Skip to content

Commit

Permalink
[improvement] : allow CCM to work with different environments in CAPL (
Browse files Browse the repository at this point in the history 
…#614)

* allow CCM to work with different environments

* address review comment

* update other flavors as well for ccm env vars

* add optional env vars for cilium-bgp mode
  • Loading branch information
@rahulait
rahulait authored Jan 10, 2025
1 parent 0ca9ce1 commit 05dd7df
Show file tree
Hide file tree
Showing 11 changed files with 173 additions and 6 deletions.
18 changes: 17 additions & 1 deletion templates/addons/ccm-linode/ccm-linode.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ spec:
repoURL: https://linode.github.io/linode-cloud-controller-manager/
chartName: ccm-linode
namespace: kube-system
version: ${LINODE_CCM_VERSION:=v0.4.21}
version: ${LINODE_CCM_VERSION:=v0.4.22}
options:
waitForJobs: true
wait: true
Expand All @@ -23,3 +23,19 @@ spec:
name: "linode-token-region"
image:
pullPolicy: IfNotPresent
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
9 changes: 8 additions & 1 deletion templates/addons/cluster-resource-set/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,14 @@ stringData:
stringData:
apiToken: ${LINODE_TOKEN}
region: ${LINODE_REGION}
linode-ca.yaml: |-
kind: Secret
apiVersion: v1
metadata:
name: linode-ca
namespace: kube-system
data:
cacert.pem: ${LINODE_CA_BASE64:=""}
---
apiVersion: addons.cluster.x-k8s.io/v1beta1
kind: ClusterResourceSet
Expand All @@ -26,4 +34,3 @@ spec:
- kind: Secret
name: linode-${CLUSTER_NAME}-crs-0
strategy: Reconcile
---
18 changes: 17 additions & 1 deletion templates/flavors/k3s/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,4 +52,20 @@ patches:
secretRef:
name: "linode-token-region"
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
node-role.kubernetes.io/control-plane: "true"
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
16 changes: 16 additions & 0 deletions templates/flavors/k3s/full-vpcless/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,22 @@ patches:
pullPolicy: IfNotPresent
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
- target:
kind: LinodeVPC
patch: |-
Expand Down
16 changes: 16 additions & 0 deletions templates/flavors/k3s/vpcless/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,22 @@ patches:
pullPolicy: IfNotPresent
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
- target:
kind: LinodeVPC
patch: |-
Expand Down
19 changes: 18 additions & 1 deletion templates/flavors/kubeadm/cilium-bgp-lb/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,25 @@ patches:
image:
pullPolicy: IfNotPresent
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: https://api.linode.com/v4beta
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
- name: BGP_PEER_PREFIX
value: ${BGP_PEER_PREFIX:=""}
- name: BGP_CUSTOM_ID_MAP
value: ${BGP_CUSTOM_ID_MAP:=""}
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
transformers:
- |
apiVersion: builtin
Expand Down
16 changes: 16 additions & 0 deletions templates/flavors/kubeadm/full-vpcless/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,22 @@ patches:
name: "linode-token-region"
image:
pullPolicy: IfNotPresent
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
- target:
kind: LinodeVPC
patch: |-
Expand Down
17 changes: 16 additions & 1 deletion templates/flavors/kubeadm/vpcless/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,22 @@ patches:
name: "linode-token-region"
image:
pullPolicy: IfNotPresent
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
- target:
kind: ConfigMap
name: .*-cilium-policy
Expand Down
18 changes: 17 additions & 1 deletion templates/flavors/rke2/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,4 +54,20 @@ patches:
secretRef:
name: "linode-token-region"
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
node-role.kubernetes.io/control-plane: "true"
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
16 changes: 16 additions & 0 deletions templates/flavors/rke2/vlan/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,22 @@ patches:
name: "linode-token-region"
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
- target:
kind: LinodeVPC
patch: |-
Expand Down
16 changes: 16 additions & 0 deletions templates/flavors/rke2/vpcless/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,22 @@ patches:
pullPolicy: IfNotPresent
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
env:
- name: LINODE_EXTERNAL_SUBNET
value: ${LINODE_EXTERNAL_SUBNET:=""}
- name: LINODE_URL
value: ${LINODE_URL:="https://api.linode.com"}
- name: SSL_CERT_DIR
value: "/tls"
volumeMounts:
- name: cacert
mountPath: /tls
readOnly: true
volumes:
- name: cacert
secret:
secretName: linode-ca
defaultMode: 420
- target:
kind: LinodeVPC
patch: |-
Expand Down

0 comments on commit 05dd7df

Please sign in to comment.