From 827520642080e30c3a18a74a7c1a67e39475aa8f Mon Sep 17 00:00:00 2001 From: Sid Shukla Date: Tue, 23 Jul 2024 14:54:01 +0200 Subject: [PATCH] Update CCM to v0.4.0 (#459) Update cluster templates --- templates/ccm/nutanix-ccm.yaml | 6 +- templates/cluster-template-csi.yaml | 6 +- templates/cluster-template-topology.yaml | 3 +- templates/cluster-template.yaml | 6 +- templates/topology/kustomization.yaml | 11 +- templates/topology/nutanix-ccm-crs.yaml | 22 -- templates/topology/nutanix-ccm-secret.yaml | 26 --- templates/topology/nutanix-ccm.yaml | 211 ------------------ .../infrastructure-nutanix/ccm-update.yaml | 2 +- 9 files changed, 14 insertions(+), 279 deletions(-) delete mode 100644 templates/topology/nutanix-ccm-crs.yaml delete mode 100644 templates/topology/nutanix-ccm-secret.yaml delete mode 100644 templates/topology/nutanix-ccm.yaml diff --git a/templates/ccm/nutanix-ccm.yaml b/templates/ccm/nutanix-ccm.yaml index fc92ec6f8b..baa002a5e1 100644 --- a/templates/ccm/nutanix-ccm.yaml +++ b/templates/ccm/nutanix-ccm.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: ${CLUSTER_NAME}-pc-trusted-ca-bundle + name: nutanix-ccm-pc-trusted-ca-bundle namespace: kube-system binaryData: ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} @@ -34,7 +34,7 @@ data: }, "additionalTrustBundle": { "kind": "ConfigMap", - "name": "${CLUSTER_NAME}-pc-trusted-ca-bundle", + "name": "nutanix-ccm-pc-trusted-ca-bundle", "namespace": "kube-system" } }, @@ -186,7 +186,7 @@ spec: key: node.kubernetes.io/not-ready operator: Exists containers: - - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.4.0}" imagePullPolicy: IfNotPresent name: nutanix-cloud-controller-manager env: diff --git a/templates/cluster-template-csi.yaml b/templates/cluster-template-csi.yaml index 427abe4f17..b9ce571b89 100644 --- a/templates/cluster-template-csi.yaml +++ b/templates/cluster-template-csi.yaml @@ -13,7 +13,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: ${CLUSTER_NAME}-pc-trusted-ca-bundle + name: nutanix-ccm-pc-trusted-ca-bundle namespace: kube-system binaryData: ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} @@ -45,7 +45,7 @@ data: }, "additionalTrustBundle": { "kind": "ConfigMap", - "name": "${CLUSTER_NAME}-pc-trusted-ca-bundle", + "name": "nutanix-ccm-pc-trusted-ca-bundle", "namespace": "kube-system" } }, @@ -197,7 +197,7 @@ data: key: node.kubernetes.io/not-ready operator: Exists containers: - - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.4.0}" imagePullPolicy: IfNotPresent name: nutanix-cloud-controller-manager env: diff --git a/templates/cluster-template-topology.yaml b/templates/cluster-template-topology.yaml index 116ac7f34d..64f6b3ef4f 100644 --- a/templates/cluster-template-topology.yaml +++ b/templates/cluster-template-topology.yaml @@ -196,7 +196,7 @@ data: key: node.kubernetes.io/not-ready operator: Exists containers: - - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.4.0}" imagePullPolicy: IfNotPresent name: nutanix-cloud-controller-manager env: @@ -207,6 +207,7 @@ data: args: - "--leader-elect=true" - "--cloud-config=/etc/cloud/nutanix_config.json" + - "--tls-cipher-suites=${TLS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}" resources: requests: cpu: 100m diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml index f520e23149..0d07f21053 100644 --- a/templates/cluster-template.yaml +++ b/templates/cluster-template.yaml @@ -13,7 +13,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: ${CLUSTER_NAME}-pc-trusted-ca-bundle + name: nutanix-ccm-pc-trusted-ca-bundle namespace: kube-system binaryData: ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} @@ -45,7 +45,7 @@ data: }, "additionalTrustBundle": { "kind": "ConfigMap", - "name": "${CLUSTER_NAME}-pc-trusted-ca-bundle", + "name": "nutanix-ccm-pc-trusted-ca-bundle", "namespace": "kube-system" } }, @@ -197,7 +197,7 @@ data: key: node.kubernetes.io/not-ready operator: Exists containers: - - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.4.0}" imagePullPolicy: IfNotPresent name: nutanix-cloud-controller-manager env: diff --git a/templates/topology/kustomization.yaml b/templates/topology/kustomization.yaml index ef14e91f94..9502ce6673 100644 --- a/templates/topology/kustomization.yaml +++ b/templates/topology/kustomization.yaml @@ -1,18 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -configMapGenerator: -- behavior: merge - files: - - nutanix-ccm.yaml - name: nutanix-ccm - - resources: +- ../ccm - ./cm.yaml - ./cluster-with-topology.yaml - ./secret.yaml -- ./nutanix-ccm-secret.yaml -- ./nutanix-ccm-crs.yaml + patches: - path: ./ccm-patch.yaml diff --git a/templates/topology/nutanix-ccm-crs.yaml b/templates/topology/nutanix-ccm-crs.yaml deleted file mode 100644 index 843631017f..0000000000 --- a/templates/topology/nutanix-ccm-crs.