Replace the DigitalOcean CCM Go template with an embedded addon (#1396)

* Add DigitalOcean CCM addon Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com> * Ensure DO CCM addon Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com> * Remove the DO CCM Go template Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com> * Ignore DO CCM when deploying user-provided addons Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
kubermatic · Jun 23, 2021 · 9b04860 · 9b04860
1 parent b9ca676
commit 9b04860
Show file tree

Hide file tree

Showing 5 changed files with 147 additions and 216 deletions.
diff --git a/addons/ccm-digitalocean/ccm-digitalocean.yaml b/addons/ccm-digitalocean/ccm-digitalocean.yaml
@@ -0,0 +1,140 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: digitalocean-cloud-controller-manager
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: digitalocean-cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        app: digitalocean-cloud-controller-manager
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      dnsPolicy: Default
+      serviceAccountName: cloud-controller-manager
+      tolerations:
+        # this taint is set by all kubelets running `--cloud-provider=external`
+        # so we should tolerate it to schedule the digitalocean ccm
+        - key: "node.cloudprovider.kubernetes.io/uninitialized"
+          value: "true"
+          effect: "NoSchedule"
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        # cloud controller manages should be able to run on masters
+        - key: "node-role.kubernetes.io/master"
+          operator: "Exists"
+          effect: NoSchedule
+      containers:
+      - image: {{ Registry "docker.io" }}/digitalocean/digitalocean-cloud-controller-manager:v0.1.23
+        name: digitalocean-cloud-controller-manager
+        command:
+          - "/bin/digitalocean-cloud-controller-manager"
+          - "--leader-elect=false"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+        env:
+          - name: DO_ACCESS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: cloud-provider-credentials
+                key: DO_TOKEN
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:cloud-controller-manager
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
+- kind: ServiceAccount
+  name: cloud-controller-manager
+  namespace: kube-system
diff --git a/pkg/addons/ensure.go b/pkg/addons/ensure.go
@@ -26,6 +26,7 @@ import (
 	kubeoneapi "k8c.io/kubeone/pkg/apis/kubeone"
 	"k8c.io/kubeone/pkg/ssh"
 	"k8c.io/kubeone/pkg/state"
+	"k8c.io/kubeone/pkg/templates/resources"
 )
 
 const (
@@ -37,7 +38,7 @@ var (
 	// embeddedAddons is a list of addons that are embedded in the KubeOne
 	// binary. Those addons are skipped when applying the user-provided addons
 	embeddedAddons = map[string]string{
-		"test-addon": "",
+		resources.AddonCCMDigitalOcean: "",
 	}
 )
 

diff --git a/pkg/templates/externalccm/ccm.go b/pkg/templates/externalccm/ccm.go
@@ -22,7 +22,9 @@ import (
 
 	"github.com/pkg/errors"
 
+	"k8c.io/kubeone/pkg/addons"
 	"k8c.io/kubeone/pkg/state"
+	"k8c.io/kubeone/pkg/templates/resources"
 
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -48,7 +50,7 @@ func Ensure(s *state.State) error {
 	case s.Cluster.CloudProvider.Hetzner != nil:
 		err = ensureHetzner(s)
 	case s.Cluster.CloudProvider.DigitalOcean != nil:
-		err = ensureDigitalOcean(s)
+		err = addons.EnsureAddonByName(s, resources.AddonCCMDigitalOcean)
 	case s.Cluster.CloudProvider.Packet != nil:
 		err = ensurePacket(s)
 	case s.Cluster.CloudProvider.Openstack != nil:

diff --git a/pkg/templates/externalccm/digitalocean.go b/pkg/templates/externalccm/digitalocean.go