diff --git a/charts/openstack-cloud-controller-manager/Chart.lock b/charts/openstack-cloud-controller-manager/Chart.lock new file mode 100644 index 0000000000..9085110c1a --- /dev/null +++ b/charts/openstack-cloud-controller-manager/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.14.1 +digest: sha256:ac04d66e6abb3cfc89f4c10e49d79770c352c510744bc51e3595937721b7f41a +generated: "2024-01-10T10:12:58.796725699+01:00" diff --git a/charts/openstack-cloud-controller-manager/Chart.yaml b/charts/openstack-cloud-controller-manager/Chart.yaml index 00782c7123..2c23035744 100644 --- a/charts/openstack-cloud-controller-manager/Chart.yaml +++ b/charts/openstack-cloud-controller-manager/Chart.yaml @@ -4,7 +4,7 @@ description: Openstack Cloud Controller Manager Helm Chart icon: https://object-storage-ca-ymq-1.vexxhost.net/swift/v1/6e4619c416ff4bd19e1c087f27a43eea/www-images-prod/openstack-logo/OpenStack-Logo-Vertical.png home: https://github.com/kubernetes/cloud-provider-openstack name: openstack-cloud-controller-manager -version: 2.34.2 +version: 2.35.0 maintainers: - name: eumel8 email: f.kloeker@telekom.de diff --git a/charts/openstack-cloud-controller-manager/charts/common-2.14.1.tgz b/charts/openstack-cloud-controller-manager/charts/common-2.14.1.tgz new file mode 100644 index 0000000000..f443a7c4b9 Binary files /dev/null and b/charts/openstack-cloud-controller-manager/charts/common-2.14.1.tgz differ diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrole.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrole.yaml index cf03f8a11a..41e68951d2 100644 --- a/charts/openstack-cloud-controller-manager/templates/clusterrole.yaml +++ b/charts/openstack-cloud-controller-manager/templates/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.splitMode.enabled) (eq .Values.splitMode.type "workload") }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -96,3 +97,4 @@ rules: - list - get - watch +{{- end }} diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-sm.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-sm.yaml index 2b2d160b70..fe5eab5049 100644 --- a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-sm.yaml +++ b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-sm.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceMonitor.enabled }} +{{- if and .Values.serviceMonitor.enabled (or (not .Values.splitMode.enabled) (eq .Values.splitMode.type "management")) }} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding.yaml index 62906bfbca..774f623ee2 100644 --- a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding.yaml +++ b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if or (not .Values.splitMode.enabled) (eq .Values.splitMode.type "workload") }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13,6 +14,12 @@ roleRef: kind: ClusterRole name: {{ .Values.clusterRoleName }} subjects: +{{- if and .Values.splitMode.enabled (eq .Values.splitMode.type "workload") }} +- kind: User + name: {{ .Values.splitMode.subject.name }} +{{- else }} - kind: ServiceAccount name: {{ .Values.serviceAccountName }} namespace: {{ .Release.Namespace | quote }} +{{- end }} +{{- end }} diff --git a/charts/openstack-cloud-controller-manager/templates/daemonset.yaml b/charts/openstack-cloud-controller-manager/templates/controller.yaml similarity index 69% rename from charts/openstack-cloud-controller-manager/templates/daemonset.yaml rename to charts/openstack-cloud-controller-manager/templates/controller.yaml index 40f98ea3f8..2f0c4595a3 100644 --- a/charts/openstack-cloud-controller-manager/templates/daemonset.yaml +++ b/charts/openstack-cloud-controller-manager/templates/controller.yaml @@ -1,5 +1,10 @@ +{{- if or (not .Values.splitMode.enabled) (eq .Values.splitMode.type "management") }} apiVersion: apps/v1 +{{- if .Values.splitMode.enabled }} +kind: Deployment +{{- else }} kind: DaemonSet +{{- end }} metadata: name: {{ include "occm.name" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} @@ -9,11 +14,19 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if .Values.splitMode.enabled }} + replicas: {{ .Values.splitMode.replicas }} + {{- end }} selector: matchLabels: {{- include "occm.controllermanager.matchLabels" . | nindent 6 }} + {{- if .Values.splitMode.enabled }} + strategy: + type: RollingUpdate + {{- else }} updateStrategy: type: RollingUpdate + {{- end }} template: metadata: annotations: @@ -26,10 +39,17 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.splitMode.enabled }} + {{- with .Values.splitMode.