diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04e1b93..34f6972 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,40 @@
+
+## [v1.8.0](https://github.com/siderolabs/talos-cloud-controller-manager/compare/v1.6.0...v1.8.0) (2024-09-24)
+
+Welcome to the v1.8.0 release of Talos CCM!
+
+### Features
+- gcp spot instances
+- node ipam controller
+- prefer permanent ipv6
+- transformer functions
+- expose metrics
+- node transformer feature flags
+- node transformer
+
+### Changelog
+
+* 8350f49 chore: bump deps
+* 01145da docs: update deploy documentation
+* 09a5b9e refactor: csr approval controller
+* 31c9b5b docs: split readme file
+* 122019a chore: bump deps
+* 326fc53 feat: gcp spot instances
+* e1a0e0e feat: node ipam controller
+* 3b20bb0 refactor: contextual logging
+* 3a4ae03 feat: prefer permanent ipv6
+* 7dac5b8 fix: set priorityClassName
+* 53034c8 chore: clean flag
+* 9dde8aa fix: empty terms
+* 749a01d fix: make possible mutate provider-id
+* c0988a3 docs: add config documentation
+* 386958d feat: transformer functions
+* 0e8728c feat: expose metrics
+* 0faf0ae fix: refresh talos token
+* 85e2022 feat: node transformer feature flags
+* 22e3984 feat: node transformer
+
## [v1.6.0](https://github.com/siderolabs/talos-cloud-controller-manager/compare/v1.4.0...v1.6.0) (2024-04-21)
diff --git a/charts/talos-cloud-controller-manager/Chart.yaml b/charts/talos-cloud-controller-manager/Chart.yaml
index c597e7b..a86d195 100644
--- a/charts/talos-cloud-controller-manager/Chart.yaml
+++ b/charts/talos-cloud-controller-manager/Chart.yaml
@@ -11,5 +11,5 @@ keywords:
maintainers:
- name: sergelogvinov
url: https://github.com/sergelogvinov
-version: 0.4.1
-appVersion: "v1.6.0"
+version: 0.4.2
+appVersion: "v1.8.0"
diff --git a/charts/talos-cloud-controller-manager/README.md b/charts/talos-cloud-controller-manager/README.md
index 0b21ee2..6b3a4aa 100644
--- a/charts/talos-cloud-controller-manager/README.md
+++ b/charts/talos-cloud-controller-manager/README.md
@@ -1,6 +1,6 @@
# talos-cloud-controller-manager
-  
+  
Talos Cloud Controller Manager Helm Chart
@@ -20,6 +20,37 @@ Talos Cloud Controller Manager Helm Chart
Kubernetes: `>= 1.24.0`
+## Talos machine config
+
+The control plane configuration should be set with the following settings:
+
+```yaml
+machine:
+ kubelet:
+ extraArgs:
+ cloud-provider: external
+ # For security reasons, it is recommended to enable the rotation of server certificates.
+ rotate-server-certificates: true
+ features:
+ kubernetesTalosAPIAccess:
+ enabled: true
+ allowedRoles:
+ - os:reader
+ allowedKubernetesNamespaces:
+ - kube-system
+```
+
+The worker nodes configuration should include the following settings:
+
+```yaml
+machine:
+ kubelet:
+ extraArgs:
+ cloud-provider: external
+ # For security reasons, it is recommended to enable the rotation of server certificates.
+ rotate-server-certificates: true
+```
+
## Deploy example
```yaml
@@ -51,7 +82,7 @@ helm upgrade -i --namespace=kube-system -f talos-ccm.yaml \
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
-| enabledControllers | list | `["cloud-node"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node, cloud-node-lifecycle, node-csr-approval, node-ipam-controller` controllers. |
+| enabledControllers | list | `["cloud-node","node-csr-approval"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node, cloud-node-lifecycle, node-csr-approval, node-ipam-controller` controllers. |
| extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager |
| fullnameOverride | string | `""` | String to fully override deployment name. |
| image.pullPolicy | string | `"IfNotPresent"` | Pull policy: IfNotPresent or Always. |
diff --git a/charts/talos-cloud-controller-manager/README.md.gotmpl b/charts/talos-cloud-controller-manager/README.md.gotmpl
index 1482b1e..3afbef2 100644
--- a/charts/talos-cloud-controller-manager/README.md.gotmpl
+++ b/charts/talos-cloud-controller-manager/README.md.gotmpl
@@ -14,6 +14,37 @@
{{ template "chart.requirementsSection" . }}
+## Talos machine config
+
+The control plane configuration should be set with the following settings:
+
+```yaml
+machine:
+ kubelet:
+ extraArgs:
+ cloud-provider: external
+ # For security reasons, it is recommended to enable the rotation of server certificates.