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: addons.cluster.x-k8s.io/v1beta1 -kind: ClusterResourceSet -metadata: - name: nutanix-ccm-crs -spec: - clusterSelector: - matchLabels: - ccm: nutanix - resources: - - kind: ConfigMap - name: nutanix-ccm - - kind: Secret - name: nutanix-ccm-secret - - kind: ConfigMap - name: nutanix-ccm-pc-trusted-ca-bundle - strategy: ApplyOnce ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nutanix-ccm -data: diff --git a/templates/topology/nutanix-ccm-secret.yaml b/templates/topology/nutanix-ccm-secret.yaml deleted file mode 100644 index 2c5ddbe59b..0000000000 --- a/templates/topology/nutanix-ccm-secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: nutanix-ccm-secret -type: addons.cluster.x-k8s.io/resource-set -stringData: - nutanix-ccm-secret.yaml: | - apiVersion: v1 - kind: Secret - metadata: - name: nutanix-creds - namespace: kube-system - stringData: - credentials: | - [ - { - "type": "basic_auth", - "data": { - "prismCentral":{ - "username": "${NUTANIX_USER}", - "password": "${NUTANIX_PASSWORD}" - }, - "prismElements": null - } - } - ] diff --git a/templates/topology/nutanix-ccm.yaml b/templates/topology/nutanix-ccm.yaml deleted file mode 100644 index 8af3d9d319..0000000000 --- a/templates/topology/nutanix-ccm.yaml +++ /dev/null @@ -1,211 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nutanix-ccm-pc-trusted-ca-bundle - namespace: kube-system -binaryData: - ca.crt: ${NUTANIX_ADDITIONAL_TRUST_BUNDLE=""} ---- -# Source: nutanix-cloud-provider/templates/rbac.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cloud-controller-manager - namespace: kube-system ---- -# Source: nutanix-cloud-provider/templates/cm.yaml -kind: ConfigMap -apiVersion: v1 -metadata: - name: nutanix-config - namespace: kube-system -data: - nutanix_config.json: |- - { - "prismCentral": { - "address": "${NUTANIX_ENDPOINT}", - "port": ${NUTANIX_PORT=9440}, - "insecure": ${NUTANIX_INSECURE=false}, - "credentialRef": { - "kind": "secret", - "name": "nutanix-creds", - "namespace": "kube-system" - }, - "additionalTrustBundle": { - "kind": "ConfigMap", - "name": "nutanix-ccm-pc-trusted-ca-bundle", - "namespace": "kube-system" - } - }, - "enableCustomLabeling": ${CCM_CUSTOM_LABEL=false}, - "topologyDiscovery": { - "type": "Prism" - } - } ---- -# Source: nutanix-cloud-provider/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - name: system:cloud-controller-manager -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - "*" - - apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - watch - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -# Source: nutanix-cloud-provider/templates/rbac.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: - - kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system ---- -# Source: nutanix-cloud-provider/templates/cloud-provider-nutanix-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - k8s-app: nutanix-cloud-controller-manager - name: nutanix-cloud-controller-manager - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: nutanix-cloud-controller-manager - strategy: - type: Recreate - template: - metadata: - labels: - k8s-app: nutanix-cloud-controller-manager - spec: - hostNetwork: true - priorityClassName: system-cluster-critical - nodeSelector: - node-role.kubernetes.io/control-plane: "" - serviceAccountName: cloud-controller-manager - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - k8s-app: nutanix-cloud-controller-manager - topologyKey: kubernetes.io/hostname - dnsPolicy: Default - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 120 - - effect: NoExecute - key: node.kubernetes.io/not-ready - operator: Exists - tolerationSeconds: 120 - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - effect: NoSchedule - key: node.kubernetes.io/not-ready - operator: Exists - containers: - - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" - imagePullPolicy: IfNotPresent - name: nutanix-cloud-controller-manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: - - "--leader-elect=true" - - "--cloud-config=/etc/cloud/nutanix_config.json" - resources: - requests: - cpu: 100m - memory: 50Mi - volumeMounts: - - mountPath: /etc/cloud - name: nutanix-config-volume - readOnly: true - volumes: - - name: nutanix-config-volume - configMap: - name: nutanix-config diff --git a/test/e2e/data/infrastructure-nutanix/ccm-update.yaml b/test/e2e/data/infrastructure-nutanix/ccm-update.yaml index f2ca3745b3..10267a002f 100644 --- a/test/e2e/data/infrastructure-nutanix/ccm-update.yaml +++ b/test/e2e/data/infrastructure-nutanix/ccm-update.yaml @@ -189,7 +189,7 @@ data: key: node.kubernetes.io/not-ready operator: Exists containers: - - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.3.2}" + - image: "${CCM_REPO=ghcr.io/nutanix-cloud-native/cloud-provider-nutanix/controller}:${CCM_TAG=v0.4.0}" imagePullPolicy: IfNotPresent name: nutanix-cloud-controller-manager env: