github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Turn on CCM in kube-up when cloudprovider=external

Browse Source 
Currently if we disable cloud provider by the following
CLOUD_PROVIDER_FLAG=external
KUBE_FEATURE_GATES=DisableCloudProviders=true,DisableKubeletCloudCredentialProviders=true
we can no longer schedule workloads due to taints and a lack of
node configuration.
This pulls a CCM image from K/cloud-provider-gcp to run tests.
This is a pre-step for taking the above feature gates to beta.
It does not address the last known good dependency issue.
Specifically the CCM image is built on top of client-go and staging.
However this image will be an "old" verison of those libraries.
So it does not test if those libraries work in the CCM.

Fix shellcheck errors.
Add CCM_FEATURE_GATES for testing.
Switching to extended regex from perl regex.
Adding instrumentation to cluster configuration.
Improved regex to not greedily get key-value pairs.
Fixed issue with error on regex no line match.
Switch credentialprovider version to v1alpha1
This commit is contained in:
Walter Fender
2022-10-21 14:36:05 -07:00
parent 3b6b8f9101
commit 99156b5bdc
10 changed files with 520 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
cluster/addons/cloud-controller-manager/cloud-node-controller-binding.yaml Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system::leader-locking-cloud-controller-manager
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: system::leader-locking-cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-controller-manager
subjects:
- kind: User
apiGroup: rbac.authorization.k8s.io
name: system:cloud-controller-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:controller:cloud-node-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:controller:cloud-node-controller
subjects:
- kind: ServiceAccount
name: cloud-node-controller
namespace: kube-system

212
cluster/addons/cloud-controller-manager/cloud-node-controller-role.yaml Normal file
View File

@@ -0,0 +1,212 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:cloud-controller-manager
rules:
- apiGroups:
- ""
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- cloud-controller-manager
resources:
- leases
verbs:
- get
- update
- apiGroups:
- ""
resources:
- endpoints
- serviceaccounts
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- update
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- update
- apiGroups:
- "authentication.k8s.io"
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- "*"
resources:
- "*"
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ""
resources:
- namespaces
- configmaps
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:cloud-controller-manager
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- watch
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- cloud-controller-manager
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system::leader-locking-cloud-controller-manager
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- watch
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- cloud-controller-manager
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:controller:cloud-node-controller
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- update
- delete
- patch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- get
- list
- update
- delete
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- pods/status
verbs:
- list
- delete

23
cluster/addons/cloud-controller-manager/pvl-controller-role.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
name: system:controller:pvl-controller
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- persistentvolumes
verbs:
- list
- watch