chore: release v1.8.0

Prepare release v1.8.0

Signed-off-by: Serge Logvinov <[email protected]>

CHANGELOG.md

@@ -1,4 +1,40 @@
 
+<a name="v1.8.0"></a>
+## [v1.8.0](https://github.com/siderolabs/talos-cloud-controller-manager/compare/v1.6.0...v1.8.0) (2024-09-24)
+
+Welcome to the v1.8.0 release of Talos CCM!
+
+### Features
+- gcp spot instances
+- node ipam controller
+- prefer permanent ipv6
+- transformer functions
+- expose metrics
+- node transformer feature flags
+- node transformer
+
+### Changelog
+
+* 8350f49 chore: bump deps
+* 01145da docs: update deploy documentation
+* 09a5b9e refactor: csr approval controller
+* 31c9b5b docs: split readme file
+* 122019a chore: bump deps
+* 326fc53 feat: gcp spot instances
+* e1a0e0e feat: node ipam controller
+* 3b20bb0 refactor: contextual logging
+* 3a4ae03 feat: prefer permanent ipv6
+* 7dac5b8 fix: set priorityClassName
+* 53034c8 chore: clean flag
+* 9dde8aa fix: empty terms
+* 749a01d fix: make possible mutate provider-id
+* c0988a3 docs: add config documentation
+* 386958d feat: transformer functions
+* 0e8728c feat: expose metrics
+* 0faf0ae fix: refresh talos token
+* 85e2022 feat: node transformer feature flags
+* 22e3984 feat: node transformer
+
 <a name="v1.6.0"></a>
 ## [v1.6.0](https://github.com/siderolabs/talos-cloud-controller-manager/compare/v1.4.0...v1.6.0) (2024-04-21)
 

charts/talos-cloud-controller-manager/Chart.yaml

@@ -11,5 +11,5 @@ keywords:
 maintainers:
   - name: sergelogvinov
     url: https://github.com/sergelogvinov
-version: 0.4.1
-appVersion: "v1.6.0"
+version: 0.4.2
+appVersion: "v1.8.0"

charts/talos-cloud-controller-manager/README.md

@@ -1,6 +1,6 @@
 # talos-cloud-controller-manager
 
-![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.6.0](https://img.shields.io/badge/AppVersion-v1.6.0-informational?style=flat-square)
+![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.8.0](https://img.shields.io/badge/AppVersion-v1.8.0-informational?style=flat-square)
 
 Talos Cloud Controller Manager Helm Chart
 
@@ -20,6 +20,37 @@ Talos Cloud Controller Manager Helm Chart
 
 Kubernetes: `>= 1.24.0`
 
+## Talos machine config
+
+The control plane configuration should be set with the following settings:
+
+```yaml
+machine:
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      # For security reasons, it is recommended to enable the rotation of server certificates.
+      rotate-server-certificates: true
+  features:
+    kubernetesTalosAPIAccess:
+      enabled: true
+      allowedRoles:
+        - os:reader
+      allowedKubernetesNamespaces:
+        - kube-system
+```
+
+The worker nodes configuration should include the following settings:
+
+```yaml
+machine:
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      # For security reasons, it is recommended to enable the rotation of server certificates.
+      rotate-server-certificates: true
+```
+
 ## Deploy example
 
 ```yaml
@@ -51,7 +82,7 @@ helm upgrade -i --namespace=kube-system -f talos-ccm.yaml \
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
-| enabledControllers | list | `["cloud-node"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node, cloud-node-lifecycle, node-csr-approval, node-ipam-controller` controllers. |
+| enabledControllers | list | `["cloud-node","node-csr-approval"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node, cloud-node-lifecycle, node-csr-approval, node-ipam-controller` controllers. |
 | extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager |
 | fullnameOverride | string | `""` | String to fully override deployment name. |
 | image.pullPolicy | string | `"IfNotPresent"` | Pull policy: IfNotPresent or Always. |

charts/talos-cloud-controller-manager/README.md.gotmpl

@@ -14,6 +14,37 @@
 
 {{ template "chart.requirementsSection" . }}
 
+## Talos machine config
+
+The control plane configuration should be set with the following settings:
+
+```yaml
+machine:
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      # For security reasons, it is recommended to enable the rotation of server certificates.
+      rotate-server-certificates: true
+  features:
+    kubernetesTalosAPIAccess:
+      enabled: true
+      allowedRoles:
+        - os:reader
+      allowedKubernetesNamespaces:
+        - kube-system
+```
+
+The worker nodes configuration should include the following settings:
+
+```yaml
+machine:
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      # For security reasons, it is recommended to enable the rotation of server certificates.
+      rotate-server-certificates: true
+```
+
 ## Deploy example
 