+ rotate-server-certificates: true
+ features:
+ kubernetesTalosAPIAccess:
+ enabled: true
+ allowedRoles:
+ - os:reader
+ allowedKubernetesNamespaces:
+ - kube-system
+```
+
+The worker nodes configuration should include the following settings:
+
+```yaml
+machine:
+ kubelet:
+ extraArgs:
+ cloud-provider: external
+ # For security reasons, it is recommended to enable the rotation of server certificates.
+ rotate-server-certificates: true
+```
+
## Deploy example
```yaml
diff --git a/charts/talos-cloud-controller-manager/values.yaml b/charts/talos-cloud-controller-manager/values.yaml
index a96bcec..5710ebb 100644
--- a/charts/talos-cloud-controller-manager/values.yaml
+++ b/charts/talos-cloud-controller-manager/values.yaml
@@ -38,7 +38,7 @@ enabledControllers:
# - cloud-node-lifecycle
# - route
# - service
- # - node-csr-approval
+ - node-csr-approval
# - node-ipam-controller
# -- List of node transformations.
diff --git a/docs/deploy/cloud-controller-manager-daemonset-edge.yml b/docs/deploy/cloud-controller-manager-daemonset-edge.yml
index 7d10de6..82b85ac 100644
--- a/docs/deploy/cloud-controller-manager-daemonset-edge.yml
+++ b/docs/deploy/cloud-controller-manager-daemonset-edge.yml
@@ -5,10 +5,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
---
@@ -18,10 +18,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager-talos-secrets
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -34,10 +34,10 @@ kind: ConfigMap
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
data:
@@ -50,10 +50,10 @@ kind: ClusterRole
metadata:
name: system:talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
@@ -158,10 +158,10 @@ kind: Service
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -182,10 +182,10 @@ kind: DaemonSet
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -227,7 +227,7 @@ spec:
- --v=2
- --cloud-provider=talos
- --cloud-config=/etc/talos/ccm-config.yaml
- - --controllers=cloud-node
+ - --controllers=cloud-node,node-csr-approval
- --leader-elect-resource-name=cloud-controller-manager-talos
- --use-service-account-credentials
- --secure-port=50258
diff --git a/docs/deploy/cloud-controller-manager-daemonset.yml b/docs/deploy/cloud-controller-manager-daemonset.yml
index a125f95..0d9a187 100644
--- a/docs/deploy/cloud-controller-manager-daemonset.yml
+++ b/docs/deploy/cloud-controller-manager-daemonset.yml
@@ -5,10 +5,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
---
@@ -18,10 +18,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager-talos-secrets
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -34,16 +34,15 @@ kind: ConfigMap
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
data:
ccm-config.yaml: |
global:
- approveNodeCSR: true
---
# Source: talos-cloud-controller-manager/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
@@ -51,10 +50,10 @@ kind: ClusterRole
metadata:
name: system:talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
@@ -159,17 +158,17 @@ kind: Service
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
clusterIP: None
type: ClusterIP
ports:
- - name: https
+ - name: metrics
port: 50258
targetPort: 50258
protocol: TCP
@@ -183,10 +182,10 @@ kind: DaemonSet
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -211,6 +210,7 @@ spec:
runAsUser: 10258
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
+ priorityClassName: system-cluster-critical
containers:
- name: talos-cloud-controller-manager
securityContext:
@@ -220,17 +220,18 @@ spec:
- ALL
seccompProfile:
type: RuntimeDefault
- image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.6.0"
+ image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.8.0"
imagePullPolicy: IfNotPresent
command: ["/talos-cloud-controller-manager"]
args:
- --v=2
- --cloud-provider=talos
- --cloud-config=/etc/talos/ccm-config.yaml
- - --controllers=cloud-node
+ - --controllers=cloud-node,node-csr-approval
- --leader-elect-resource-name=cloud-controller-manager-talos
- --use-service-account-credentials
- --secure-port=50258
+ - --authorization-always-allow-paths=/healthz,/livez,/readyz,/metrics
env:
- name: TALOS_ENDPOINTS
valueFrom:
@@ -243,13 +244,13 @@ spec:
- name: KUBERNETES_SERVICE_PORT
value: "6443"
ports:
- - containerPort: 50258
- name: https
+ - name: metrics
+ containerPort: 50258
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
- port: https
+ port: metrics
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 30
diff --git a/docs/deploy/cloud-controller-manager-edge.yml b/docs/deploy/cloud-controller-manager-edge.yml
index 7705239..beb01bb 100644
--- a/docs/deploy/cloud-controller-manager-edge.yml
+++ b/docs/deploy/cloud-controller-manager-edge.yml
@@ -5,10 +5,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
---
@@ -18,10 +18,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager-talos-secrets
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -34,10 +34,10 @@ kind: ConfigMap
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
data:
@@ -50,10 +50,10 @@ kind: ClusterRole
metadata:
name: system:talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
@@ -158,10 +158,10 @@ kind: Service
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -182,10 +182,10 @@ kind: Deployment
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.4.1
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -226,7 +226,7 @@ spec:
- --v=2
- --cloud-provider=talos
- --cloud-config=/etc/talos/ccm-config.yaml
- - --controllers=cloud-node
+ - --controllers=cloud-node,node-csr-approval
- --leader-elect-resource-name=cloud-controller-manager-talos
- --use-service-account-credentials
- --secure-port=50258
diff --git a/docs/deploy/cloud-controller-manager.yml b/docs/deploy/cloud-controller-manager.yml
index 6b61731..fc0e7b9 100644
--- a/docs/deploy/cloud-controller-manager.yml
+++ b/docs/deploy/cloud-controller-manager.yml
@@ -5,10 +5,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
---
@@ -18,10 +18,10 @@ kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager-talos-secrets
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -34,16 +34,15 @@ kind: ConfigMap
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
data:
ccm-config.yaml: |
global:
- approveNodeCSR: true
---
# Source: talos-cloud-controller-manager/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
@@ -51,10 +50,10 @@ kind: ClusterRole
metadata:
name: system:talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
@@ -159,17 +158,17 @@ kind: Service
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
clusterIP: None
type: ClusterIP
ports:
- - name: https
+ - name: metrics
port: 50258
targetPort: 50258
protocol: TCP
@@ -183,10 +182,10 @@ kind: Deployment
metadata:
name: talos-cloud-controller-manager
labels:
- helm.sh/chart: talos-cloud-controller-manager-0.3.0
+ helm.sh/chart: talos-cloud-controller-manager-0.4.2
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
- app.kubernetes.io/version: "v1.6.0"
+ app.kubernetes.io/version: "v1.8.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
@@ -210,6 +209,7 @@ spec:
runAsGroup: 10258
runAsNonRoot: true
runAsUser: 10258
+ priorityClassName: system-cluster-critical
containers:
- name: talos-cloud-controller-manager
securityContext:
@@ -219,25 +219,26 @@ spec:
- ALL
seccompProfile:
type: RuntimeDefault
- image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.6.0"
+ image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.8.0"
imagePullPolicy: IfNotPresent
command: ["/talos-cloud-controller-manager"]
args:
- --v=2
- --cloud-provider=talos
- --cloud-config=/etc/talos/ccm-config.yaml
- - --controllers=cloud-node
+ - --controllers=cloud-node,node-csr-approval
- --leader-elect-resource-name=cloud-controller-manager-talos
- --use-service-account-credentials
- --secure-port=50258
+ - --authorization-always-allow-paths=/healthz,/livez,/readyz,/metrics
ports:
- - containerPort: 50258
- name: https
+ - name: metrics
+ containerPort: 50258
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
- port: https
+ port: metrics
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 30