update deployments

sergelogvinov · Sep 12, 2023 · 3555d01 · 3555d01
1 parent 127c2d1
commit 3555d01
Show file tree

Hide file tree

Showing 9 changed files with 492 additions and 238 deletions.
diff --git a/_deployments/vars/coredns-local.yaml b/_deployments/vars/coredns-local.yaml
@@ -114,7 +114,7 @@ spec:
       hostNetwork: true
       containers:
       - name: coredns
-        image: coredns/coredns:1.10.1
+        image: coredns/coredns:1.11.1
         imagePullPolicy: IfNotPresent
         resources:
           limits:

diff --git a/azure/Makefile b/azure/Makefile
@@ -35,6 +35,9 @@ create-templates:
 	@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
 
 create-deployments:
+	helm template --namespace=kube-system -f deployments/azure-ccm.yaml azure-cloud-controller-manager \
+		cloud-provider-azure > deployments/azure-cloud-controller-manager.yaml
+
 	helm template --namespace=kube-system -f deployments/azure-autoscaler.yaml cluster-autoscaler-azure \
 		autoscaler/cluster-autoscaler > deployments/azure-autoscaler-result.yaml
 

diff --git a/azure/deployments/azure-cloud-controller-manager.yaml b/azure/deployments/azure-cloud-controller-manager.yaml
@@ -1,13 +1,20 @@
+---
+# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: azure-cloud-controller-manager
   namespace: kube-system
 ---
+# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: system:azure-cloud-controller-manager
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    k8s-app: azure-cloud-controller-manager
 rules:
   - apiGroups:
       - ""
@@ -57,12 +64,6 @@ rules:
       - list
       - watch
       - update
-  - apiGroups:
-      - ""
-    resources:
-      - serviceaccounts/token
-    verbs:
-      - create
   - apiGroups:
       - ""
     resources:
@@ -98,9 +99,18 @@ rules:
       - get
       - create
       - update
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
+      - watch
 ---
-apiVersion: rbac.authorization.k8s.io/v1
+# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
 kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: system:azure-cloud-controller-manager
 roleRef:
@@ -112,6 +122,7 @@ subjects:
     name: azure-cloud-controller-manager
     namespace: kube-system
 ---
+# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
@@ -126,6 +137,7 @@ subjects:
     name: azure-cloud-controller-manager
     namespace: kube-system
 ---
+# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -134,62 +146,62 @@ metadata:
   labels:
     component: azure-cloud-controller-manager
 spec:
-  replicas: 1
-  strategy:
-    type: Recreate
   selector:
     matchLabels:
       tier: control-plane
       component: azure-cloud-controller-manager
+  replicas: 1
   template:
     metadata:
       labels:
-        tier: control-plane
         component: azure-cloud-controller-manager
+        tier: control-plane
     spec:
       priorityClassName: system-cluster-critical
       hostNetwork: true
-      serviceAccountName: azure-cloud-controller-manager
       nodeSelector:
         node-role.kubernetes.io/control-plane: ""
-        node.cloudprovider.kubernetes.io/platform: azure
+      serviceAccountName: azure-cloud-controller-manager
       tolerations:
-        - key: "node.cloudprovider.kubernetes.io/uninitialized"
-          value: "true"
-          effect: "NoSchedule"
-        - key: "node-role.kubernetes.io/control-plane"
-          effect: NoSchedule
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+      topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+        labelSelector:
+          matchLabels:
+            tier: control-plane
+            component: azure-cloud-controller-manager
       containers:
         - name: azure-cloud-controller-manager
-          image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.5
+          image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.8
           imagePullPolicy: IfNotPresent
           command: ["cloud-controller-manager"]
           args:
-            - --v=2
-            - --cluster-name=$(CLUSTER_NAME)
-            - --cloud-config=/etc/azure/azure.json
-            - --cloud-provider=azure
-            - --allocate-node-cidrs=false
+            - "--allocate-node-cidrs=false"
+            - "--cloud-config=/etc/azure/azure.json"
+            - "--cloud-provider=azure"
+            - "--cluster-cidr=10.244.0.0/16"
+            - "--cluster-name=kubernetes"
+            - "--configure-cloud-routes=false"
             - --controllers=cloud-node-lifecycle # disable cloud-node controller
-            - --configure-cloud-routes=false
+            - "--leader-elect=true"
             - --leader-elect-resource-name=cloud-controller-manager-azure
-            - --use-service-account-credentials
-            # - --bind-address=127.0.0.1
-            - --secure-port=10267
-          env:
-            - name: CLUSTER_NAME
-              value: kubernetes
+            - "--route-reconciliation-period=10s"
+            - "--secure-port=10268"
+            - "--v=2"
           resources:
             requests:
               cpu: 100m
               memory: 128Mi
             limits:
-              cpu: "1"
-              memory: 512Mi
+              cpu: 100m
+              memory: 128Mi
           livenessProbe:
             httpGet:
               path: /healthz
-              port: 10267
+              port: 10268
               scheme: HTTPS
             initialDelaySeconds: 20
             periodSeconds: 10

diff --git a/hetzner/Makefile b/hetzner/Makefile
@@ -63,8 +63,12 @@ create-secrets:
 
 helm-repos: ## add helm repos
 	helm repo add hcloud               https://charts.hetzner.cloud
+	helm repo add autoscaler           https://kubernetes.github.io/autoscaler
 	helm repo update
 
 create-deployments:
-	helm template --namespace=kube-system -f deployments/hcloud-cloud-controller-manager.yaml \
+	helm template --namespace=kube-system -f deployments/hcloud-ccm.yaml \
 		hcloud-cloud-controller-manager hcloud/hcloud-cloud-controller-manager > deployments/hcloud-cloud-controller-manager-result.yaml
+
+	helm template --namespace=kube-system -f deployments/hcloud-autoscaler.yaml cluster-autoscaler-hcloud \
+		autoscaler/cluster-autoscaler > deployments/hcloud-autoscaler-result.yaml