 ```yaml

charts/talos-cloud-controller-manager/values.yaml

@@ -38,7 +38,7 @@ enabledControllers:
   # - cloud-node-lifecycle
   # - route
   # - service
-  # - node-csr-approval
+  - node-csr-approval
   # - node-ipam-controller
 
 # -- List of node transformations.

docs/deploy/cloud-controller-manager-daemonset-edge.yml

@@ -5,10 +5,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.4.1
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 ---
@@ -18,10 +18,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager-talos-secrets
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.4.1
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -34,10 +34,10 @@ kind: ConfigMap
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.4.1
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 data:
@@ -50,10 +50,10 @@ kind: ClusterRole
 metadata:
   name: system:talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.4.1
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:
@@ -158,10 +158,10 @@ kind: Service
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.4.1
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -182,10 +182,10 @@ kind: DaemonSet
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.4.1
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -227,7 +227,7 @@ spec:
             - --v=2
             - --cloud-provider=talos
             - --cloud-config=/etc/talos/ccm-config.yaml
-            - --controllers=cloud-node
+            - --controllers=cloud-node,node-csr-approval
             - --leader-elect-resource-name=cloud-controller-manager-talos
             - --use-service-account-credentials
             - --secure-port=50258

docs/deploy/cloud-controller-manager-daemonset.yml

@@ -5,10 +5,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.3.0
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 ---
@@ -18,10 +18,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager-talos-secrets
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.3.0
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -34,27 +34,26 @@ kind: ConfigMap
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.3.0
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 data:
   ccm-config.yaml: |
     global:
-      approveNodeCSR: true
 ---
 # Source: talos-cloud-controller-manager/templates/role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: system:talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.3.0
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:
@@ -159,17 +158,17 @@ kind: Service
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.3.0
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
   clusterIP: None
   type: ClusterIP
   ports:
-    - name: https
+    - name: metrics
       port: 50258
       targetPort: 50258
       protocol: TCP
@@ -183,10 +182,10 @@ kind: DaemonSet
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.3.0
+    helm.sh/chart: talos-cloud-controller-manager-0.4.2
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "v1.6.0"
+    app.kubernetes.io/version: "v1.8.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -211,6 +210,7 @@ spec:
         runAsUser: 10258
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
+      priorityClassName: system-cluster-critical
       containers:
         - name: talos-cloud-controller-manager
           securityContext:
@@ -220,17 +220,18 @@ spec:
               - ALL
             seccompProfile:
               type: RuntimeDefault
-          image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.6.0"
+          image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/talos-cloud-controller-manager"]
           args:
             - --v=2
             - --cloud-provider=talos
             - --cloud-config=/etc/talos/ccm-config.yaml
-            - --controllers=cloud-node
+            - --controllers=cloud-node,node-csr-approval
             - --leader-elect-resource-name=cloud-controller-manager-talos
             - --use-service-account-credentials
             - --secure-port=50258
+            - --authorization-always-allow-paths=/healthz,/livez,/readyz,/metrics
           env:
             - name: TALOS_ENDPOINTS
               valueFrom:
@@ -243,13 +244,13 @@ spec:
             - name: KUBERNETES_SERVICE_PORT
               value: "6443"
           ports:
-            - containerPort: 50258
-              name: https
+            - name: metrics
+              containerPort: 50258
               protocol: TCP
           livenessProbe:
             httpGet:
               path: /healthz
-              port: https
+              port: metrics
               scheme: HTTPS
             initialDelaySeconds: 20
             periodSeconds: 30