TAG_LATEST) $(foreach osarch, $(ALL_OS_ARCH), $(IMAGE_TAG)-${osarch})
 	set -x; \
@ -201,25 +229,24 @@ ifdef PUBLISH
 		done; \
 	done
 	docker manifest inspect $(IMAGE_TAG_LATEST)
+	docker manifest create --amend $(IMAGE_TAG_LATEST)-windows-hp $(IMAGE_TAG_LATEST)-windows-hp
+	docker manifest inspect $(IMAGE_TAG_LATEST)-windows-hp
 endif

 .PHONY: push-latest
 push-latest:
 ifdef CI
 	docker manifest push --purge $(IMAGE_TAG_LATEST)
+	docker manifest push --purge $(IMAGE_TAG_LATEST)-windows-hp
 else
 	docker push $(IMAGE_TAG_LATEST)
+	docker push $(IMAGE_TAG_LATEST)-windows-hp
 endif

-.PHONY: clean
-clean:
-	go clean -r -x
-	-rm -rf _output
-
 .PHONY: install-smb-provisioner
 install-smb-provisioner:
-	kubectl delete secret smbcreds --ignore-not-found
-	kubectl create secret generic smbcreds --from-literal username=USERNAME --from-literal password="PASSWORD" --from-literal mountOptions="dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks"
+	kubectl delete secret smbcreds --ignore-not-found -n default
+	kubectl create secret generic smbcreds --from-literal username=USERNAME --from-literal password="PASSWORD" --from-literal mountOptions="dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks" -n default
 ifdef TEST_WINDOWS
 	kubectl apply -f deploy/example/smb-provisioner/smb-server-lb.yaml
 else
--- a/README.md
+++ b/README.md
@ -2,31 +2,34 @@
 ![linux build status](https://github.com/kubernetes-csi/csi-driver-smb/actions/workflows/linux.yaml/badge.svg)
 ![windows build status](https://github.com/kubernetes-csi/csi-driver-smb/actions/workflows/windows.yaml/badge.svg)
 [![Coverage Status](https://coveralls.io/repos/github/kubernetes-csi/csi-driver-smb/badge.svg?branch=master)](https://coveralls.io/github/kubernetes-csi/csi-driver-smb?branch=master)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/csi-driver-smb)](https://artifacthub.io/packages/search?repo=csi-driver-smb)

 ### About
-This driver allows Kubernetes to access [SMB](https://wiki.wireshark.org/SMB) server on both Linux and Windows nodes, csi plugin name: `smb.csi.k8s.io`. The driver requires existing and already configured SMB server, it supports dynamic provisioning of Persistent Volumes via Persistent Volume Claims by creating a new sub directory under SMB server.
+This driver allows Kubernetes to access [SMB](https://wiki.wireshark.org/SMB) server on both Linux and Windows nodes, plugin name: `smb.csi.k8s.io`. The driver requires existing configured SMB server, it supports dynamic provisioning of Persistent Volumes via Persistent Volume Claims by creating a new sub directory under SMB server.

 ### Project status: GA

 ### Container Images & Kubernetes Compatibility:
 |Driver Version | supported k8s version | supported [Windows csi-proxy](https://github.com/kubernetes-csi/csi-proxy) version |
 |---------------|-----------------------|-------------------------------------|
-|master branch  | 1.20+                 | v0.2.2+                             |
-|v1.6.0         | 1.20+                 | v0.2.2+                             |
-|v1.5.0         | 1.19+                 | v0.2.2+                             |
-|v1.4.0         | 1.19+                 | v0.2.2+                             |
+|master branch  | 1.21+                 | v0.2.2+                             |
+|v1.18.0        | 1.21+                 | v0.2.2+                             |
+|v1.17.0        | 1.21+                 | v0.2.2+                             |
+|v1.16.0        | 1.21+                 | v0.2.2+                             |

 ### Driver parameters
-Please refer to [`smb.csi.k8s.io` driver parameters](./docs/driver-parameters.md)
+Please refer to `smb.csi.k8s.io` [driver parameters](./docs/driver-parameters.md)

 ### Install driver on a Kubernetes cluster
- - install by [kubectl](./docs/install-smb-csi-driver.md)
- - install by [helm charts](./charts)
+ - install via [helm charts](./charts)
+ - install via [kubectl](./docs/install-smb-csi-driver.md)
 
 ### Examples
+ - [How to Use the Windows CSI Proxy and CSI SMB Driver for Kubernetes](https://www.phillipsj.net/posts/how-to-use-the-windows-csi-proxy-and-csi-smb-driver-for-kubernetes/)
 - [Set up a Samba Server on a Kubernetes cluster](./deploy/example/smb-provisioner/)
 - [Basic usage](./deploy/example/e2e_usage.md)
 - [Windows](./deploy/example/windows)
+ - [Volume cloning](./deploy/example/cloning)

 ### Troubleshooting
 - [CSI driver troubleshooting guide](./docs/csi-debug.md) 
@ -35,7 +38,8 @@ Please refer to [`smb.csi.k8s.io` driver parameters](./docs/driver-parameters.md
 Please refer to [development guide](./docs/csi-dev.md)

 ### View CI Results
-Check testgrid [sig-storage-csi-smb](https://testgrid.k8s.io/sig-storage-csi-other) dashboard.
+ - testgrid [sig-storage-csi-smb](https://testgrid.k8s.io/sig-storage-csi-other) dashboard.
+ - Driver image build pipeline: [post-csi-driver-smb-push-images](https://testgrid.k8s.io/sig-storage-image-build#post-csi-driver-smb-push-images)

 ### Links
 - [SMB FlexVolume driver](https://github.com/Azure/kubernetes-volume-drivers/tree/master/flexvolume/smb)
--- a/charts/README.md
+++ b/charts/README.md
@ -1,30 +1,40 @@
 # Install CSI driver with Helm 3

 ## Prerequisites
- - [install Helm](https://helm.sh/docs/intro/quickstart/#install-helm)
+
+- [install Helm](https://helm.sh/docs/intro/quickstart/#install-helm)

 ### Tips
- - make controller only run on master node: `--set controller.runOnMaster=true`
+
+- run smb-controller on control plane node: `--set controller.runOnControlPlane=true`
+- Microk8s based kubernetes recommended settings:
+    - `--set linux.kubelet="/var/snap/microk8s/common/var/lib/kubelet"` - sets correct path to microk8s kubelet even though a user has a folder link to it.

 ### install a specific version
+
 ```console
 helm repo add csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
-helm install csi-driver-smb csi-driver-smb/csi-driver-smb --namespace kube-system --version v1.6.0
+helm install csi-driver-smb csi-driver-smb/csi-driver-smb --namespace kube-system --version v1.18.0
 ```

 ### install driver with customized driver name, deployment name
+
 > only supported from `v1.2.0`+
- - following example would install a driver with name `smb2`
+
+- following example would install a driver with name `smb2`
+
 ```console
 helm install csi-driver-smb2 csi-driver-smb/csi-driver-smb --namespace kube-system --set driver.name="smb2.csi.k8s.io" --set controller.name="csi-smb2-controller" --set rbac.name=smb2 --set serviceAccount.controller=csi-smb2-controller-sa --set serviceAccount.node=csi-smb2-node-sa --set node.name=csi-smb2-node --set node.livenessProbe.healthPort=39643
 ```

 ### search for all available chart versions
+
 ```console
 helm search repo -l csi-driver-smb
 ```

 ## uninstall CSI driver
+
 ```console
 helm uninstall csi-driver-smb -n kube-system
 ```
@ -33,86 +43,109 @@ helm uninstall csi-driver-smb -n kube-system

 The following table lists the configurable parameters of the latest SMB CSI Driver chart and default values.

-| Parameter                                         | Description                                                | Default                                                           |
-|---------------------------------------------------|------------------------------------------------------------|-------------------------------------------------------------------|
-| `driver.name`                                     | alternative driver name                                    | `smb.csi.k8s.io` |
-| `feature.enableGetVolumeStats`                    | allow GET_VOLUME_STATS on agent node                       | `false`                      |
-| `image.baseRepo`                                  | base repository of driver images                           | `k8s.gcr.io/sig-storage`                      |
-| `image.smb.repository`                            | csi-driver-smb docker image                                | `mcr.microsoft.com/k8s/csi/smb-csi`                                 |
-| `image.smb.tag`                                   | csi-driver-smb docker image tag                            | `latest`                                                            |
-| `image.smb.pullPolicy`                            | csi-driver-smb image pull policy                           | `IfNotPresent`                                                      |
-| `image.csiProvisioner.repository`                 | csi-provisioner docker image                               | `k8s.gcr.io/sig-storage/csi-provisioner`              |
-| `image.csiProvisioner.tag`                        | csi-provisioner docker image tag                           | `v3.1.0`                                                            |
-| `image.csiProvisioner.pullPolicy`                 | csi-provisioner image pull policy                          | `IfNotPresent`                                                      |
-| `image.livenessProbe.repository`                  | liveness-probe docker image                                | `k8s.gcr.io/sig-storage/livenessprobe`                |
-| `image.livenessProbe.tag`                         | liveness-probe docker image tag                            | `v2.5.0`                                                            |
-| `image.livenessProbe.pullPolicy`                  | liveness-probe image pull policy                           | `IfNotPresent`                                                      |
-| `image.nodeDriverRegistrar.repository`            | csi-node-driver-registrar docker image                     | `k8s.gcr.io/sig-storage/csi-node-driver-registrar`    |
-| `image.nodeDriverRegistrar.tag`                   | csi-node-driver-registrar docker image tag                 | `v2.4.0`                                                            |
-| `image.nodeDriverRegistrar.pullPolicy`            | csi-node-driver-registrar image pull policy                | `IfNotPresent`                                                      |
-| `imagePullSecrets`                                | Specify docker-registry secret names as an array           | `[]` (does not add image pull secrets to deployed pods)             |
-| `serviceAccount.create`                           | whether create service account of csi-smb-controller       | `true`                                                              |
-| `rbac.create`                                     | whether create rbac of csi-smb-controller                  | `true`                                                              |
-| `rbac.name`                                       | driver name in rbac role                | `true`                                                         |
-| `podAnnotations`                                      | collection of annotations to add to all the pods      | `{}`                                                             |
-| `podLabels`                                           | collection of labels to add to all the pods           | `{}`                                                             |
-| `priorityClassName`                                   | priority class name to be added to pods               | `system-cluster-critical`                                        |
-| `securityContext`                                     | security context to be added to pods                  | `{}`                                                             |
-| `controller.name`                                 | name of driver deployment               | `csi-smb-controller`
-| `controller.replicas`                             | replica num of csi-smb-controller                                  | `1`                                                   |
-| `controller.dnsPolicy`                                      | dnsPolicy of driver node daemonset, available values: `Default`, `ClusterFirstWithHostNet`, `ClusterFirst`                              |
-| `controller.metricsPort`                          | metrics port of csi-smb-controller                   |`29644`                                               |
-| `controller.livenessProbe.healthPort `            | health check port for liveness probe                   | `29642` |
-| `controller.logLevel`                             | controller driver log level                                                          |`5`                                                           |
-| `controller.workingMountDir`                      | working directory for provisioner to mount smb shares temporarily                  | `/tmp`                                                             |
-| `controller.runOnMaster`                          | run controller on master node                              | `false`                                                             |
-| `controller.resources.csiProvisioner.limits.memory`   | csi-provisioner memory limits                         | `100Mi`                                                          |
-| `controller.resources.csiProvisioner.requests.cpu`    | csi-provisioner cpu requests limits                   | `10m`                                                            |
-| `controller.resources.csiProvisioner.requests.memory` | csi-provisioner memory requests limits                | `20Mi`                                                           |
-| `controller.resources.livenessProbe.limits.memory`    | liveness-probe memory limits                          | `300Mi`                                                          |
-| `controller.resources.livenessProbe.requests.cpu`     | liveness-probe cpu requests limits                    | `10m`                                                            |
-| `controller.resources.livenessProbe.requests.memory`  | liveness-probe memory requests limits                 | `20Mi`                                                           |
-| `controller.resources.smb.limits.memory`             | smb-csi-driver memory limits                         | `200Mi`                                                          |
-| `controller.resources.smb.requests.cpu`              | smb-csi-driver cpu requests limits                   | `10m`                                                            |
-| `controller.resources.smb.requests.memory`           | smb-csi-driver memory requests limits                | `20Mi`                                                           |
-| `controller.resources.csiResizer.limits.memory`       | csi-resizer memory limits                             | `300Mi`                                                          |
-| `controller.resources.csiResizer.requests.cpu`        | csi-resizer cpu requests limits                       | `10m`                                                            |
-| `controller.resources.csiResizer.requests.memory`     | csi-resizer memory requests limits                    | `20Mi`                                                           |
-| `controller.affinity`                                 | controller pod affinity                               | `{}`                                                             |
-| `controller.nodeSelector`                             | controller pod node selector                          | `{}`                                                             |
-| `controller.tolerations`                              | controller pod tolerations                            | `[]`                                                             |
-| `node.maxUnavailable`                             | `maxUnavailable` value of csi-smb-node daemonset                            |`1`
-| `node.metricsPort`                                    | metrics port of csi-smb-node                         |`29645`                                                        |
-| `node.livenessProbe.healthPort `                      | health check port for liveness probe                   | `29643` |
-| `node.logLevel`                                   | node driver log level                                                          |`5`                                                           |
-| `node.affinity`                                      | node pod affinity                                     | {}                                                             |
-| `node.nodeSelector`                                   | node pod node selector                                | `{}`                                                             |
-| `linux.enabled`                                   | whether enable linux feature                               |`true`                                                              |
-| `linux.dsName`                                    | name of driver daemonset on linux                             |`csi-smb-node`                                                         |
-| `linux.dnsPolicy`                                      | dnsPolicy of driver node daemonset, available values: `Default`, `ClusterFirstWithHostNet`, `ClusterFirst`                              |
-| `linux.kubelet`                                   | configure kubelet directory path on Linux agent node node                  | `/var/lib/kubelet`                                                |
-| `linux.resources.livenessProbe.limits.memory`          | liveness-probe memory limits                          | `100Mi`                                                          |
-| `linux.resources.livenessProbe.requests.cpu`           | liveness-probe cpu requests limits                    | `10m`                                                            |
-| `linux.resources.livenessProbe.requests.memory`        | liveness-probe memory requests limits                 | `20Mi`                                                           |
-| `linux.resources.nodeDriverRegistrar.limits.memory`    | csi-node-driver-registrar memory limits               | `100Mi`                                                          |
-| `linux.resources.nodeDriverRegistrar.requests.cpu`     | csi-node-driver-registrar cpu requests limits         | `10m`                                                            |
-| `linux.resources.nodeDriverRegistrar.requests.memory`  | csi-node-driver-registrar memory requests limits      | `20Mi`                                                           |
-| `linux.resources.smb.limits.memory`                    | smb-csi-driver memory limits                         | `200Mi`                                                         |
-| `linux.resources.smb.requests.cpu`                     | smb-csi-driver cpu requests limits                   | `10m`                                                            |
-| `linux.resources.smb.requests.memory`                  | smb-csi-driver memory requests limits                | `20Mi` 
-| `windows.enabled`                                 | whether enable windows feature                             | `false`                                                             |
-| `windows.dsName`                                  | name of driver daemonset on windows                             |`csi-smb-node-win`                                                         |
-| `windows.resources.livenessProbe.limits.memory`          | liveness-probe memory limits                          | `200Mi`                                                          |
-| `windows.resources.livenessProbe.requests.cpu`           | liveness-probe cpu requests limits                    | `10m`                                                            |
-| `windows.resources.livenessProbe.requests.memory`        | liveness-probe memory requests limits                 | `20Mi`                                                           |
-| `windows.resources.nodeDriverRegistrar.limits.memory`    | csi-node-driver-registrar memory limits               | `200Mi`                                                          |
-| `windows.resources.nodeDriverRegistrar.requests.cpu`     | csi-node-driver-registrar cpu requests limits         | `10m`                                                            |
-| `windows.resources.nodeDriverRegistrar.requests.memory`  | csi-node-driver-registrar memory requests limits      | `20Mi`                                                           |
-| `windows.resources.smb.limits.memory`                    | smb-csi-driver memory limits                         | `400Mi`                                                         |
-| `windows.resources.smb.requests.cpu`                     | smb-csi-driver cpu requests limits                   | `10m`                                                            |
-| `windows.resources.smb.requests.memory`                  | smb-csi-driver memory requests limits                | `20Mi`                                                           |
-| `windows.kubelet`                                 | configure kubelet directory path on Windows agent node                | `'C:\var\lib\kubelet'`                                            |
+| Parameter                                               | Description                                                                                                | Default                                                 |
+|---------------------------------------------------------|------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
+| `driver.name`                                           | alternative driver name                                                                                    | `smb.csi.k8s.io`                                        |
+| `feature.enableGetVolumeStats`                          | allow GET_VOLUME_STATS on agent node                                                                       | `false`                                                 |
+| `image.baseRepo`                                        | base repository of driver images                                                                           | `registry.k8s.io/sig-storage`                           |
+| `image.smb.repository`                                  | csi-driver-smb docker image                                                                                | `gcr.io/k8s-staging-sig-storage/smbplugin`              |
+| `image.smb.tag`                                         | csi-driver-smb docker image tag                                                                            | `canary`                                                |
+| `image.smb.pullPolicy`                                  | csi-driver-smb image pull policy                                                                           | `IfNotPresent`                                          |
+| `image.csiProvisioner.tag`                              | csi-provisioner docker image tag                                                                           | `v5.3.0`                                                |
+| `image.csiProvisioner.pullPolicy`                       | csi-provisioner image pull policy                                                                          | `IfNotPresent`                                          |
+| `image.livenessProbe.repository`                        | liveness-probe docker image                                                                                | `/livenessprobe`                                        |
+| `image.livenessProbe.tag`                               | liveness-probe docker image tag                                                                            | `v2.16.0`                                                |
+| `image.livenessProbe.pullPolicy`                        | liveness-probe image pull policy                                                                           | `IfNotPresent`                                          |
+| `image.nodeDriverRegistrar.repository`                  | csi-node-driver-registrar docker image                                                                     | `/csi-node-driver-registrar`                            |
+| `image.nodeDriverRegistrar.tag`                         | csi-node-driver-registrar docker image tag                                                                 | `v2.14.0`                                                |
+| `image.nodeDriverRegistrar.pullPolicy`                  | csi-node-driver-registrar image pull policy                                                                | `IfNotPresent`                                          |
+| `imagePullSecrets`                                      | Specify docker-registry secret names as an array                                                           | `[]` (does not add image pull secrets to deployed pods) |
+| `serviceAccount.create`                                 | whether create service account of csi-smb-controller                                                       | `true`                                                  |
+| `rbac.create`                                           | whether create rbac of csi-smb-controller                                                                  | `true`                                                  |
+| `rbac.name`                                             | driver name in rbac role                                                                                   | `true`                                                  |
+| `podAnnotations`                                        | collection of annotations to add to all the pods                                                           | `{}`                                                    |
+| `podLabels`                                             | collection of labels to add to all the pods                                                                | `{}`                                                    |
+| `priorityClassName`                                     | priority class name to be added to pods                                                                    | `system-cluster-critical`                               |
+| `securityContext`                                       | security context to be added to pods                                                                       | `{ seccompProfile: {type: RuntimeDefault} }`            |
+| `controller.name`                                       | name of driver deployment                                                                                  | `csi-smb-controller`                                    |
+| `controller.replicas`                                   | replica num of csi-smb-controller                                                                          | `1`                                                     |
+| `controller.dnsPolicy`                                  | dnsPolicy of driver node daemonset, available values: `Default`, `ClusterFirstWithHostNet`, `ClusterFirst` |    `ClusterFirstWithHostNet`                            |
+| `controller.metricsPort`                                | metrics port of csi-smb-controller                                                                         | `29644`                                                 |
+| `controller.livenessProbe.healthPort `                  | health check port for liveness probe                                                                       | `29642`                                                 |
+| `controller.logLevel`                                   | controller driver log level                                                                                | `5`                                                     |
+| `controller.workingMountDir`                            | working directory for provisioner to mount smb shares temporarily                                          | `/tmp`                                                  |
+| `controller.runOnMaster`                                | run controller on master node                                                                              | `false`                                                 |
+| `controller.runOnControlPlane`                          | run controller on control plane node                                                                       | `false`                                                 |
+| `controller.resources.csiProvisioner.limits.memory`     | csi-provisioner memory limits                                                                              | `400Mi`                                                 |
+| `controller.resources.csiProvisioner.requests.cpu`      | csi-provisioner cpu requests limits                                                                        | `10m`                                                   |
+| `controller.resources.csiProvisioner.requests.memory`   | csi-provisioner memory requests limits                                                                     | `20Mi`                                                  |
+| `controller.resources.livenessProbe.limits.memory`      | liveness-probe memory limits                                                                               | `300Mi`                                                 |
+| `controller.resources.livenessProbe.requests.cpu`       | liveness-probe cpu requests limits                                                                         | `10m`                                                   |
+| `controller.resources.livenessProbe.requests.memory`    | liveness-probe memory requests limits                                                                      | `20Mi`                                                  |
+| `controller.resources.smb.limits.memory`                | smb-csi-driver memory limits                                                                               | `200Mi`                                                 |
+| `controller.resources.smb.requests.cpu`                 | smb-csi-driver cpu requests limits                                                                         | `10m`                                                   |
+| `controller.resources.smb.requests.memory`              | smb-csi-driver memory requests limits                                                                      | `20Mi`                                                  |
+| `controller.resources.csiResizer.limits.memory`         | csi-resizer memory limits                                                                                  | `400Mi`                                                 |
+| `controller.resources.csiResizer.requests.cpu`          | csi-resizer cpu requests limits                                                                            | `10m`                                                   |
+| `controller.resources.csiResizer.requests.memory`       | csi-resizer memory requests limits                                                                         | `20Mi`                                                  |
+| `controller.affinity`                                   | controller pod affinity                                                                                    | `{}`                                                    |
+| `controller.nodeSelector`                               | controller pod node selector                                                                               | `{}`                                                    |
+| `controller.tolerations`                                | controller pod tolerations                                                                                 | `[]`                                                    |
+| `node.maxUnavailable`                                   | `maxUnavailable` value of csi-smb-node daemonset                                                           | `1`                                                     |
+| `node.livenessProbe.healthPort `                        | health check port for liveness probe                                                                       | `29643`                                                 |
+| `node.logLevel`                                         | node driver log level                                                                                      | `5`                                                     |
+| `node.affinity`                                         | node pod affinity                                                                                          | {}                                                      |
+| `node.nodeSelector`                                     | node pod node selector                                                                                     | `{}`                                                    |
+| `linux.enabled`                                         | whether enable linux feature                                                                               | `true`                                                  |
+| `linux.dsName`                                          | name of driver daemonset on linux                                                                          | `csi-smb-node`                                          |
+| `linux.dnsPolicy`                                       | dnsPolicy of driver node daemonset, available values: `Default`, `ClusterFirstWithHostNet`, `ClusterFirst` | `ClusterFirstWithHostNet`                               |
+| `linux.kubelet`                                         | configure kubelet directory path on Linux agent node node                                                  | `/var/lib/kubelet`                                      |
+| `linux.krb5CacheDirectory`                              | directory for kerberos cache on Linux agent node node, empty string means default                          | `/var/lib/kubelet/kerberos/`                            |
+| `linux.krb5Prefix`                                      | prefix for kerberos cache on Linux agent node node, empty string means default                             | `krb5cc_`                                               |
+| `linux.resources.livenessProbe.limits.memory`           | liveness-probe memory limits                                                                               | `100Mi`                                                 |
+| `linux.resources.livenessProbe.requests.cpu`            | liveness-probe cpu requests limits                                                                         | `10m`                                                   |
+| `linux.resources.livenessProbe.requests.memory`         | liveness-probe memory requests limits                                                                      | `20Mi`                                                  |
+| `linux.resources.nodeDriverRegistrar.limits.memory`     | csi-node-driver-registrar memory limits                                                                    | `100Mi`                                                 |
+| `linux.resources.nodeDriverRegistrar.requests.cpu`      | csi-node-driver-registrar cpu requests limits                                                              | `10m`                                                   |
+| `linux.resources.nodeDriverRegistrar.requests.memory`   | csi-node-driver-registrar memory requests limits                                                           | `20Mi`                                                  |
+| `linux.resources.smb.limits.memory`                     | smb-csi-driver memory limits                                                                               | `200Mi`                                                 |
+| `linux.resources.smb.requests.cpu`                      | smb-csi-driver cpu requests limits                                                                         | `10m`                                                   |
+| `linux.resources.smb.requests.memory`                   | smb-csi-driver memory requests limits                                                                      | `20Mi`                                                  |
+| `windows.enabled`                                       | whether enable windows feature                                                                             | `true`                                                 |
+| `windows.useHostProcessContainers`                | whether deploy driver daemonset with HostProcess containers on windows | `true`                                                             |
+| `windows.dsName`                                        | name of driver daemonset on windows                                                                        | `csi-smb-node-win`                                      |
+| `windows.removeSMBMappingDuringUnmount`                 | remove SMBMapping during unmount on Windows node windows                                                   | `true`                                                  |
+| `windows.resources.livenessProbe.limits.memory`         | liveness-probe memory limits                                                                               | `200Mi`                                                 |
+| `windows.resources.livenessProbe.requests.cpu`          | liveness-probe cpu requests limits                                                                         | `10m`                                                   |
+| `windows.resources.livenessProbe.requests.memory`       | liveness-probe memory requests limits                                                                      | `20Mi`                                                  |
+| `windows.resources.nodeDriverRegistrar.limits.memory`   | csi-node-driver-registrar memory limits                                                                    | `200Mi`                                                 |
+| `windows.resources.nodeDriverRegistrar.requests.cpu`    | csi-node-driver-registrar cpu requests limits                                                              | `10m`                                                   |
+| `windows.resources.nodeDriverRegistrar.requests.memory` | csi-node-driver-registrar memory requests limits                                                           | `20Mi`                                                  |
+| `windows.resources.smb.limits.memory`                   | smb-csi-driver memory limits                                                                               | `400Mi`                                                 |
+| `windows.resources.smb.requests.cpu`                    | smb-csi-driver cpu requests limits                                                                         | `10m`                                                   |
+| `windows.resources.smb.requests.memory`                 | smb-csi-driver memory requests limits                                                                      | `20Mi`                                                  |
+| `windows.kubelet`                                       | configure kubelet directory path on Windows agent node                                                     | `'C:\var\lib\kubelet'`                                  |
+
+### Csi Proxy support on windows
+ > if you have set `windows.useHostProcessContainers` as `true`, csi-proxy is not needed by CSI driver.
+
+The helm can setup the host-process deamonset for the csi proxy, by setting windows.csiproxy.enabled to true.
+
+The following table lists the configurable parameters of the latest CSI-proxy Driver chart and default values.
+
+| Parameter                                               | Description                                                                                                | Default                                                 |
+|---------------------------------------------------------|------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|
+| `windows.csiproxy.enabled`                              | whether enable csi-proxy daemonset                                                                         | `false`                                                 |
+| `windows.csiproxy.dsName`                               | name of driver csi-proxy daemonset on windows                                                              | `csi-proxy-win`                                         |
+| `windows.csiproxy.username`                             | name of windows user on the host machine to run the proxy as                                               | `NT AUTHORITY\\SYSTEM`                                  |
+| `windows.csiproxy.affinity`                             | controller pod affinity                                                                                    | `{}`                                                    |
+| `windows.csiproxy.nodeSelector`                         | controller pod node selector                                                                               | `{"kubernetes.io/os": windows}                          |
+| `windows.csiproxy.tolerations`                          | controller pod tolerations                                                                                 | `[]`                                                    |
+| `image.csiproxy.repository`                             | csiproxy docker image                                                                                      | `ghcr.io/kubernetes-sigs/sig-windows/csi-proxy`         |
+| `image.csiproxy.tag`                                    | csiproxy docker image tag                                                                                  | `v1.1.2`                                                |
+| `image.csiproxy.pullPolicy`                             | csiproxy image pull policy                                                                                 | `IfNotPresent`                                          |

 ## troubleshooting
- - Add `--wait -v=5 --debug` in `helm install` command to get detailed error
- - Use `kubectl describe` to acquire more info
+
+- Add `--wait -v=5 --debug` in `helm install` command to get detailed error
+- Use `kubectl describe` to acquire more info
--- a/charts/artifacthub-repo.yml
+++ b/charts/artifacthub-repo.yml
@ -0,0 +1,4 @@
+repositoryID: f8826546-4767-4e66-999c-3ad144141be3
+owners:
+  - name: andyzhangx
+    email: xiazhang@microsoft.com
--- a/charts/index.yaml
+++ b/charts/index.yaml
@ -2,44 +2,143 @@ apiVersion: v1
 entries:
  csi-driver-smb:
  - apiVersion: v1
-    appVersion: v1.6.0
-    created: "2022-04-11T12:39:36.578255032Z"
+    appVersion: 1.18.0
+    created: "2025-05-12T03:19:29.368170409Z"
    description: SMB CSI Driver for Kubernetes
-    digest: c8a41522b1cc669a76e4539c96dde9229d772d17e220f5b0b6e07772ad58473e
+    digest: 0e1be374c05208df165aee068b74b7e3da6af1664aa62e19b27953d659f39bca
    name: csi-driver-smb
    urls:
-    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/latest/csi-driver-smb-v1.6.0.tgz
-    version: v1.6.0
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.18.0/csi-driver-smb-1.18.0.tgz
+    version: 1.18.0
+  - apiVersion: v1
+    appVersion: v1.17.0
+    created: "2025-05-12T03:19:29.367522996Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 9ff1f5c12e399180b51d723280282e786051a707208d7843aedf656a7669b988
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.17.0/csi-driver-smb-v1.17.0.tgz
+    version: v1.17.0
+  - apiVersion: v1
+    appVersion: v1.16.0
+    created: "2025-05-12T03:19:29.366857789Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 2c65fecc535e072ea322752ef6d3500bb494bc746b63f5b1ed98cd64f82a1d9e
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.16.0/csi-driver-smb-v1.16.0.tgz
+    version: v1.16.0
+  - apiVersion: v1
+    appVersion: v1.15.0
+    created: "2025-05-12T03:19:29.36626918Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 1f006480427f88f781c3f7b3cf5e3d0429c68bb082a6a9337363ea5ef5a5cd0b
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.15.0/csi-driver-smb-v1.15.0.tgz
+    version: v1.15.0
+  - apiVersion: v1
+    appVersion: v1.14.0
+    created: "2025-05-12T03:19:29.365636738Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: a84e22518f5e6cd1d3fcb06ef8c7616371c96400e8db6227bc84cd0474f6cce1
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz
+    version: v1.14.0
+  - apiVersion: v1
+    appVersion: v1.13.0
+    created: "2025-05-12T03:19:29.36433441Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 21ee866afbf5a59892c5588b00518e0f7853beac7643e8e558d440a260c6f142
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz
+    version: v1.13.0
+  - apiVersion: v1
+    appVersion: v1.12.0
+    created: "2025-05-12T03:19:29.363163359Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: fccc852a3e723b9d273ea21d1d59697a0a94b65665406de1fd7c461bd894d2a3
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.12.0/csi-driver-smb-v1.12.0.tgz
+    version: v1.12.0
+  - apiVersion: v1
+    appVersion: v1.11.0
+    created: "2025-05-12T03:19:29.362593759Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 1c0f9b72801cbeb240d06dfe665a58e4b6ac0c25c5315ee5b9fe7972362796d0
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.11.0/csi-driver-smb-v1.11.0.tgz
+    version: v1.11.0
+  - apiVersion: v1
+    appVersion: v1.10.0
+    created: "2025-05-12T03:19:29.362056127Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 82e460e6fa80da9ca523a86c28e001e15595d27c3507864f2123dbadc64c7fec
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.10.0/csi-driver-smb-v1.10.0.tgz
+    version: v1.10.0
+  - apiVersion: v1
+    appVersion: v1.9.0
+    created: "2025-05-12T03:19:29.373851592Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 5c78c650b9755e508afecb3f6a554c549509023f7b0610b53853a41783d1c08f
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.9.0/csi-driver-smb-v1.9.0.tgz
+    version: v1.9.0
+  - apiVersion: v1
+    appVersion: v1.8.0
+    created: "2025-05-12T03:19:29.372178048Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: d19d156c2143d753085bcbcb32506f8ebd7ebdee275e726f9c8d774a1f0b9f34
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.8.0/csi-driver-smb-v1.8.0.tgz
+    version: v1.8.0
+  - apiVersion: v1
+    appVersion: v1.7.0
+    created: "2025-05-12T03:19:29.371130582Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 65594a1ff09d912a33ee0674bba1fad1f7c717638a281fb68bcfa2c98c288453
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.7.0/csi-driver-smb-v1.7.0.tgz
+    version: v1.7.0
  - apiVersion: v1
    appVersion: v1.6.0
-    created: "2022-04-11T12:39:36.587612292Z"
+    created: "2025-05-12T03:19:29.37063084Z"
    description: SMB CSI Driver for Kubernetes
-    digest: 78676296fdc3c033b6e1209cee691a9786ae076dba215e15b72da06b6ed1d822
+    digest: 31dd4c8b0b0d4a61565631aa5b433b18b5375aeb24812bf4fa9958d5b7917485
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.6.0/csi-driver-smb-v1.6.0.tgz
    version: v1.6.0
  - apiVersion: v1
    appVersion: v1.5.0
-    created: "2022-04-11T12:39:36.58571508Z"
+    created: "2025-05-12T03:19:29.370116235Z"
    description: SMB CSI Driver for Kubernetes
-    digest: ccdaf76d75b7aa3ad16e4d06b6a7a010f00b83b707d8a21bb2e51500fe1a812c
+    digest: b7dc9e9dc5d46df12a6d1a5643efe86439bff6c36867968f772e6899692083d6
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.5.0/csi-driver-smb-v1.5.0.tgz
    version: v1.5.0
  - apiVersion: v1
    appVersion: v1.4.0
-    created: "2022-04-11T12:39:36.584558273Z"
+    created: "2025-05-12T03:19:29.3696143Z"
    description: SMB CSI Driver for Kubernetes
-    digest: 491313a33a8dba6fa812a5b074029566f31b2a9568f9220d7fd255ff3e50c4da
+    digest: 9b1a6166ab72c09d0eefb448ecc998639b9f6255afb00bfc0ae0a4fdad76f119
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.4.0/csi-driver-smb-v1.4.0.tgz
    version: v1.4.0
  - apiVersion: v1
    appVersion: v1.3.0
-    created: "2022-04-11T12:39:36.583539166Z"
+    created: "2025-05-12T03:19:29.369112521Z"
    description: SMB CSI Driver for Kubernetes
    digest: d2236d36f1cb24139ddf87ea87229369ed856efc42330e656330f6cfa7635858
    name: csi-driver-smb
@ -48,52 +147,52 @@ entries:
    version: v1.3.0
  - apiVersion: v1
    appVersion: v1.2.0
-    created: "2022-04-11T12:39:36.58263726Z"
+    created: "2025-05-12T03:19:29.368654242Z"
    description: SMB CSI Driver for Kubernetes
-    digest: f475924011bf4b3d920cee85e07f1236731fc8256634c12f49b8eae1711c99ab
+    digest: 9d7099165db24d5412c95b298a59cca9b233ab8800d04efd34bb055812390915
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.2.0/csi-driver-smb-v1.2.0.tgz
    version: v1.2.0
  - apiVersion: v1
    appVersion: v1.1.0
-    created: "2022-04-11T12:39:36.581777455Z"
+    created: "2025-05-12T03:19:29.361497493Z"
    description: SMB CSI Driver for Kubernetes
-    digest: 19bdba4a6b473bf3d7494cea64146fc1874c8440e3adf5262d822659cd276837
+    digest: 5b39613c9104db06815ee2d42fec8507c3bb2038264513449079a4eb5b6530a8
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.1.0/csi-driver-smb-v1.1.0.tgz
    version: v1.1.0
  - apiVersion: v1
    appVersion: v1.0.0
-    created: "2022-04-11T12:39:36.58105525Z"
+    created: "2025-05-12T03:19:29.361028833Z"
    description: SMB CSI Driver for Kubernetes
-    digest: 2360e6e088403818944cc057ad3bf0f99ae295a421d4637f1d3c7cbe3c4ab27f
+    digest: 3e4721dd007cc51750f7221be8f66ec7e287c83a8cdcfeb9a71c30f526b06dc4
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.0.0/csi-driver-smb-v1.0.0.tgz
    version: v1.0.0
  - apiVersion: v1
    appVersion: v0.6.0
-    created: "2022-04-11T12:39:36.580481446Z"
+    created: "2025-05-12T03:19:29.360741662Z"
    description: SMB CSI Driver for Kubernetes
-    digest: 5ad0b7b9f84fa313387a9bbfb0ed59cff70b10633cedf81e7b77af936ff2806e
+    digest: 6fc9d05bc78ca98fb17071b7f5ad05b4c071f2403114d72feae99fb89ca1fc9f
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v0.6.0/csi-driver-smb-v0.6.0.tgz
    version: v0.6.0
  - apiVersion: v1
    appVersion: v0.5.0
-    created: "2022-04-11T12:39:36.580054444Z"
+    created: "2025-05-12T03:19:29.360466702Z"
    description: SMB CSI Driver for Kubernetes
-    digest: b400ef563745dcaf4a819a05b1e8a11d9442ae1ddf46da70542d5c87cd4cd9a1
+    digest: 8264c6630806325613234c2d7951c188d073607e6f0f89d781ec32afed04157b
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v0.5.0/csi-driver-smb-v0.5.0.tgz
    version: v0.5.0
  - apiVersion: v1
    appVersion: v0.4.0
-    created: "2022-04-11T12:39:36.579609741Z"
+    created: "2025-05-12T03:19:29.360192361Z"
    description: SMB CSI Driver for Kubernetes
    digest: fb6d581ba5d4d1d78ca468f6daa4a24c47bb147b74d005d3c394521b4e534a3e
    name: csi-driver-smb
@ -102,7 +201,7 @@ entries:
    version: v0.4.0
  - apiVersion: v1
    appVersion: v0.3.0
-    created: "2022-04-11T12:39:36.579133738Z"
+    created: "2025-05-12T03:19:29.359911399Z"
    description: SMB CSI Driver for Kubernetes
    digest: ee9e58db6d4a95491e2012c6607126bbff827b9c439e90e9a9798d2a73b0cb22
    name: csi-driver-smb
@ -111,11 +210,29 @@ entries:
    version: v0.3.0
  - apiVersion: v1
    appVersion: v0.2.0
-    created: "2022-04-11T12:39:36.578694635Z"
+    created: "2025-05-12T03:19:29.359658821Z"
    description: SMB CSI Driver for Kubernetes
    digest: 8d8667106306d78dea9f63e5a3e8ee7ad2b60f86bd625f5968e37ca6a0cad317
    name: csi-driver-smb
    urls:
    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v0.2.0/csi-driver-smb-v0.2.0.tgz
    version: v0.2.0
-generated: "2022-04-11T12:39:36.577141525Z"
+  - apiVersion: v1
+    appVersion: latest
+    created: "2025-05-12T03:19:29.373275812Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: 37a15bd85f6f9f2df20aed317d9baa3774128552488d02c2897d561e67777963
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/v1.9.0/csi-driver-smb-v0.0.0.tgz
+    version: v0.0.0
+  - apiVersion: v1
+    appVersion: latest
+    created: "2025-05-12T03:19:29.359346474Z"
+    description: SMB CSI Driver for Kubernetes
+    digest: ceed2b6a0eb6e2b7c528fd9aacc88a87d39414e092714f411b5cabfed5a93e0c
+    name: csi-driver-smb
+    urls:
+    - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts/latest/csi-driver-smb-v0.0.0.tgz
+    version: v0.0.0
+generated: "2025-05-12T03:19:29.358492786Z"
--- a/charts/latest/csi-driver-smb-v0.0.0.tgz
+++ b/charts/latest/csi-driver-smb-v0.0.0.tgz
--- a/charts/latest/csi-driver-smb-v1.6.0.tgz
+++ b/charts/latest/csi-driver-smb-v1.6.0.tgz
--- a/charts/latest/csi-driver-smb/Chart.yaml
+++ b/charts/latest/csi-driver-smb/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: v1.6.0
+appVersion: latest
 description: SMB CSI Driver for Kubernetes
 name: csi-driver-smb
-version: v1.6.0
+version: v0.0.0
--- a/charts/latest/csi-driver-smb/templates/NOTES.txt
+++ b/charts/latest/csi-driver-smb/templates/NOTES.txt
@ -2,4 +2,4 @@ The CSI SMB Driver is getting deployed to your cluster.

 To check CSI SMB Driver pods status, please run:

-  kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/latest/csi-driver-smb/templates/csi-proxy-windows.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-proxy-windows.yaml
@ -0,0 +1,48 @@
+{{- if .Values.windows.csiproxy.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.csiproxy.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.csiproxy.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.csiproxy.dsName }}
+    spec:
+{{- with .Values.windows.csiproxy.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: {{ .Values.windows.csiproxy.username | quote }} 
+      hostNetwork: true
+      nodeSelector:
+{{- with .Values.windows.csiproxy.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-proxy
+{{- if hasPrefix "/" .Values.image.csiproxy.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.csiproxy.pullPolicy }}
+{{- end -}}
--- a/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-controller.yaml
@ -6,6 +6,8 @@ metadata:
  namespace: {{ .Release.Namespace }}
 {{ include "smb.labels" . | indent 2 }}
 spec:
+  strategy:
+    type: Recreate
  replicas: {{ .Values.controller.replicas }}
  selector:
    matchLabels:
@ -22,10 +24,28 @@ spec:
 {{ toYaml .Values.podAnnotations | indent 8 }}
 {{- end }}
    spec:
-{{- with .Values.controller.affinity }}
+    # runOnControlPlane=true or runOnMaster=true only takes effect if affinity is not set
+    {{- if tpl "{{ .Values.controller.affinity }}" . | contains "nodeSelectorTerms" }}
+      {{- with .Values.controller.affinity }}
      affinity:
 {{ toYaml . | indent 8 }}
-{{- end }}
+      {{- end }}
+    {{- else if or .Values.controller.runOnControlPlane .Values.controller.runOnMaster}}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                {{- if .Values.controller.runOnControlPlane}}
+                - key: node-role.kubernetes.io/control-plane
+                  operator: Exists
+                {{- end}}
+                {{- if .Values.controller.runOnMaster}}
+                - key: node-role.kubernetes.io/master
+                  operator: Exists
+                {{- end}}
+    {{- end }}
+      hostNetwork: true
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
      serviceAccountName: {{ .Values.serviceAccount.controller }}
      nodeSelector:
@ -34,9 +54,12 @@ spec:
 {{- end }}
        kubernetes.io/os: linux
        {{- if .Values.controller.runOnMaster}}
-        kubernetes.io/role: master
+        node-role.kubernetes.io/master: ""
        {{- end}}
-      priorityClassName: system-cluster-critical
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
 {{- with .Values.controller.tolerations }}
      tolerations:
 {{ toYaml . | indent 8 }}
@ -54,6 +77,9 @@ spec:
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--extra-create-metadata=true"
+            - "--feature-gates=HonorPVReclaimPolicy=true"
+            - "--retry-interval-max=30m"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
@ -62,6 +88,35 @@ spec:
            - mountPath: /csi
              name: socket-dir
          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: csi-resizer
+{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- end }}
+          args:
+            - "-csi-address=$(ADDRESS)"
+            - "-v=2"
+            - "-leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - '-handle-volume-inuse-error=false'
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
        - name: liveness-probe
 {{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
@ -71,13 +126,18 @@ spec:
          args:
            - --csi-address=/csi/csi.sock
            - --probe-timeout=3s
-            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+            - --http-endpoint=localhost:{{ .Values.controller.livenessProbe.healthPort }}
            - --v=2
          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
          volumeMounts:
            - name: socket-dir
              mountPath: /csi
          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
        - name: smb
 {{- if hasPrefix "/" .Values.image.smb.repository }}
          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
@ -92,17 +152,15 @@ spec:
            - "--drivername={{ .Values.driver.name }}"
            - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
          ports:
-            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
-              name: healthz
-              protocol: TCP
            - containerPort: {{ .Values.controller.metricsPort }}
              name: metrics
              protocol: TCP
          livenessProbe:
            failureThreshold: 5
            httpGet:
+              host: localhost
              path: /healthz
-              port: healthz
+              port: {{ .Values.controller.livenessProbe.healthPort }}
            initialDelaySeconds: 30
            timeoutSeconds: 10
            periodSeconds: 30
@ -111,6 +169,9 @@ spec:
              value: unix:///csi/csi.sock
          securityContext:
            privileged: true
+            capabilities:
+              drop:
+              - ALL
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
@ -118,6 +179,3 @@ spec:
      volumes:
        - name: socket-dir
          emptyDir: {}
-      {{- if .Values.securityContext }}
-      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
-      {{- end }}
--- a/charts/latest/csi-driver-smb/templates/csi-smb-driver.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-driver.yaml
@ -6,3 +6,8 @@ metadata:
 spec:
  attachRequired: false
  podInfoOnMount: true
+  volumeLifecycleModes:
+    - Persistent
+    {{- if .Values.feature.enableInlineVolume }}
+    - Ephemeral
+    {{- end }}
--- a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows-hostprocess.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows-hostprocess.yaml
@ -0,0 +1,121 @@
+{{- if and .Values.windows.enabled .Values.windows.useHostProcessContainers }}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: "NT AUTHORITY\\SYSTEM"
+      hostNetwork: true
+      initContainers:
+        - name: init
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}-windows-hp"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}-windows-hp"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          command:
+            - "powershell.exe"
+            - "-c"
+            - "New-Item -ItemType Directory -Path C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\ -Force"
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+      containers:
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          command:
+            - "csi-node-driver-registrar.exe"
+          args:
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+            - "--plugin-registration-path=$(PLUGIN_REG_DIR)"
+            - "--v=2"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://{{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: PLUGIN_REG_DIR
+              value: C:\\var\\lib\\kubelet\\plugins_registry\\
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}-windows-hp"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}-windows-hp"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          command:
+            - "smbplugin.exe"
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+            - "--enable-windows-host-process=true"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://{{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+{{- end -}}
--- a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows.yaml
@ -1,4 +1,4 @@
-{{- if .Values.windows.enabled}}
+{{- if and .Values.windows.enabled (not .Values.windows.useHostProcessContainers) }}
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
@ -24,7 +24,18 @@ spec:
 {{- end }}
      nodeSelector:
        kubernetes.io/os: windows
-      priorityClassName: system-node-critical
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
      {{- include "smb.pullSecrets" . | indent 6 }}
      containers:
        - name: liveness-probe
@ -46,6 +57,10 @@ spec:
              value: unix://C:\\csi\\csi.sock
          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
          resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
        - name: node-driver-registrar
 {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@ -56,19 +71,11 @@ spec:
            - --v=2
            - --csi-address=$(CSI_ENDPOINT)
            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
-          livenessProbe:
-            exec:
-              command:
-                - /csi-node-driver-registrar.exe
-                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
-                - --mode=kubelet-registration-probe
-            initialDelaySeconds: 60
-            timeoutSeconds: 30
          env:
            - name: CSI_ENDPOINT
              value: unix://C:\\csi\\csi.sock
            - name: DRIVER_REG_SOCK_PATH
-              value: {{ .Values.windows.kubelet }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+              value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
@ -80,6 +87,10 @@ spec:
            - name: registration-dir
              mountPath: C:\registration
          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
        - name: smb
 {{- if hasPrefix "/" .Values.image.smb.repository }}
          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
@ -92,8 +103,8 @@ spec:
            - "--drivername={{ .Values.driver.name }}"
            - --endpoint=$(CSI_ENDPOINT)
            - --nodeid=$(KUBE_NODE_NAME)
-            - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
          ports:
            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
              name: healthz
@ -130,6 +141,10 @@ spec:
            - name: csi-proxy-smb-pipe-v1beta1
              mountPath: \\.\pipe\csi-proxy-smb-v1beta1
          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
      volumes:
        - name: csi-proxy-fs-pipe-v1
          hostPath:
--- a/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-node.yaml
@ -25,17 +25,22 @@ spec:
 {{ toYaml .Values.podAnnotations | indent 8 }}
 {{- end }}
    spec:
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}    
      hostNetwork: true
      dnsPolicy: {{ .Values.linux.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
      nodeSelector:
        kubernetes.io/os: linux
 {{- with .Values.node.nodeSelector }}
 {{ toYaml . | indent 8 }}
 {{- end }}
-        {{- if .Values.node.affinity }}
-{{- toYaml .Values.node.affinity | nindent 8 }}
-        {{- end }}
      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
 {{- with .Values.linux.tolerations }}
      tolerations:
 {{ toYaml . | indent 8 }}
@ -54,10 +59,15 @@ spec:
          args:
            - --csi-address=/csi/csi.sock
            - --probe-timeout=3s
-            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --http-endpoint=localhost:{{ .Values.node.livenessProbe.healthPort }}
            - --v=2
          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
          resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
        - name: node-driver-registrar
 {{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
@ -68,14 +78,6 @@ spec:
            - --csi-address=$(ADDRESS)
            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
            - --v=2
-          livenessProbe:
-            exec:
-              command:
-                - /csi-node-driver-registrar
-                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
-                - --mode=kubelet-registration-probe
-            initialDelaySeconds: 30
-            timeoutSeconds: 15
          env:
            - name: ADDRESS
              value: /csi/csi.sock
@ -88,6 +90,10 @@ spec:
            - name: registration-dir
              mountPath: /registration
          resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
        - name: smb
 {{- if hasPrefix "/" .Values.image.smb.repository }}
          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
@ -100,17 +106,14 @@ spec:
            - "--drivername={{ .Values.driver.name }}"
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--nodeid=$(KUBE_NODE_NAME)"
-            - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
-          ports:
-            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
-              name: healthz
-              protocol: TCP
+            - "--krb5-prefix={{ .Values.linux.krb5Prefix }}"
          livenessProbe:
            failureThreshold: 5
            httpGet:
+              host: localhost
              path: /healthz
-              port: healthz
+              port: {{ .Values.node.livenessProbe.healthPort }}
            initialDelaySeconds: 30
            timeoutSeconds: 10
            periodSeconds: 30
@ -124,12 +127,20 @@ spec:
                  fieldPath: spec.nodeName
          securityContext:
            privileged: true
+            capabilities:
+              drop:
+              - ALL
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
-            - mountPath: {{ .Values.linux.kubelet }}/
+            - mountPath: {{ .Values.linux.kubelet }}
              mountPropagation: Bidirectional
              name: mountpoint-dir
+{{- if ne .Values.linux.krb5CacheDirectory "" }}
+            - mountPath: {{ .Values.linux.kubelet }}/kerberos/
+              mountPropagation: Bidirectional
+              name: krb5cache-dir
+{{- end }}
          resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
      volumes:
        - hostPath:
@ -144,7 +155,10 @@ spec:
            path: {{ .Values.linux.kubelet }}/plugins_registry/
            type: DirectoryOrCreate
          name: registration-dir
-      {{- if .Values.securityContext }}
-      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
-      {{- end }}
+{{- if ne .Values.linux.krb5CacheDirectory "" }}
+        - hostPath:
+            path: {{ .Values.linux.krb5CacheDirectory }}
+            type: DirectoryOrCreate
+          name: krb5cache-dir
+{{- end }}
 {{- end -}}
--- a/charts/latest/csi-driver-smb/templates/rbac-csi-smb-controller.yaml
+++ b/charts/latest/csi-driver-smb/templates/rbac-csi-smb-controller.yaml
@ -1,58 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.serviceAccount.controller }}
-  namespace: {{ .Release.Namespace }}
-{{ include "smb.labels" . | indent 2 }}
-{{ end }}
-
-{{- if .Values.rbac.create -}}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Values.rbac.name }}-external-provisioner-role
-{{ include "smb.labels" . | indent 2 }}
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csinodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get"]
---
-
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ .Values.rbac.name }}-csi-provisioner-binding
-{{ include "smb.labels" . | indent 2 }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Values.serviceAccount.controller }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ .Values.rbac.name }}-external-provisioner-role
-  apiGroup: rbac.authorization.k8s.io
-{{ end }}
--- a/charts/latest/csi-driver-smb/templates/rbac-csi-smb.yaml
+++ b/charts/latest/csi-driver-smb/templates/rbac-csi-smb.yaml
@ -0,0 +1,126 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-external-resizer-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-resizer-role
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-resizer-role
+  apiGroup: rbac.authorization.k8s.io
+---
+{{- if .Values.feature.enableInlineVolume }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-{{ .Values.rbac.name }}-node-secret-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.node }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{ end }}
--- a/charts/latest/csi-driver-smb/values.yaml
+++ b/charts/latest/csi-driver-smb/values.yaml
@ -1,25 +1,34 @@
 image:
-  baseRepo: k8s.gcr.io/sig-storage
+  baseRepo: registry.k8s.io/sig-storage
  smb:
-    repository: mcr.microsoft.com/k8s/csi/smb-csi
-    tag: v1.6.0
+    repository: gcr.io/k8s-staging-sig-storage/smbplugin
+    tag: canary
    pullPolicy: IfNotPresent
  csiProvisioner:
-    repository: k8s.gcr.io/sig-storage/csi-provisioner
-    tag: v3.1.0
+    repository: /csi-provisioner
+    tag: v5.3.0
+    pullPolicy: IfNotPresent
+  csiResizer:
+    repository: registry.k8s.io/sig-storage/csi-resizer
+    tag: v1.14.0
    pullPolicy: IfNotPresent
  livenessProbe:
-    repository: k8s.gcr.io/sig-storage/livenessprobe
-    tag: v2.5.0
+    repository: /livenessprobe
+    tag: v2.16.0
    pullPolicy: IfNotPresent
  nodeDriverRegistrar:
-    repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
-    tag: v2.4.0
+    repository: /csi-node-driver-registrar
+    tag: v2.14.0
+    pullPolicy: IfNotPresent
+  csiproxy:
+    repository: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy
+    tag: v1.1.2
    pullPolicy: IfNotPresent

 serviceAccount:
  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
-  controller: csi-smb-controller-sa # Name of Service Account to be created or used
+  controller: csi-smb-controller-sa
+  node: csi-smb-node-sa

 rbac:
  create: true
@ -29,22 +38,30 @@ driver:
  name: smb.csi.k8s.io

 feature:
-  enableGetVolumeStats: false
+  enableGetVolumeStats: true
+  enableInlineVolume: true

 controller:
  name: csi-smb-controller
  replicas: 1
-  dnsPolicy: Default  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
  metricsPort: 29644
  livenessProbe:
    healthPort: 29642
  runOnMaster: false
+  runOnControlPlane: false
  logLevel: 5
  workingMountDir: "/tmp"
  resources:
    csiProvisioner:
      limits:
-        memory: 300Mi
+        memory: 400Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    csiResizer:
+      limits:
+        memory: 400Mi
      requests:
        cpu: 10m
        memory: 20Mi
@ -72,10 +89,12 @@ controller:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"
+    - key: "CriticalAddonsOnly"
+      operator: "Exists"
+      effect: "NoSchedule"

 node:
  maxUnavailable: 1
-  metricsPort: 29645
  logLevel: 5
  livenessProbe:
    healthPort: 29643
@ -85,8 +104,10 @@ node:
 linux:
  enabled: true
  dsName: csi-smb-node # daemonset name
-  dnsPolicy: Default  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
  kubelet: /var/lib/kubelet
+  krb5CacheDirectory: "" # directory for kerberos credential cache, empty string means default(/var/lib/kubelet/kerberos/)
+  krb5Prefix: "" # prefix for kerberos credential cache, empty string means default(krb5cc_)
  tolerations:
    - operator: "Exists"
  resources:
@ -110,9 +131,11 @@ linux:
        memory: 20Mi

 windows:
-  enabled: false
+  enabled: true
+  useHostProcessContainers: true
  dsName: csi-smb-node-win # daemonset name
  kubelet: 'C:\var\lib\kubelet'
+  removeSMBMappingDuringUnmount: true
  tolerations:
    - key: "node.kubernetes.io/os"
      operator: "Exists"
@ -120,22 +143,30 @@ windows:
  resources:
    livenessProbe:
      limits:
-        memory: 100Mi
+        memory: 150Mi
      requests:
        cpu: 10m
        memory: 40Mi
    nodeDriverRegistrar:
      limits:
-        memory: 100Mi
+        memory: 150Mi
      requests:
        cpu: 10m
        memory: 40Mi
    smb:
      limits:
-        memory: 200Mi
+        memory: 600Mi
      requests:
        cpu: 10m
        memory: 40Mi
+  csiproxy:
+    enabled: false # required if windows.enabled is true and useHostProcessContainers is false, but may be installed manually also
+    dsName: csi-proxy-win # daemonset name
+    tolerations: {}
+    affinity: {}
+    username: "NT AUTHORITY\\SYSTEM"
+    nodeSelector:
+      "kubernetes.io/os": windows

 customLabels: {}
 ## Collection of annotations to add to all the pods
@ -148,4 +179,4 @@ priorityClassName: system-cluster-critical
 ## Security context give the opportunity to run container as nonroot by setting a securityContext
 ## by example :
 ## securityContext: { runAsUser: 1001 }
-securityContext: {}
+securityContext: { seccompProfile: {type: RuntimeDefault} }
--- a/charts/v0.5.0/csi-driver-smb-v0.5.0.tgz
+++ b/charts/v0.5.0/csi-driver-smb-v0.5.0.tgz
--- a/charts/v0.5.0/csi-driver-smb/values.yaml
+++ b/charts/v0.5.0/csi-driver-smb/values.yaml
@ -4,15 +4,15 @@ image:
    tag: v0.5.0
    pullPolicy: IfNotPresent
  csiProvisioner:
-    repository: k8s.gcr.io/sig-storage/csi-provisioner
+    repository: registry.k8s.io/sig-storage/csi-provisioner
    tag: v2.0.4
    pullPolicy: IfNotPresent
  livenessProbe:
-    repository: k8s.gcr.io/sig-storage/livenessprobe
+    repository: registry.k8s.io/sig-storage/livenessprobe
    tag: v2.1.0
    pullPolicy: IfNotPresent
  nodeDriverRegistrar:
-    repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
    tag: v2.0.1
    pullPolicy: IfNotPresent

--- a/charts/v0.6.0/csi-driver-smb-v0.6.0.tgz
+++ b/charts/v0.6.0/csi-driver-smb-v0.6.0.tgz
--- a/charts/v0.6.0/csi-driver-smb/values.yaml
+++ b/charts/v0.6.0/csi-driver-smb/values.yaml
@ -4,15 +4,15 @@ image:
    tag: v0.6.0
    pullPolicy: IfNotPresent
  csiProvisioner:
-    repository: k8s.gcr.io/sig-storage/csi-provisioner
+    repository: registry.k8s.io/sig-storage/csi-provisioner
    tag: v2.0.4
    pullPolicy: IfNotPresent
  livenessProbe:
-    repository: k8s.gcr.io/sig-storage/livenessprobe
+    repository: registry.k8s.io/sig-storage/livenessprobe
    tag: v2.1.0
    pullPolicy: IfNotPresent
  nodeDriverRegistrar:
-    repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
    tag: v2.0.1
    pullPolicy: IfNotPresent