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- end }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -42,7 +62,11 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.splitMode.enabled }} + automountServiceAccountToken: false + {{- else }} serviceAccountName: {{ .Values.serviceAccountName }} + {{- end }} containers: - name: openstack-cloud-controller-manager image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" @@ -56,6 +80,10 @@ spec: - --cloud-config=$(CLOUD_CONFIG) - --cluster-name=$(CLUSTER_NAME) - --cloud-provider=openstack + {{- if .Values.splitMode.enabled }} + - --kubeconfig=/etc/kubernetes/kubeconfig + - --leader-elect=true + {{- end }} - --use-service-account-credentials=false - --controllers={{- trimAll "," (include "occm.enabledControllers" . ) -}} {{- if .Values.serviceMonitor.enabled }} @@ -71,10 +99,23 @@ spec: {{- if .Values.serviceMonitor.enabled }} ports: - containerPort: 10258 + {{- if not .Values.splitMode.enabled }} hostPort: 10258 + {{- end }} name: http protocol: TCP {{- end }} + {{- if .Values.splitMode.enabled }} + volumeMounts: {{- toYaml .Values.splitMode.extraVolumeMounts | nindent 12 }} + - mountPath: /etc/kubernetes + name: kubeconfig-volume + readOnly: true + {{- if .Values.secret.enabled }} + - mountPath: /etc/config + name: cloud-config-volume + readOnly: true + {{- end }} + {{- else }} {{- if or (.Values.extraVolumeMounts) (.Values.secret.enabled) }} volumeMounts: {{- end }} @@ -86,6 +127,7 @@ spec: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} + {{- end }} {{- if .Values.livenessProbe }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} @@ -110,11 +152,27 @@ spec: initContainers: {{ toYaml .Values.extraInitContainers | nindent 6 }} {{- end }} dnsPolicy: {{ .Values.dnsPolicy }} + {{- if not .Values.splitMode.enabled }} hostNetwork: true + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} + {{- if .Values.splitMode.enabled }} + volumes: {{- toYaml .Values.splitMode.extraVolumes | nindent 6 }} + - name: kubeconfig-volume + secret: + secretName: {{ .Values.splitMode.kubeconfig.secretName }} + items: + - key: {{ .Values.splitMode.kubeconfig.secretKey }} + path: kubeconfig + {{- if .Values.secret.enabled }} + - name: cloud-config-volume + secret: + secretName: {{ .Values.secret.name }} + {{- end }} + {{- else }} {{- if or (.Values.extraVolumes) (.Values.secret.enabled) }} volumes: {{- end }} @@ -126,3 +184,5 @@ spec: {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | nindent 6 }} {{- end }} + {{- end }} +{{- end }} diff --git a/charts/openstack-cloud-controller-manager/templates/service-sm.yaml b/charts/openstack-cloud-controller-manager/templates/service-sm.yaml index 92b07f865e..b3df823dcb 100644 --- a/charts/openstack-cloud-controller-manager/templates/service-sm.yaml +++ b/charts/openstack-cloud-controller-manager/templates/service-sm.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceMonitor.enabled }} +{{- if and .Values.serviceMonitor.enabled (or (not .Values.splitMode.enabled) (eq .Values.splitMode.type "management")) }} apiVersion: v1 kind: Service metadata: diff --git a/charts/openstack-cloud-controller-manager/templates/serviceaccount.yaml b/charts/openstack-cloud-controller-manager/templates/serviceaccount.yaml index dfac2b15fa..85450da505 100644 --- a/charts/openstack-cloud-controller-manager/templates/serviceaccount.yaml +++ b/charts/openstack-cloud-controller-manager/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.splitMode.enabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -8,3 +9,4 @@ metadata: {{- with .Values.commonAnnotations }} {{- toYaml . | nindent 4 }} {{- end }} +{{- end }} diff --git a/charts/openstack-cloud-controller-manager/templates/servicemonitor.yaml b/charts/openstack-cloud-controller-manager/templates/servicemonitor.yaml index c1d80f127c..5ccd0e2b6d 100644 --- a/charts/openstack-cloud-controller-manager/templates/servicemonitor.yaml +++ b/charts/openstack-cloud-controller-manager/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceMonitor.enabled }} +{{- if and .Values.serviceMonitor.enabled (or (not .Values.splitMode.enabled) (eq .Values.splitMode.type "management")) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/openstack-cloud-controller-manager/values.yaml b/charts/openstack-cloud-controller-manager/values.yaml index d813226992..b89c0c06ff 100644 --- a/charts/openstack-cloud-controller-manager/values.yaml +++ b/charts/openstack-cloud-controller-manager/values.yaml @@ -165,3 +165,33 @@ cluster: clusterRoleName: system:cloud-controller-manager serviceAccountName: cloud-controller-manager + +# External mode configuration +# Enables split deployment across management and workload clusters +splitMode: + # Enable external mode + enabled: false + # Which part to deploy: "management" or "workload" + # - management: Deploys the Deployment (controller) with kubeconfig + # - workload: Deploys only RBAC resources with configurable subject + type: management + + # Management cluster settings (when type=management) + kubeconfig: + # Name of the pre-existing secret containing kubeconfig + secretName: "" + # Key in the secret containing the kubeconfig data + secretKey: value + # Number of replicas for the Deployment + replicas: 1 + # Node selector for external mode Deployment + nodeSelector: {} + # Extra volumes for external mode + extraVolumes: [] + # Extra volume mounts for external mode + extraVolumeMounts: [] + + # Workload cluster settings (when type=workload) + # Subject for the ClusterRoleBinding + subject: + name: openstack-cloud-controller-manager