diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..6aa1132 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,16 @@ +# Contributing + +## Developer Certificate of Origin + +All commits require a [DCO](https://developercertificate.org/) sign-off. +This is done by committing with the `--signoff` flag. + +## Development + +The build process for this project is designed to run entirely in containers. +To get started, run `make help` and follow the instructions. + +## Conformance + +To verify conformance status, run `make conformance`. +This runs a series of tests on the working tree and is required to pass before a contribution is accepted. diff --git a/Makefile b/Makefile index 7b2b750..6b370ee 100644 --- a/Makefile +++ b/Makefile @@ -85,12 +85,13 @@ helm-unit: ## Helm Unit Tests docs: helm template -n kube-system proxmox-cloud-controller-manager \ -f charts/proxmox-cloud-controller-manager/values.edge.yaml \ + --set-string image.tag=$(TAG) \ charts/proxmox-cloud-controller-manager > docs/deploy/cloud-controller-manager.yml helm template -n kube-system proxmox-cloud-controller-manager \ -f charts/proxmox-cloud-controller-manager/values.talos.yaml \ --set-string image.tag=$(TAG) \ charts/proxmox-cloud-controller-manager > docs/deploy/cloud-controller-manager-talos.yml - helm-docs charts/proxmox-cloud-controller-manager + helm-docs --sort-values-order=file charts/proxmox-cloud-controller-manager release-update: git-chglog --config hack/chglog-config.yml -o CHANGELOG.md diff --git a/README.md b/README.md index 3ada506..8ebacce 100644 --- a/README.md +++ b/README.md @@ -74,26 +74,10 @@ pveum user token add kubernetes@pve ccm -privsep 0 ## Deploy CCM -### Method 1: kubectl - -Deploy Proxmox CCM - -```shell -kubectl apply -f https://raw.githubusercontent.com/sergelogvinov/proxmox-cloud-controller-manager/main/docs/deploy/cloud-controller-manager.yml -``` - -Change the proxmox credentials - -```shell -kubectl -n kube-system edit secrets proxmox-cloud-controller-manager -``` - -### Method 2: helm chart - -Set the proxmox credentials +Create the proxmox credentials ```yaml -# clusters.yaml +# config.yaml config: clusters: - url: https://cluster-api-1.exmple.com:8006/api2/json @@ -103,8 +87,52 @@ config: region: cluster-1 ``` +Upload it to the kubernetes: + +```shell +kubectl -n kube-system create secret proxmox-cloud-controller-manager --from-file=config.yaml +``` + +### Method 1: kubectl + +Deploy Proxmox CCM with `cloud-node,cloud-node-lifecycle` controllers + +```shell +kubectl apply -f https://raw.githubusercontent.com/sergelogvinov/proxmox-cloud-controller-manager/main/docs/deploy/cloud-controller-manager.yml +``` + +Deploy Proxmox CCM with `cloud-node-lifecycle` controller (for Talos) + +```shell +kubectl apply -f https://raw.githubusercontent.com/sergelogvinov/proxmox-cloud-controller-manager/main/docs/deploy/cloud-controller-manager-talos.yml +``` + +### Method 2: helm chart + Deploy Proxmox CCM ```shell -helm upgrade -i --namespace=kube-system -f clusters.yaml proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager +helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \ + proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager ``` + +More options can find [here](charts/proxmox-cloud-controller-manager) + +## Contributing + +Contributions are welcomed and appreciated! +See [Contributing](CONTRIBUTING.md) for our guidelines. + +## License + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +[http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0) + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/proxmox-cloud-controller-manager/Chart.yaml b/charts/proxmox-cloud-controller-manager/Chart.yaml index 9cde492..76fbc6c 100644 --- a/charts/proxmox-cloud-controller-manager/Chart.yaml +++ b/charts/proxmox-cloud-controller-manager/Chart.yaml @@ -10,6 +10,7 @@ keywords: - ccm maintainers: - name: sergelogvinov + url: https://github.com/sergelogvinov # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. diff --git a/charts/proxmox-cloud-controller-manager/README.md b/charts/proxmox-cloud-controller-manager/README.md index dd69fff..127f2ce 100644 --- a/charts/proxmox-cloud-controller-manager/README.md +++ b/charts/proxmox-cloud-controller-manager/README.md @@ -10,38 +10,72 @@ A Helm chart for Kubernetes | Name | Email | Url | | ---- | ------ | --- | -| sergelogvinov | | | +| sergelogvinov | | | ## Source Code * +Example: + +```yaml +# proxmox-ccm.yaml + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "kubernetes@pve!csi" + token_secret: "key" + region: cluster-1 + +enabledControllers: + # Remove `cloud-node` if you use it with Talos CCM + - cloud-node + - cloud-node-lifecycle + +# Deploy CCM only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule +``` + +Deploy chart: + +```shell +helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \ + proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager +``` + ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | -| config.clusters | list | `[]` | | -| enabledControllers | list | `["cloud-node","cloud-node-lifecycle"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node,cloud-node-lifecycle` controllers. | -| extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/sergelogvinov/proxmox-cloud-controller-manager"` | | -| image.tag | string | `""` | | +| replicaCount | int | `1` | | +| image.repository | string | `"ghcr.io/sergelogvinov/proxmox-cloud-controller-manager"` | Proxmox CCM image. | +| image.pullPolicy | string | `"IfNotPresent"` | Always or IfNotPresent | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | -| logVerbosityLevel | int | `2` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. | | nameOverride | string | `""` | | -| nodeSelector | object | `{}` | Node labels for data pods assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ | +| fullnameOverride | string | `""` | | +| extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager | +| enabledControllers | list | `["cloud-node","cloud-node-lifecycle"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node,cloud-node-lifecycle` controllers. | +| logVerbosityLevel | int | `2` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. | +| existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. | +| existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. | +| config | object | `{"clusters":[]}` | Proxmox cluster config. | +| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | +| priorityClassName | string | `"system-cluster-critical"` | CCM pods' priorityClassName. | | podAnnotations | object | `{}` | Annotations for data pods. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | | podSecurityContext | object | `{"fsGroup":10258,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":10258,"runAsNonRoot":true,"runAsUser":10258}` | Pods Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | -| priorityClassName | string | `"system-cluster-critical"` | CCM pods' priorityClassName. | -| replicaCount | int | `1` | | -| resources.requests.cpu | string | `"10m"` | | -| resources.requests.memory | string | `"32Mi"` | | | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}}` | Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | -| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | -| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | +| resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resizer resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | | updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment | +| nodeSelector | object | `{}` | Node labels for data pods assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ | +| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | +| affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/proxmox-cloud-controller-manager/README.md.gotmpl b/charts/proxmox-cloud-controller-manager/README.md.gotmpl new file mode 100644 index 0000000..b07e90d --- /dev/null +++ b/charts/proxmox-cloud-controller-manager/README.md.gotmpl @@ -0,0 +1,52 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +Example: + +```yaml +# proxmox-ccm.yaml + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "kubernetes@pve!csi" + token_secret: "key" + region: cluster-1 + +enabledControllers: + # Remove `cloud-node` if you use it with Talos CCM + - cloud-node + - cloud-node-lifecycle + +# Deploy CCM only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule +``` + +Deploy chart: + +```shell +helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \ + proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager +``` + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/proxmox-cloud-controller-manager/templates/deployment.yaml b/charts/proxmox-cloud-controller-manager/templates/deployment.yaml index 5884ea9..1a896d4 100644 --- a/charts/proxmox-cloud-controller-manager/templates/deployment.yaml +++ b/charts/proxmox-cloud-controller-manager/templates/deployment.yaml @@ -80,7 +80,17 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: + {{- if .Values.existingConfigSecret }} + - name: cloud-config + secret: + secretName: {{ .Values.existingConfigSecret }} + items: + - key: {{ .Values.existingConfigSecretKey }} + path: config.yaml + defaultMode: 416 + {{- else }} - name: cloud-config secret: secretName: {{ include "proxmox-cloud-controller-manager.fullname" . }} - defaultMode: 416 # 0640 + defaultMode: 416 + {{- end }} diff --git a/charts/proxmox-cloud-controller-manager/templates/secrets.yaml b/charts/proxmox-cloud-controller-manager/templates/secrets.yaml index 4a6947c..ce60f62 100644 --- a/charts/proxmox-cloud-controller-manager/templates/secrets.yaml +++ b/charts/proxmox-cloud-controller-manager/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{- if ne (len .Values.config.clusters) 0 }} apiVersion: v1 kind: Secret metadata: @@ -7,3 +8,4 @@ metadata: namespace: {{ .Release.Namespace }} data: config.yaml: {{ toYaml .Values.config | b64enc | quote }} +{{- end }} diff --git a/charts/proxmox-cloud-controller-manager/values.yaml b/charts/proxmox-cloud-controller-manager/values.yaml index fdcdb0e..4ad5721 100644 --- a/charts/proxmox-cloud-controller-manager/values.yaml +++ b/charts/proxmox-cloud-controller-manager/values.yaml @@ -5,9 +5,11 @@ replicaCount: 1 image: + # -- Proxmox CCM image. repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager + # -- Always or IfNotPresent pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + # -- Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] @@ -31,6 +33,12 @@ enabledControllers: # for description of individual verbosity levels. logVerbosityLevel: 2 +# -- Proxmox cluster config stored in secrets. +existingConfigSecret: ~ +# -- Proxmox cluster config stored in secrets key. +existingConfigSecretKey: config.yaml + +# -- Proxmox cluster config. config: clusters: [] # - url: https://cluster-api-1.exmple.com:8006/api2/json @@ -76,6 +84,8 @@ securityContext: seccompProfile: type: RuntimeDefault +# -- Resizer resource requests and limits. +# ref: https://kubernetes.io/docs/user-guide/compute-resources/ resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/docs/deploy/cloud-controller-manager-talos.yml b/docs/deploy/cloud-controller-manager-talos.yml index b568961..21f9ee3 100644 --- a/docs/deploy/cloud-controller-manager-talos.yml +++ b/docs/deploy/cloud-controller-manager-talos.yml @@ -12,21 +12,6 @@ metadata: app.kubernetes.io/managed-by: Helm namespace: kube-system --- -# Source: proxmox-cloud-controller-manager/templates/secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: proxmox-cloud-controller-manager - labels: - helm.sh/chart: proxmox-cloud-controller-manager-0.1.2 - app.kubernetes.io/name: proxmox-cloud-controller-manager - app.kubernetes.io/instance: proxmox-cloud-controller-manager - app.kubernetes.io/version: "v0.0.1" - app.kubernetes.io/managed-by: Helm - namespace: kube-system -data: - config.yaml: "Y2x1c3RlcnM6IFtd" ---- # Source: proxmox-cloud-controller-manager/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -201,4 +186,4 @@ spec: - name: cloud-config secret: secretName: proxmox-cloud-controller-manager - defaultMode: 416 # 0640 + defaultMode: 416 diff --git a/docs/deploy/cloud-controller-manager.yml b/docs/deploy/cloud-controller-manager.yml index fe5c82b..70191d8 100644 --- a/docs/deploy/cloud-controller-manager.yml +++ b/docs/deploy/cloud-controller-manager.yml @@ -12,21 +12,6 @@ metadata: app.kubernetes.io/managed-by: Helm namespace: kube-system --- -# Source: proxmox-cloud-controller-manager/templates/secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: proxmox-cloud-controller-manager - labels: - helm.sh/chart: proxmox-cloud-controller-manager-0.1.2 - app.kubernetes.io/name: proxmox-cloud-controller-manager - app.kubernetes.io/instance: proxmox-cloud-controller-manager - app.kubernetes.io/version: "v0.0.1" - app.kubernetes.io/managed-by: Helm - namespace: kube-system -data: - config.yaml: "Y2x1c3RlcnM6IFtd" ---- # Source: proxmox-cloud-controller-manager/templates/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -161,7 +146,7 @@ spec: - ALL seccompProfile: type: RuntimeDefault - image: "ghcr.io/sergelogvinov/proxmox-cloud-controller-manager:edge" + image: "ghcr.io/sergelogvinov/proxmox-cloud-controller-manager:v0.0.1" imagePullPolicy: Always command: ["/proxmox-cloud-controller-manager"] args: @@ -201,4 +186,4 @@ spec: - name: cloud-config secret: secretName: proxmox-cloud-controller-manager - defaultMode: 416 # 0640 + defaultMode: 416