--- a/charts/v1.0.0/csi-driver-smb-v1.0.0.tgz
+++ b/charts/v1.0.0/csi-driver-smb-v1.0.0.tgz
--- a/charts/v1.0.0/csi-driver-smb/values.yaml
+++ b/charts/v1.0.0/csi-driver-smb/values.yaml
@ -4,15 +4,15 @@ image:
    tag: v1.0.0
    pullPolicy: IfNotPresent
  csiProvisioner:
-    repository: k8s.gcr.io/sig-storage/csi-provisioner
+    repository: registry.k8s.io/sig-storage/csi-provisioner
    tag: v2.1.0
    pullPolicy: IfNotPresent
  livenessProbe:
-    repository: k8s.gcr.io/sig-storage/livenessprobe
+    repository: registry.k8s.io/sig-storage/livenessprobe
    tag: v2.3.0
    pullPolicy: IfNotPresent
  nodeDriverRegistrar:
-    repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
    tag: v2.2.0
    pullPolicy: IfNotPresent

--- a/charts/v1.1.0/csi-driver-smb-v1.1.0.tgz
+++ b/charts/v1.1.0/csi-driver-smb-v1.1.0.tgz
--- a/charts/v1.1.0/csi-driver-smb/values.yaml
+++ b/charts/v1.1.0/csi-driver-smb/values.yaml
@ -4,15 +4,15 @@ image:
    tag: v1.1.0
    pullPolicy: IfNotPresent
  csiProvisioner:
-    repository: k8s.gcr.io/sig-storage/csi-provisioner
+    repository: registry.k8s.io/sig-storage/csi-provisioner
    tag: v2.1.0
    pullPolicy: IfNotPresent
  livenessProbe:
-    repository: k8s.gcr.io/sig-storage/livenessprobe
+    repository: registry.k8s.io/sig-storage/livenessprobe
    tag: v2.3.0
    pullPolicy: IfNotPresent
  nodeDriverRegistrar:
-    repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
    tag: v2.2.0
    pullPolicy: IfNotPresent

--- a/charts/v1.10.0/csi-driver-smb-v1.10.0.tgz
+++ b/charts/v1.10.0/csi-driver-smb-v1.10.0.tgz
--- a/charts/v1.10.0/csi-driver-smb/Chart.yaml
+++ b/charts/v1.10.0/csi-driver-smb/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.10.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.10.0
--- a/charts/v1.10.0/csi-driver-smb/templates/NOTES.txt
+++ b/charts/v1.10.0/csi-driver-smb/templates/NOTES.txt
@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/v1.10.0/csi-driver-smb/templates/_helpers.tpl
+++ b/charts/v1.10.0/csi-driver-smb/templates/_helpers.tpl
@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+  app.kubernetes.io/instance: "{{ .Release.Name }}"
+  app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+  app.kubernetes.io/name: "{{ template "smb.name" . }}"
+  app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+  helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+  {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+  {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/v1.10.0/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/v1.10.0/csi-driver-smb/templates/csi-smb-controller.yaml
@ -0,0 +1,127 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.controller.name }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+      priorityClassName: system-cluster-critical
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--extra-create-metadata=true"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+          ports:
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.smb | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
--- a/charts/v1.10.0/csi-driver-smb/templates/csi-smb-driver.yaml
+++ b/charts/v1.10.0/csi-driver-smb/templates/csi-smb-driver.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
--- a/charts/v1.10.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/v1.10.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
@ -0,0 +1,169 @@
+{{- if .Values.windows.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: system-node-critical
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: C:\csi
+              name: plugin-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(CSI_ENDPOINT)
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --v=2
+            - --csi-address=$(CSI_ENDPOINT)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar.exe
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: registration-dir
+              mountPath: C:\registration
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: {{ .Values.windows.kubelet }}\
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: csi-proxy-fs-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1
+            - name: csi-proxy-smb-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-smb-v1
+            # these paths are still included for compatibility, they're used
+            # only if the node has still the beta version of the CSI proxy
+            - name: csi-proxy-fs-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1
+            - name: csi-proxy-smb-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-smb-v1beta1
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+      volumes:
+        - name: csi-proxy-fs-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1
+        - name: csi-proxy-smb-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1
+        # these paths are still included for compatibility, they're used
+        # only if the node has still the beta version of the CSI proxy
+        - name: csi-proxy-fs-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1beta1
+        - name: csi-proxy-smb-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1beta1
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins_registry\
+            type: Directory
+        - name: kubelet-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\
+            type: DirectoryOrCreate
+{{- end -}}
--- a/charts/v1.10.0/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/v1.10.0/csi-driver-smb/templates/csi-smb-node.yaml
@ -0,0 +1,152 @@
+{{- if .Values.linux.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.linux.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.linux.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.linux.dsName }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}    
+      hostNetwork: true
+      dnsPolicy: {{ .Values.linux.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}/
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+          resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- end -}}
--- a/charts/v1.10.0/csi-driver-smb/templates/rbac-csi-smb.yaml
+++ b/charts/v1.10.0/csi-driver-smb/templates/rbac-csi-smb.yaml
@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
--- a/charts/v1.10.0/csi-driver-smb/values.yaml
+++ b/charts/v1.10.0/csi-driver-smb/values.yaml
@ -0,0 +1,154 @@
+image:
+  baseRepo: registry.k8s.io/sig-storage
+  smb:
+    repository: registry.k8s.io/sig-storage/smbplugin
+    tag: v1.10.0
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: registry.k8s.io/sig-storage/csi-provisioner
+    tag: v3.3.0
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: registry.k8s.io/sig-storage/livenessprobe
+    tag: v2.8.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+    tag: v2.6.2
+    pullPolicy: IfNotPresent
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-smb-controller-sa
+  node: csi-smb-node-sa
+
+rbac:
+  create: true
+  name: smb
+
+driver:
+  name: smb.csi.k8s.io
+
+feature:
+  enableGetVolumeStats: true
+
+controller:
+  name: csi-smb-controller
+  replicas: 1
+  dnsPolicy: Default  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  metricsPort: 29644
+  livenessProbe:
+    healthPort: 29642
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  workingMountDir: "/tmp"
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 300Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  maxUnavailable: 1
+  metricsPort: 29645
+  logLevel: 5
+  livenessProbe:
+    healthPort: 29643
+  affinity: {}
+  nodeSelector: {}
+
+linux:
+  enabled: true
+  dsName: csi-smb-node # daemonset name
+  dnsPolicy: Default  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  kubelet: /var/lib/kubelet
+  tolerations:
+    - operator: "Exists"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+
+windows:
+  enabled: false
+  dsName: csi-smb-node-win # daemonset name
+  kubelet: 'C:\var\lib\kubelet'
+  removeSMBMappingDuringUnmount: true
+  tolerations:
+    - key: "node.kubernetes.io/os"
+      operator: "Exists"
+      effect: "NoSchedule"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+
+customLabels: {}
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: {}
--- a/charts/v1.11.0/csi-driver-smb-v1.11.0.tgz
+++ b/charts/v1.11.0/csi-driver-smb-v1.11.0.tgz
--- a/charts/v1.11.0/csi-driver-smb/Chart.yaml
+++ b/charts/v1.11.0/csi-driver-smb/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.11.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.11.0
--- a/charts/v1.11.0/csi-driver-smb/templates/NOTES.txt
+++ b/charts/v1.11.0/csi-driver-smb/templates/NOTES.txt
@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/v1.11.0/csi-driver-smb/templates/_helpers.tpl
+++ b/charts/v1.11.0/csi-driver-smb/templates/_helpers.tpl
@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+  app.kubernetes.io/instance: "{{ .Release.Name }}"
+  app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+  app.kubernetes.io/name: "{{ template "smb.name" . }}"
+  app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+  helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+  {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+  {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/v1.11.0/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/v1.11.0/csi-driver-smb/templates/csi-smb-controller.yaml
@ -0,0 +1,132 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.controller.name }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      hostNetwork: true
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--extra-create-metadata=true"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+          ports:
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.smb | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
--- a/charts/v1.11.0/csi-driver-smb/templates/csi-smb-driver.yaml
+++ b/charts/v1.11.0/csi-driver-smb/templates/csi-smb-driver.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
--- a/charts/v1.11.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/v1.11.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
@ -0,0 +1,171 @@
+{{- if .Values.windows.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: C:\csi
+              name: plugin-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(CSI_ENDPOINT)
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --v=2
+            - --csi-address=$(CSI_ENDPOINT)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar.exe
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: registration-dir
+              mountPath: C:\registration
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: {{ .Values.windows.kubelet }}\
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: csi-proxy-fs-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1
+            - name: csi-proxy-smb-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-smb-v1
+            # these paths are still included for compatibility, they're used
+            # only if the node has still the beta version of the CSI proxy
+            - name: csi-proxy-fs-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1
+            - name: csi-proxy-smb-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-smb-v1beta1
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+      volumes:
+        - name: csi-proxy-fs-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1
+        - name: csi-proxy-smb-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1
+        # these paths are still included for compatibility, they're used
+        # only if the node has still the beta version of the CSI proxy
+        - name: csi-proxy-fs-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1beta1
+        - name: csi-proxy-smb-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1beta1
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins_registry\
+            type: Directory
+        - name: kubelet-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\
+            type: DirectoryOrCreate
+{{- end -}}
--- a/charts/v1.11.0/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/v1.11.0/csi-driver-smb/templates/csi-smb-node.yaml
@ -0,0 +1,153 @@
+{{- if .Values.linux.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.linux.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.linux.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.linux.dsName }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}    
+      hostNetwork: true
+      dnsPolicy: {{ .Values.linux.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}/
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+          resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+{{- end -}}
--- a/charts/v1.11.0/csi-driver-smb/templates/rbac-csi-smb.yaml
+++ b/charts/v1.11.0/csi-driver-smb/templates/rbac-csi-smb.yaml
@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
--- a/charts/v1.11.0/csi-driver-smb/values.yaml
+++ b/charts/v1.11.0/csi-driver-smb/values.yaml
@ -0,0 +1,153 @@
+image:
+  baseRepo: registry.k8s.io/sig-storage
+  smb:
+    repository: registry.k8s.io/sig-storage/smbplugin
+    tag: v1.11.0
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: registry.k8s.io/sig-storage/csi-provisioner
+    tag: v3.5.0
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: registry.k8s.io/sig-storage/livenessprobe
+    tag: v2.10.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+    tag: v2.8.0
+    pullPolicy: IfNotPresent
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-smb-controller-sa
+  node: csi-smb-node-sa
+
+rbac:
+  create: true
+  name: smb
+
+driver:
+  name: smb.csi.k8s.io
+
+feature:
+  enableGetVolumeStats: true
+
+controller:
+  name: csi-smb-controller
+  replicas: 1
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  metricsPort: 29644
+  livenessProbe:
+    healthPort: 29642
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  workingMountDir: "/tmp"
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 300Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  maxUnavailable: 1
+  logLevel: 5
+  livenessProbe:
+    healthPort: 29643
+  affinity: {}
+  nodeSelector: {}
+
+linux:
+  enabled: true
+  dsName: csi-smb-node # daemonset name
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  kubelet: /var/lib/kubelet
+  tolerations:
+    - operator: "Exists"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+
+windows:
+  enabled: false
+  dsName: csi-smb-node-win # daemonset name
+  kubelet: 'C:\var\lib\kubelet'
+  removeSMBMappingDuringUnmount: true
+  tolerations:
+    - key: "node.kubernetes.io/os"
+      operator: "Exists"
+      effect: "NoSchedule"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+
+customLabels: {}
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: { seccompProfile: {type: RuntimeDefault} }
--- a/charts/v1.12.0/csi-driver-smb-v1.12.0.tgz
+++ b/charts/v1.12.0/csi-driver-smb-v1.12.0.tgz
--- a/charts/v1.12.0/csi-driver-smb/Chart.yaml
+++ b/charts/v1.12.0/csi-driver-smb/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.12.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.12.0
--- a/charts/v1.12.0/csi-driver-smb/templates/NOTES.txt
+++ b/charts/v1.12.0/csi-driver-smb/templates/NOTES.txt
@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/v1.12.0/csi-driver-smb/templates/_helpers.tpl
+++ b/charts/v1.12.0/csi-driver-smb/templates/_helpers.tpl
@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+  app.kubernetes.io/instance: "{{ .Release.Name }}"
+  app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+  app.kubernetes.io/name: "{{ template "smb.name" . }}"
+  app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+  helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+  {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+  {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/v1.12.0/csi-driver-smb/templates/csi-proxy-windows.yaml
+++ b/charts/v1.12.0/csi-driver-smb/templates/csi-proxy-windows.yaml
@ -0,0 +1,48 @@
+{{- if .Values.windows.csiproxy.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.csiproxy.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.csiproxy.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.csiproxy.dsName }}
+    spec:
+{{- with .Values.windows.csiproxy.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: {{ .Values.windows.csiproxy.username | quote }} 
+      hostNetwork: true
+      nodeSelector:
+{{- with .Values.windows.csiproxy.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-proxy
+{{- if hasPrefix "/" .Values.image.csiproxy.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.csiproxy.pullPolicy }}
+{{- end -}}
--- a/charts/v1.12.0/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/v1.12.0/csi-driver-smb/templates/csi-smb-controller.yaml
@ -0,0 +1,132 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.controller.name }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      hostNetwork: true
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--extra-create-metadata=true"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+          ports:
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.smb | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
--- a/charts/v1.12.0/csi-driver-smb/templates/csi-smb-driver.yaml
+++ b/charts/v1.12.0/csi-driver-smb/templates/csi-smb-driver.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
--- a/charts/v1.12.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/v1.12.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
@ -0,0 +1,171 @@
+{{- if .Values.windows.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: C:\csi
+              name: plugin-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(CSI_ENDPOINT)
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --v=2
+            - --csi-address=$(CSI_ENDPOINT)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar.exe
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: registration-dir
+              mountPath: C:\registration
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: {{ .Values.windows.kubelet }}\
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: csi-proxy-fs-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1
+            - name: csi-proxy-smb-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-smb-v1
+            # these paths are still included for compatibility, they're used
+            # only if the node has still the beta version of the CSI proxy
+            - name: csi-proxy-fs-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1
+            - name: csi-proxy-smb-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-smb-v1beta1
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+      volumes:
+        - name: csi-proxy-fs-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1
+        - name: csi-proxy-smb-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1
+        # these paths are still included for compatibility, they're used
+        # only if the node has still the beta version of the CSI proxy
+        - name: csi-proxy-fs-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1beta1
+        - name: csi-proxy-smb-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1beta1
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins_registry\
+            type: Directory
+        - name: kubelet-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\
+            type: DirectoryOrCreate
+{{- end -}}
--- a/charts/v1.12.0/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/v1.12.0/csi-driver-smb/templates/csi-smb-node.yaml
@ -0,0 +1,153 @@
+{{- if .Values.linux.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.linux.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.linux.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.linux.dsName }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}    
+      hostNetwork: true
+      dnsPolicy: {{ .Values.linux.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}/
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+          resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+{{- end -}}
--- a/charts/v1.12.0/csi-driver-smb/templates/rbac-csi-smb.yaml
+++ b/charts/v1.12.0/csi-driver-smb/templates/rbac-csi-smb.yaml
@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
--- a/charts/v1.12.0/csi-driver-smb/values.yaml
+++ b/charts/v1.12.0/csi-driver-smb/values.yaml
@ -0,0 +1,164 @@
+image:
+  baseRepo: registry.k8s.io/sig-storage
+  smb:
+    repository: registry.k8s.io/sig-storage/smbplugin
+    tag: v1.12.0
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: registry.k8s.io/sig-storage/csi-provisioner
+    tag: v3.5.0
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: registry.k8s.io/sig-storage/livenessprobe
+    tag: v2.10.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+    tag: v2.8.0
+    pullPolicy: IfNotPresent
+  csiproxy:
+    repository: ghcr.io/kubernetes-sigs/sig-windows/csi-provisioner
+    tag: v1.1.2
+    pullPolicy: IfNotPresent
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-smb-controller-sa
+  node: csi-smb-node-sa
+
+rbac:
+  create: true
+  name: smb
+
+driver:
+  name: smb.csi.k8s.io
+
+feature:
+  enableGetVolumeStats: true
+
+controller:
+  name: csi-smb-controller
+  replicas: 1
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  metricsPort: 29644
+  livenessProbe:
+    healthPort: 29642
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  workingMountDir: "/tmp"
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 300Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  maxUnavailable: 1
+  logLevel: 5
+  livenessProbe:
+    healthPort: 29643
+  affinity: {}
+  nodeSelector: {}
+
+linux:
+  enabled: true
+  dsName: csi-smb-node # daemonset name
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  kubelet: /var/lib/kubelet
+  tolerations:
+    - operator: "Exists"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+
+windows:
+  enabled: false # Unless you already had csi proxy installed, windows.csiproxy.enabled=true is required
+  dsName: csi-smb-node-win # daemonset name
+  kubelet: 'C:\var\lib\kubelet'
+  removeSMBMappingDuringUnmount: true
+  tolerations:
+    - key: "node.kubernetes.io/os"
+      operator: "Exists"
+      effect: "NoSchedule"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+  csiproxy:
+    enabled: false # required if windows.enabled is true, but may be installed manually also
+    dsName: csi-proxy-win # daemonset name
+    tolerations: {}
+    affinity: {}
+    nodeSelector:
+      "kubernetes.io/os": windows
+
+customLabels: {}
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: { seccompProfile: {type: RuntimeDefault} }
--- a/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz
+++ b/charts/v1.13.0/csi-driver-smb-v1.13.0.tgz
--- a/charts/v1.13.0/csi-driver-smb/Chart.yaml
+++ b/charts/v1.13.0/csi-driver-smb/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.13.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.13.0
--- a/charts/v1.13.0/csi-driver-smb/templates/NOTES.txt
+++ b/charts/v1.13.0/csi-driver-smb/templates/NOTES.txt
@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/v1.13.0/csi-driver-smb/templates/_helpers.tpl
+++ b/charts/v1.13.0/csi-driver-smb/templates/_helpers.tpl
@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+  app.kubernetes.io/instance: "{{ .Release.Name }}"
+  app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+  app.kubernetes.io/name: "{{ template "smb.name" . }}"
+  app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+  helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+  {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+  {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/v1.13.0/csi-driver-smb/templates/csi-proxy-windows.yaml
+++ b/charts/v1.13.0/csi-driver-smb/templates/csi-proxy-windows.yaml
@ -0,0 +1,48 @@
+{{- if .Values.windows.csiproxy.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.csiproxy.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.csiproxy.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.csiproxy.dsName }}
+    spec:
+{{- with .Values.windows.csiproxy.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: {{ .Values.windows.csiproxy.username | quote }} 
+      hostNetwork: true
+      nodeSelector:
+{{- with .Values.windows.csiproxy.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-proxy
+{{- if hasPrefix "/" .Values.image.csiproxy.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.csiproxy.pullPolicy }}
+{{- end -}}
--- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-controller.yaml
@ -0,0 +1,143 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  strategy:
+    type: Recreate
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.controller.name }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      hostNetwork: true
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--extra-create-metadata=true"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+          ports:
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          securityContext:
+            privileged: true
+            capabilities:
+              drop:
+              - ALL
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.smb | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
--- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-driver.yaml
+++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-driver.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
--- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
@ -0,0 +1,183 @@
+{{- if .Values.windows.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: C:\csi
+              name: plugin-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(CSI_ENDPOINT)
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --v=2
+            - --csi-address=$(CSI_ENDPOINT)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar.exe
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: registration-dir
+              mountPath: C:\registration
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: {{ .Values.windows.kubelet }}\
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: csi-proxy-fs-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1
+            - name: csi-proxy-smb-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-smb-v1
+            # these paths are still included for compatibility, they're used
+            # only if the node has still the beta version of the CSI proxy
+            - name: csi-proxy-fs-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1
+            - name: csi-proxy-smb-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-smb-v1beta1
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+      volumes:
+        - name: csi-proxy-fs-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1
+        - name: csi-proxy-smb-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1
+        # these paths are still included for compatibility, they're used
+        # only if the node has still the beta version of the CSI proxy
+        - name: csi-proxy-fs-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1beta1
+        - name: csi-proxy-smb-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1beta1
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins_registry\
+            type: Directory
+        - name: kubelet-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\
+            type: DirectoryOrCreate
+{{- end -}}
--- a/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/v1.13.0/csi-driver-smb/templates/csi-smb-node.yaml
@ -0,0 +1,163 @@
+{{- if .Values.linux.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.linux.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.linux.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.linux.dsName }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}    
+      hostNetwork: true
+      dnsPolicy: {{ .Values.linux.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          securityContext:
+            privileged: true
+            capabilities:
+              drop:
+              - ALL
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}/
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+          resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+{{- end -}}
--- a/charts/v1.13.0/csi-driver-smb/templates/rbac-csi-smb.yaml
+++ b/charts/v1.13.0/csi-driver-smb/templates/rbac-csi-smb.yaml
@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
--- a/charts/v1.13.0/csi-driver-smb/values.yaml
+++ b/charts/v1.13.0/csi-driver-smb/values.yaml
@ -0,0 +1,165 @@
+image:
+  baseRepo: registry.k8s.io/sig-storage
+  smb:
+    repository: registry.k8s.io/sig-storage/smbplugin
+    tag: v1.13.0
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: registry.k8s.io/sig-storage/csi-provisioner
+    tag: v3.6.1
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: registry.k8s.io/sig-storage/livenessprobe
+    tag: v2.11.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+    tag: v2.9.0
+    pullPolicy: IfNotPresent
+  csiproxy:
+    repository: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy
+    tag: v1.1.2
+    pullPolicy: IfNotPresent
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-smb-controller-sa
+  node: csi-smb-node-sa
+
+rbac:
+  create: true
+  name: smb
+
+driver:
+  name: smb.csi.k8s.io
+
+feature:
+  enableGetVolumeStats: true
+
+controller:
+  name: csi-smb-controller
+  replicas: 1
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  metricsPort: 29644
+  livenessProbe:
+    healthPort: 29642
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  workingMountDir: "/tmp"
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 300Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  maxUnavailable: 1
+  logLevel: 5
+  livenessProbe:
+    healthPort: 29643
+  affinity: {}
+  nodeSelector: {}
+
+linux:
+  enabled: true
+  dsName: csi-smb-node # daemonset name
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  kubelet: /var/lib/kubelet
+  tolerations:
+    - operator: "Exists"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+
+windows:
+  enabled: false # Unless you already had csi proxy installed, windows.csiproxy.enabled=true is required
+  dsName: csi-smb-node-win # daemonset name
+  kubelet: 'C:\var\lib\kubelet'
+  removeSMBMappingDuringUnmount: true
+  tolerations:
+    - key: "node.kubernetes.io/os"
+      operator: "Exists"
+      effect: "NoSchedule"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+  csiproxy:
+    enabled: false # required if windows.enabled is true, but may be installed manually also
+    dsName: csi-proxy-win # daemonset name
+    tolerations: {}
+    affinity: {}
+    username: "NT AUTHORITY\\SYSTEM"
+    nodeSelector:
+      "kubernetes.io/os": windows
+
+customLabels: {}
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: { seccompProfile: {type: RuntimeDefault} }
--- a/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz
+++ b/charts/v1.14.0/csi-driver-smb-v1.14.0.tgz
--- a/charts/v1.14.0/csi-driver-smb/Chart.yaml
+++ b/charts/v1.14.0/csi-driver-smb/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.14.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.14.0
--- a/charts/v1.14.0/csi-driver-smb/templates/NOTES.txt
+++ b/charts/v1.14.0/csi-driver-smb/templates/NOTES.txt
@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/v1.14.0/csi-driver-smb/templates/_helpers.tpl
+++ b/charts/v1.14.0/csi-driver-smb/templates/_helpers.tpl
@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+  app.kubernetes.io/instance: "{{ .Release.Name }}"
+  app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+  app.kubernetes.io/name: "{{ template "smb.name" . }}"
+  app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+  helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+  {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+  {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/v1.14.0/csi-driver-smb/templates/csi-proxy-windows.yaml
+++ b/charts/v1.14.0/csi-driver-smb/templates/csi-proxy-windows.yaml
@ -0,0 +1,48 @@
+{{- if .Values.windows.csiproxy.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.csiproxy.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.csiproxy.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.csiproxy.dsName }}
+    spec:
+{{- with .Values.windows.csiproxy.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: {{ .Values.windows.csiproxy.username | quote }} 
+      hostNetwork: true
+      nodeSelector:
+{{- with .Values.windows.csiproxy.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-proxy
+{{- if hasPrefix "/" .Values.image.csiproxy.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.csiproxy.pullPolicy }}
+{{- end -}}
--- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-controller.yaml
+++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-controller.yaml
@ -0,0 +1,141 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.controller.name }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  strategy:
+    type: Recreate
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.controller.name }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.controller.name }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.controller.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      hostNetwork: true
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
+      nodeSelector:
+{{- with .Values.controller.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+        kubernetes.io/os: linux
+        {{- if .Values.controller.runOnMaster}}
+        node-role.kubernetes.io/master: ""
+        {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.controller.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-provisioner
+{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+{{- end }}
+          args:
+            - "-v=2"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - "--extra-create-metadata=true"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: liveness-probe
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --http-endpoint=localhost:{{ .Values.controller.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.controller.logLevel }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+          ports:
+            - containerPort: {{ .Values.controller.metricsPort }}
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              host: localhost
+              path: /healthz
+              port: {{ .Values.controller.livenessProbe.healthPort }}
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          securityContext:
+            privileged: true
+            capabilities:
+              drop:
+              - ALL
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+          resources: {{- toYaml .Values.controller.resources.smb | nindent 12 }}
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
--- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-driver.yaml
+++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-driver.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.driver.name }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
--- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
+++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node-windows.yaml
@ -0,0 +1,183 @@
+{{- if .Values.windows.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: C:\csi
+              name: plugin-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(CSI_ENDPOINT)
+            - --probe-timeout=3s
+            - --health-port={{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --v=2
+            - --csi-address=$(CSI_ENDPOINT)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar.exe
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 60
+            timeoutSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.windows.kubelet | replace "\\" "\\\\" }}\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: registration-dir
+              mountPath: C:\registration
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+          ports:
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://C:\\csi\\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: {{ .Values.windows.kubelet }}\
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: csi-proxy-fs-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1
+            - name: csi-proxy-smb-pipe-v1
+              mountPath: \\.\pipe\csi-proxy-smb-v1
+            # these paths are still included for compatibility, they're used
+            # only if the node has still the beta version of the CSI proxy
+            - name: csi-proxy-fs-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1beta1
+            - name: csi-proxy-smb-pipe-v1beta1
+              mountPath: \\.\pipe\csi-proxy-smb-v1beta1
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+      volumes:
+        - name: csi-proxy-fs-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1
+        - name: csi-proxy-smb-pipe-v1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1
+        # these paths are still included for compatibility, they're used
+        # only if the node has still the beta version of the CSI proxy
+        - name: csi-proxy-fs-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-filesystem-v1beta1
+        - name: csi-proxy-smb-pipe-v1beta1
+          hostPath:
+            path: \\.\pipe\csi-proxy-smb-v1beta1
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins_registry\
+            type: Directory
+        - name: kubelet-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\
+            type: DirectoryOrCreate
+{{- end -}}
--- a/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node.yaml
+++ b/charts/v1.14.0/csi-driver-smb/templates/csi-smb-node.yaml
@ -0,0 +1,172 @@
+{{- if .Values.linux.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.linux.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.linux.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.linux.dsName }}
+        {{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+{{- if .Values.podAnnotations }}
+      annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}    
+      hostNetwork: true
+      dnsPolicy: {{ .Values.linux.dnsPolicy }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      nodeSelector:
+        kubernetes.io/os: linux
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+{{- with .Values.linux.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: liveness-probe
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- else }}
+          image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+{{- end }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --probe-timeout=3s
+            - --http-endpoint=localhost:{{ .Values.node.livenessProbe.healthPort }}
+            - --v=2
+          imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+          resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }}
+          securityContext:
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+              - ALL
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=2
+          livenessProbe:
+            exec:
+              command:
+                - /csi-node-driver-registrar
+                - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+                - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources: {{- toYaml .Values.linux.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(KUBE_NODE_NAME)"
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--krb5-prefix={{ .Values.linux.krb5Prefix }}"
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              host: localhost
+              path: /healthz
+              port: {{ .Values.node.livenessProbe.healthPort }}
+            initialDelaySeconds: 30
+            timeoutSeconds: 10
+            periodSeconds: 30
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          securityContext:
+            privileged: true
+            capabilities:
+              drop:
+              - ALL
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: {{ .Values.linux.kubelet }}
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+{{- if ne .Values.linux.krb5CacheDirectory "" }}
+            - mountPath: {{ .Values.linux.kubelet }}/kerberos/
+              mountPropagation: Bidirectional
+              name: krb5cache-dir
+{{- end }}
+          resources: {{- toYaml .Values.linux.resources.smb | nindent 12 }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: {{ .Values.linux.kubelet }}/plugins_registry/
+            type: DirectoryOrCreate
+          name: registration-dir
+{{- if ne .Values.linux.krb5CacheDirectory "" }}
+        - hostPath:
+            path: {{ .Values.linux.krb5CacheDirectory }}
+            type: DirectoryOrCreate
+          name: krb5cache-dir
+{{- end }}
+{{- end -}}
--- a/charts/v1.14.0/csi-driver-smb/templates/rbac-csi-smb.yaml
+++ b/charts/v1.14.0/csi-driver-smb/templates/rbac-csi-smb.yaml
@ -0,0 +1,65 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.controller }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.node }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+{{ end }}
+
+{{- if .Values.rbac.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+{{ include "smb.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
+{{ include "smb.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
--- a/charts/v1.14.0/csi-driver-smb/values.yaml
+++ b/charts/v1.14.0/csi-driver-smb/values.yaml
@ -0,0 +1,167 @@
+image:
+  baseRepo: registry.k8s.io/sig-storage
+  smb:
+    repository: registry.k8s.io/sig-storage/smbplugin
+    tag: v1.14.0
+    pullPolicy: IfNotPresent
+  csiProvisioner:
+    repository: registry.k8s.io/sig-storage/csi-provisioner
+    tag: v4.0.0
+    pullPolicy: IfNotPresent
+  livenessProbe:
+    repository: registry.k8s.io/sig-storage/livenessprobe
+    tag: v2.12.0
+    pullPolicy: IfNotPresent
+  nodeDriverRegistrar:
+    repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
+    tag: v2.10.0
+    pullPolicy: IfNotPresent
+  csiproxy:
+    repository: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy
+    tag: v1.1.2
+    pullPolicy: IfNotPresent
+
+serviceAccount:
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-smb-controller-sa
+  node: csi-smb-node-sa
+
+rbac:
+  create: true
+  name: smb
+
+driver:
+  name: smb.csi.k8s.io
+
+feature:
+  enableGetVolumeStats: true
+
+controller:
+  name: csi-smb-controller
+  replicas: 1
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  metricsPort: 29644
+  livenessProbe:
+    healthPort: 29642
+  runOnMaster: false
+  runOnControlPlane: false
+  logLevel: 5
+  workingMountDir: "/tmp"
+  resources:
+    csiProvisioner:
+      limits:
+        memory: 300Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+  affinity: {}
+  nodeSelector: {}
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/controlplane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+node:
+  maxUnavailable: 1
+  logLevel: 5
+  livenessProbe:
+    healthPort: 29643
+  affinity: {}
+  nodeSelector: {}
+
+linux:
+  enabled: true
+  dsName: csi-smb-node # daemonset name
+  dnsPolicy: ClusterFirstWithHostNet  # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+  kubelet: /var/lib/kubelet
+  krb5CacheDirectory: "" # directory for kerberos credential cache, empty string means default(/var/lib/kubelet/kerberos/)
+  krb5Prefix: "" # prefix for kerberos credential cache, empty string means default(krb5cc_)
+  tolerations:
+    - operator: "Exists"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
+
+windows:
+  enabled: false # Unless you already had csi proxy installed, windows.csiproxy.enabled=true is required
+  dsName: csi-smb-node-win # daemonset name
+  kubelet: 'C:\var\lib\kubelet'
+  removeSMBMappingDuringUnmount: true
+  tolerations:
+    - key: "node.kubernetes.io/os"
+      operator: "Exists"
+      effect: "NoSchedule"
+  resources:
+    livenessProbe:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    nodeDriverRegistrar:
+      limits:
+        memory: 150Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    smb:
+      limits:
+        memory: 200Mi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+  csiproxy:
+    enabled: false # required if windows.enabled is true, but may be installed manually also
+    dsName: csi-proxy-win # daemonset name
+    tolerations: {}
+    affinity: {}
+    username: "NT AUTHORITY\\SYSTEM"
+    nodeSelector:
+      "kubernetes.io/os": windows
+
+customLabels: {}
+## Collection of annotations to add to all the pods
+podAnnotations: {}
+## Collection of labels to add to all the pods
+podLabels: {}
+## Leverage a PriorityClass to ensure your pods survive resource shortages
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+priorityClassName: system-cluster-critical
+## Security context give the opportunity to run container as nonroot by setting a securityContext
+## by example :
+## securityContext: { runAsUser: 1001 }
+securityContext: { seccompProfile: {type: RuntimeDefault} }
--- a/charts/v1.15.0/csi-driver-smb-v1.15.0.tgz
+++ b/charts/v1.15.0/csi-driver-smb-v1.15.0.tgz
--- a/charts/v1.15.0/csi-driver-smb/Chart.yaml
+++ b/charts/v1.15.0/csi-driver-smb/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v1.15.0
+description: SMB CSI Driver for Kubernetes
+name: csi-driver-smb
+version: v1.15.0
--- a/charts/v1.15.0/csi-driver-smb/templates/NOTES.txt
+++ b/charts/v1.15.0/csi-driver-smb/templates/NOTES.txt
@ -0,0 +1,5 @@
+The CSI SMB Driver is getting deployed to your cluster.
+
+To check CSI SMB Driver pods status, please run:
+
+  kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch
--- a/charts/v1.15.0/csi-driver-smb/templates/_helpers.tpl
+++ b/charts/v1.15.0/csi-driver-smb/templates/_helpers.tpl
@ -0,0 +1,29 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "smb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "smb.labels" -}}
+labels:
+  app.kubernetes.io/instance: "{{ .Release.Name }}"
+  app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+  app.kubernetes.io/name: "{{ template "smb.name" . }}"
+  app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+  helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+  {{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 2 -}}
+  {{- end }}
+{{- end -}}
+
+{{/* pull secrets for containers */}}
+{{- define "smb.pullSecrets" -}}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- a/charts/v1.15.0/csi-driver-smb/templates/csi-proxy-windows.yaml
+++ b/charts/v1.15.0/csi-driver-smb/templates/csi-proxy-windows.yaml
@ -0,0 +1,48 @@
+{{- if .Values.windows.csiproxy.enabled}}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.csiproxy.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.csiproxy.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.csiproxy.dsName }}
+    spec:
+{{- with .Values.windows.csiproxy.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: {{ .Values.windows.csiproxy.username | quote }} 
+      hostNetwork: true
+      nodeSelector:
+{{- with .Values.windows.csiproxy.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      containers:
+        - name: csi-proxy
+{{- if hasPrefix "/" .Values.image.csiproxy.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiproxy.repository }}:{{ .Values.image.csiproxy.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.csiproxy.pullPolicy }}
+{{- end -}}
--- a/Show More
+++ b/Show More