From 3555d01c178f4bb9d95fdbad42827c281191a053 Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Tue, 12 Sep 2023 09:35:33 +0300 Subject: [PATCH] update deployments --- _deployments/vars/coredns-local.yaml | 2 +- azure/Makefile | 3 + .../azure-cloud-controller-manager.yaml | 80 ++-- hetzner/Makefile | 6 +- .../cluster-autoscaler-hcloud-result.yaml | 361 ++++++++++++++++++ hetzner/deployments/hcloud-autoscaler.yaml | 257 ++++--------- hetzner/deployments/hcloud-ccm.yaml | 0 ...cloud-cloud-controller-manager-result.yaml | 17 +- .../hcloud-cloud-controller-manager.yaml | 4 +- 9 files changed, 492 insertions(+), 238 deletions(-) create mode 100644 hetzner/deployments/cluster-autoscaler-hcloud-result.yaml create mode 100644 hetzner/deployments/hcloud-ccm.yaml diff --git a/_deployments/vars/coredns-local.yaml b/_deployments/vars/coredns-local.yaml index 613e31f..0b1b56a 100644 --- a/_deployments/vars/coredns-local.yaml +++ b/_deployments/vars/coredns-local.yaml @@ -114,7 +114,7 @@ spec: hostNetwork: true containers: - name: coredns - image: coredns/coredns:1.10.1 + image: coredns/coredns:1.11.1 imagePullPolicy: IfNotPresent resources: limits: diff --git a/azure/Makefile b/azure/Makefile index 72071ca..320d28a 100644 --- a/azure/Makefile +++ b/azure/Makefile @@ -35,6 +35,9 @@ create-templates: @yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json create-deployments: + helm template --namespace=kube-system -f deployments/azure-ccm.yaml azure-cloud-controller-manager \ + cloud-provider-azure > deployments/azure-cloud-controller-manager.yaml + helm template --namespace=kube-system -f deployments/azure-autoscaler.yaml cluster-autoscaler-azure \ autoscaler/cluster-autoscaler > deployments/azure-autoscaler-result.yaml diff --git a/azure/deployments/azure-cloud-controller-manager.yaml b/azure/deployments/azure-cloud-controller-manager.yaml index 3327612..9819717 100644 --- a/azure/deployments/azure-cloud-controller-manager.yaml +++ b/azure/deployments/azure-cloud-controller-manager.yaml @@ -1,13 +1,20 @@ +--- +# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml apiVersion: v1 kind: ServiceAccount metadata: name: azure-cloud-controller-manager namespace: kube-system --- +# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:azure-cloud-controller-manager + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + k8s-app: azure-cloud-controller-manager rules: - apiGroups: - "" @@ -57,12 +64,6 @@ rules: - list - watch - update - - apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create - apiGroups: - "" resources: @@ -98,9 +99,18 @@ rules: - get - create - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch --- -apiVersion: rbac.authorization.k8s.io/v1 +# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: system:azure-cloud-controller-manager roleRef: @@ -112,6 +122,7 @@ subjects: name: azure-cloud-controller-manager namespace: kube-system --- +# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -126,6 +137,7 @@ subjects: name: azure-cloud-controller-manager namespace: kube-system --- +# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml apiVersion: apps/v1 kind: Deployment metadata: @@ -134,62 +146,62 @@ metadata: labels: component: azure-cloud-controller-manager spec: - replicas: 1 - strategy: - type: Recreate selector: matchLabels: tier: control-plane component: azure-cloud-controller-manager + replicas: 1 template: metadata: labels: - tier: control-plane component: azure-cloud-controller-manager + tier: control-plane spec: priorityClassName: system-cluster-critical hostNetwork: true - serviceAccountName: azure-cloud-controller-manager nodeSelector: node-role.kubernetes.io/control-plane: "" - node.cloudprovider.kubernetes.io/platform: azure + serviceAccountName: azure-cloud-controller-manager tolerations: - - key: "node.cloudprovider.kubernetes.io/uninitialized" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/control-plane" - effect: NoSchedule + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + tier: control-plane + component: azure-cloud-controller-manager containers: - name: azure-cloud-controller-manager - image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.5 + image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.8 imagePullPolicy: IfNotPresent command: ["cloud-controller-manager"] args: - - --v=2 - - --cluster-name=$(CLUSTER_NAME) - - --cloud-config=/etc/azure/azure.json - - --cloud-provider=azure - - --allocate-node-cidrs=false + - "--allocate-node-cidrs=false" + - "--cloud-config=/etc/azure/azure.json" + - "--cloud-provider=azure" + - "--cluster-cidr=10.244.0.0/16" + - "--cluster-name=kubernetes" + - "--configure-cloud-routes=false" - --controllers=cloud-node-lifecycle # disable cloud-node controller - - --configure-cloud-routes=false + - "--leader-elect=true" - --leader-elect-resource-name=cloud-controller-manager-azure - - --use-service-account-credentials - # - --bind-address=127.0.0.1 - - --secure-port=10267 - env: - - name: CLUSTER_NAME - value: kubernetes + - "--route-reconciliation-period=10s" + - "--secure-port=10268" + - "--v=2" resources: requests: cpu: 100m memory: 128Mi limits: - cpu: "1" - memory: 512Mi + cpu: 100m + memory: 128Mi livenessProbe: httpGet: path: /healthz - port: 10267 + port: 10268 scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 diff --git a/hetzner/Makefile b/hetzner/Makefile index f6a5408..9871174 100644 --- a/hetzner/Makefile +++ b/hetzner/Makefile @@ -63,8 +63,12 @@ create-secrets: helm-repos: ## add helm repos helm repo add hcloud https://charts.hetzner.cloud + helm repo add autoscaler https://kubernetes.github.io/autoscaler helm repo update create-deployments: - helm template --namespace=kube-system -f deployments/hcloud-cloud-controller-manager.yaml \ + helm template --namespace=kube-system -f deployments/hcloud-ccm.yaml \ hcloud-cloud-controller-manager hcloud/hcloud-cloud-controller-manager > deployments/hcloud-cloud-controller-manager-result.yaml + + helm template --namespace=kube-system -f deployments/hcloud-autoscaler.yaml cluster-autoscaler-hcloud \ + autoscaler/cluster-autoscaler > deployments/hcloud-autoscaler-result.yaml diff --git a/hetzner/deployments/cluster-autoscaler-hcloud-result.yaml b/hetzner/deployments/cluster-autoscaler-hcloud-result.yaml new file mode 100644 index 0000000..1da6e1b --- /dev/null +++ b/hetzner/deployments/cluster-autoscaler-hcloud-result.yaml @@ -0,0 +1,361 @@ +--- +# Source: cluster-autoscaler/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud + namespace: kube-system +spec: + selector: + matchLabels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + + maxUnavailable: 1 +--- +# Source: cluster-autoscaler/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud + namespace: kube-system +automountServiceAccountToken: true +--- +# Source: cluster-autoscaler/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud +rules: + - apiGroups: + - "" + resources: + - events + - endpoints + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/status + verbs: + - update + - apiGroups: + - "" + resources: + - endpoints + resourceNames: + - cluster-autoscaler + verbs: + - get + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - watch + - list + - get + - update + - apiGroups: + - "" + resources: + - namespaces + - pods + - services + - replicationcontrollers + - persistentvolumeclaims + - persistentvolumes + verbs: + - watch + - list + - get + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - watch + - list + - get + - apiGroups: + - batch + - extensions + resources: + - jobs + verbs: + - get + - list + - patch + - watch + - apiGroups: + - extensions + resources: + - replicasets + - daemonsets + verbs: + - watch + - list + - get + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - watch + - list + - apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - watch + - list + - get + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + - csidrivers + - csistoragecapacities + verbs: + - watch + - list + - get + - apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - cluster-autoscaler + resources: + - leases + verbs: + - get + - update +--- +# Source: cluster-autoscaler/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-autoscaler-hcloud +subjects: + - kind: ServiceAccount + name: cluster-autoscaler-hcloud + namespace: kube-system +--- +# Source: cluster-autoscaler/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud + namespace: kube-system +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + - cluster-autoscaler-status + verbs: + - delete + - get + - update +--- +# Source: cluster-autoscaler/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cluster-autoscaler-hcloud +subjects: + - kind: ServiceAccount + name: cluster-autoscaler-hcloud + namespace: kube-system +--- +# Source: cluster-autoscaler/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud + namespace: kube-system +spec: + ports: + - port: 8085 + protocol: TCP + targetPort: 8085 + name: http + selector: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + type: "ClusterIP" +--- +# Source: cluster-autoscaler/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + {} + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + app.kubernetes.io/managed-by: "Helm" + helm.sh/chart: "cluster-autoscaler-9.29.3" + name: cluster-autoscaler-hcloud + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + template: + metadata: + labels: + app.kubernetes.io/instance: "cluster-autoscaler-hcloud" + app.kubernetes.io/name: "hetzner-cluster-autoscaler" + spec: + priorityClassName: "system-cluster-critical" + dnsPolicy: "ClusterFirst" + containers: + - name: hetzner-cluster-autoscaler + image: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.3" + imagePullPolicy: "IfNotPresent" + command: + - ./cluster-autoscaler + - --cloud-provider=hetzner + - --namespace=kube-system + - --nodes=0:2:CPX31:NBG1:worker-nbg1 + - --nodes=0:2:CPX31:FSN1:worker-fsn1 + - --nodes=0:2:CPX31:HEL1:worker-hel1 + - --logtostderr=true + - --node-deletion-delay-timeout=10m0s + - --regional=true + - --scan-interval=3m + - --stderrthreshold=info + - --v=4 + env: + - name: HCLOUD_CLOUD_INIT + valueFrom: + secretKeyRef: + name: hcloud + key: worker + - name: HCLOUD_IMAGE + valueFrom: + secretKeyRef: + name: hcloud + key: image + - name: HCLOUD_NETWORK + valueFrom: + secretKeyRef: + name: hcloud + key: network + - name: HCLOUD_SSH_KEY + valueFrom: + secretKeyRef: + name: hcloud + key: sshkey + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + name: hcloud + key: token + livenessProbe: + httpGet: + path: /health-check + port: 8085 + ports: + - containerPort: 8085 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + nodeSelector: + node-role.kubernetes.io/control-plane: "" + node.cloudprovider.kubernetes.io/platform: hcloud + serviceAccountName: cluster-autoscaler-hcloud + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane diff --git a/hetzner/deployments/hcloud-autoscaler.yaml b/hetzner/deployments/hcloud-autoscaler.yaml index c3b9cce..c133f32 100644 --- a/hetzner/deployments/hcloud-autoscaler.yaml +++ b/hetzner/deployments/hcloud-autoscaler.yaml @@ -1,196 +1,67 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cluster-autoscaler - labels: - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler -rules: - - apiGroups: [""] - resources: ["events", "endpoints"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] - - apiGroups: [""] - resources: ["pods/status"] - verbs: ["update"] - - apiGroups: [""] - resources: ["endpoints"] - resourceNames: ["cluster-autoscaler"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["watch", "list", "get", "update"] - - apiGroups: [""] - resources: - - "namespaces" - - "pods" - - "services" - - "replicationcontrollers" - - "persistentvolumeclaims" - - "persistentvolumes" - verbs: ["watch", "list", "get"] - - apiGroups: ["extensions"] - resources: ["replicasets", "daemonsets"] - verbs: ["watch", "list", "get"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["watch", "list"] - - apiGroups: ["apps"] - resources: ["statefulsets", "replicasets", "daemonsets"] - verbs: ["watch", "list", "get"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "csinodes", "csistoragecapacities", "csidrivers"] - verbs: ["watch", "list", "get"] - - apiGroups: ["batch", "extensions"] - resources: ["jobs"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["create"] - - apiGroups: ["coordination.k8s.io"] - resourceNames: ["cluster-autoscaler"] - resources: ["leases"] - verbs: ["get", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cluster-autoscaler - namespace: kube-system - labels: - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create","list","watch"] - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"] - verbs: ["delete", "get", "update", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cluster-autoscaler - labels: - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-autoscaler -subjects: - - kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system +fullnameOverride: cluster-autoscaler-hcloud +image: + tag: v1.27.3 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cluster-autoscaler - namespace: kube-system - labels: - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cluster-autoscaler -subjects: - - kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system +cloudProvider: hetzner ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cluster-autoscaler - namespace: kube-system - labels: - app: cluster-autoscaler -spec: - replicas: 1 - selector: - matchLabels: - app: cluster-autoscaler - template: - metadata: - labels: - app: cluster-autoscaler - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '8085' - spec: - serviceAccountName: cluster-autoscaler - nodeSelector: - # node-role.kubernetes.io/control-plane: "" - node.cloudprovider.kubernetes.io/platform: hcloud - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - containers: - - name: cluster-autoscaler - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.2 - # image: ghcr.io/sergelogvinov/cluster-autoscaler-amd64:dev - name: cluster-autoscaler - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 300Mi - command: - - ./cluster-autoscaler - - --cloud-provider=hetzner - - --stderrthreshold=info - - --node-deletion-delay-timeout=10m0s - - --scan-interval=3m - - --regional - - --balance-similar-node-groups - - --nodes=0:2:CPX31:NBG1:worker-nbg1 - - --nodes=0:2:CPX31:FSN1:worker-fsn1 - - --nodes=0:2:CPX31:HEL1:worker-hel1 - - --v=2 - env: - - name: HCLOUD_TOKEN - valueFrom: - secretKeyRef: - name: hcloud - key: token - - name: HCLOUD_NETWORK - valueFrom: - secretKeyRef: - name: hcloud - key: network - - name: HCLOUD_SSH_KEY - valueFrom: - secretKeyRef: - name: hcloud - key: sshkey - - name: HCLOUD_IMAGE - valueFrom: - secretKeyRef: - name: hcloud-init - key: image - - name: HCLOUD_CLOUD_INIT - valueFrom: - secretKeyRef: - name: hcloud-init - key: worker +autoscalingGroups: + - name: CPX31:NBG1:worker-nbg1 + maxSize: 2 + minSize: 0 + - name: CPX31:FSN1:worker-fsn1 + maxSize: 2 + minSize: 0 + - name: CPX31:HEL1:worker-hel1 + maxSize: 2 + minSize: 0 + +extraEnvSecrets: + HCLOUD_TOKEN: + name: hcloud + key: token + HCLOUD_NETWORK: + name: hcloud + key: network + HCLOUD_SSH_KEY: + name: hcloud + key: sshkey + HCLOUD_IMAGE: + name: hcloud + key: image + HCLOUD_CLOUD_INIT: + name: hcloud + key: worker + +containerSecurityContext: + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + +extraArgs: + node-deletion-delay-timeout: 10m0s + scan-interval: 3m + regional: true + logtostderr: true + stderrthreshold: info + v: 4 + +priorityClassName: system-cluster-critical + +resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + +nodeSelector: + node-role.kubernetes.io/control-plane: "" + node.cloudprovider.kubernetes.io/platform: hcloud + +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule diff --git a/hetzner/deployments/hcloud-ccm.yaml b/hetzner/deployments/hcloud-ccm.yaml new file mode 100644 index 0000000..e69de29 diff --git a/hetzner/deployments/hcloud-cloud-controller-manager-result.yaml b/hetzner/deployments/hcloud-cloud-controller-manager-result.yaml index 0dd8fbe..20b8d3d 100644 --- a/hetzner/deployments/hcloud-cloud-controller-manager-result.yaml +++ b/hetzner/deployments/hcloud-cloud-controller-manager-result.yaml @@ -3,21 +3,21 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: cloud-controller-manager + name: hcloud-cloud-controller-manager namespace: kube-system --- # Source: hcloud-cloud-controller-manager/templates/clusterrolebinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: system:cloud-controller-manager + name: "system:hcloud-cloud-controller-manager" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount - name: cloud-controller-manager + name: hcloud-cloud-controller-manager namespace: kube-system --- # Source: hcloud-cloud-controller-manager/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: app.kubernetes.io/instance: 'hcloud-cloud-controller-manager' app.kubernetes.io/name: 'hcloud-cloud-controller-manager' spec: - serviceAccountName: cloud-controller-manager + serviceAccountName: hcloud-cloud-controller-manager dnsPolicy: Default tolerations: # Allow HCCM itself to schedule on nodes that have not yet been initialized by HCCM. @@ -65,8 +65,9 @@ spec: - "/bin/hcloud-cloud-controller-manager" - "--allow-untagged-cloud" - "--cloud-provider=hcloud" - - "--leader-elect=false" - "--route-reconciliation-period=30s" + - "--webhook-secure-port=0" + - "--leader-elect=false" env: - name: HCLOUD_TOKEN valueFrom: @@ -77,10 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - name: HCLOUD_METRICS_ENABLED - value: "false" - image: hetznercloud/hcloud-cloud-controller-manager:v1.15.0 + image: hetznercloud/hcloud-cloud-controller-manager:v1.17.2 # x-release-please-version ports: + - name: metrics + containerPort: 8233 resources: requests: cpu: 100m diff --git a/hetzner/deployments/hcloud-cloud-controller-manager.yaml b/hetzner/deployments/hcloud-cloud-controller-manager.yaml index d6d6015..7c0f1a9 100644 --- a/hetzner/deployments/hcloud-cloud-controller-manager.yaml +++ b/hetzner/deployments/hcloud-cloud-controller-manager.yaml @@ -48,7 +48,7 @@ spec: - key: "node-role.kubernetes.io/control-plane" effect: NoSchedule containers: - - image: hetznercloud/hcloud-cloud-controller-manager:v1.15.0 + - image: hetznercloud/hcloud-cloud-controller-manager:v1.17.2 name: hcloud-cloud-controller-manager args: - --cloud-provider=hcloud @@ -78,10 +78,12 @@ spec: - name: ROBOT_USER_NAME valueFrom: secretKeyRef: + optional: true name: hcloud key: user - name: ROBOT_PASSWORD valueFrom: secretKeyRef: + optional: true name: hcloud key: password