chore: release v1.4.0

Release v1.4.0

Features:
* node CSR approval
* spot node label

Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>

.github/workflows/release-pre.yaml

@@ -0,0 +1,34 @@
+name: Release check
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build-publish:
+    name: "Check release docs"
+    runs-on: ubuntu-22.04
+    if:  startsWith(github.head_ref, 'release-')
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+
+      - name: Release version
+        shell: bash
+        id: release
+        run: |
+          echo "TAG=v${GITHUB_HEAD_REF:8}" >> "$GITHUB_ENV"
+
+      - name: Helm docs
+        uses: gabe565/setup-helm-docs-action@v1
+
+      - name: Generate
+        run: make docs
+      - name: Check
+        run: git diff --exit-code

CHANGELOG.md

@@ -1,9 +1,41 @@
 
+<a name="v1.4.0"></a>
+## [v1.4.0](https://github.com/siderolabs/talos-cloud-controller-manager/compare/v1.3.0...v1.4.0) (2023-05-27)
+
+Welcome to the v1.4.0 release of Talos CCM!
+
+### Features
+- add node certificate approval
+- build latest version
+- daemonset deployment
+- label spot instanses
+
+### Changelog
+
+* b3d55f0 test: add basic tests
+* e44f5bc chore: bump deps
+* 3dcea64 docs: edge deploy with csr
+* bba5b6a docs: update helm readme
+* 5d65b1d fix: csr keyusage check
+* 2b53c2b feat: add node certificate approval
+* 11e77e8 feat: build latest version
+* 7a039d9 fix: node spec ip
+* 8583f59 chore: bump deps
+* 8681816 feat: daemonset deployment
+* 5a4413f chore: bump deps
+* c80d552 feat: label spot instanses
+* 9e1b15e chore: bump deps
+* d3d613b fix: helm chart namespace
+
 <a name="v1.3.0"></a>
 ## v1.3.0 (2022-12-18)
 
 Welcome to the v1.3.0 release of Talos CCM!
 
+### Features
+- gitops automatization
+- init ccm
+
 ### Changelog
 
 * e8a9802 feat: gitops automatization

README.md

@@ -15,6 +15,8 @@ Talos CCM tries to solve these issues and helps you to launch multiple CCMs in o
 
 ## Features
 
+### Node initialize
+
 Talos CCM receives the metadata from the Talos platform resource and applies labels to the nodes during the initialization process.
 
 Well-Known [labels](https://kubernetes.io/docs/reference/labels-annotations-taints/):
@@ -31,6 +33,16 @@ Node specs:
 * providerID magic string
 * InternalIP and ExternalIP addresses
 
+### Node certificate approval
+
+Talos CCM is responsible for validating a node's certificate signing request (CSR) and approving it.
+When a node wants to join a cluster, it generates a CSR, which includes its identity and other relevant information.
+It checks if the CSR is properly formatted, contains all the required information, and matches the node's identity.
+
+By validating and approving node CSRs, Talos CCM plays a crucial role in maintaining the security and integrity of the cluster by ensuring that only trusted and authorized nodes are allowed to have signed kubelet certificate.
+
+The kubelet certificate is used to secure the communication between the kubelet and other components in the cluster, such as the Kubernetes control plane. It ensures that the communication is encrypted and authenticated and preventing a man-in-the-middle (MITM) attack.
+
 ## Example
 
 ```yaml
@@ -63,8 +75,7 @@ status:
 
 We need to set the `--cloud-provider=external` flag for each node.
 
-CCM also can approve/sign the [kubelet certificate signing request](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers).
-In this case we need to set flag `--rotate-server-certificates=true`.
+To allow CCM approves/signs the [kubelet certificate signing request](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers) set the flag `--rotate-server-certificates=true`.
 
 ### Prepare control-plane
 

charts/talos-cloud-controller-manager/Chart.yaml

@@ -12,5 +12,5 @@ maintainers:
   - name: sergelogvinov
     url: https://github.com/sergelogvinov
 
-version: 0.1.1
-appVersion: "1.3.0"
+version: 0.2.0
+appVersion: "1.4.0"

charts/talos-cloud-controller-manager/README.md

@@ -1,6 +1,6 @@
 # talos-cloud-controller-manager
 
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square)
 
 Talos Cloud Controller Manager Helm Chart
 

docs/deploy/cloud-controller-manager-daemonset.yml

@@ -5,10 +5,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 ---
@@ -18,10 +18,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager-talos-secrets
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -34,10 +34,10 @@ kind: ConfigMap
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 data:
@@ -51,10 +51,10 @@ kind: ClusterRole
 metadata:
   name: system:talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:
@@ -159,10 +159,10 @@ kind: Service
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -183,10 +183,10 @@ kind: DaemonSet
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -220,7 +220,7 @@ spec:
               - ALL
             seccompProfile:
               type: RuntimeDefault
-          image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.3.0"
+          image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.4.0"
           imagePullPolicy: IfNotPresent
           command: ["/talos-cloud-controller-manager"]
           args:

docs/deploy/cloud-controller-manager-edge.yml

@@ -5,10 +5,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 ---
@@ -18,10 +18,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager-talos-secrets
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -34,10 +34,10 @@ kind: ConfigMap
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 data:
@@ -51,10 +51,10 @@ kind: ClusterRole
 metadata:
   name: system:talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:
@@ -159,10 +159,10 @@ kind: Service
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -183,10 +183,10 @@ kind: Deployment
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:

docs/deploy/cloud-controller-manager.yml

@@ -5,10 +5,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 ---
@@ -18,10 +18,10 @@ kind: ServiceAccount
 metadata:
   name: talos-cloud-controller-manager-talos-secrets
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -34,10 +34,10 @@ kind: ConfigMap
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 data:
@@ -51,10 +51,10 @@ kind: ClusterRole
 metadata:
   name: system:talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:
@@ -159,10 +159,10 @@ kind: Service
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -183,10 +183,10 @@ kind: Deployment
 metadata:
   name: talos-cloud-controller-manager
   labels:
-    helm.sh/chart: talos-cloud-controller-manager-0.1.1
+    helm.sh/chart: talos-cloud-controller-manager-0.2.0
     app.kubernetes.io/name: talos-cloud-controller-manager
     app.kubernetes.io/instance: talos-cloud-controller-manager
-    app.kubernetes.io/version: "1.3.0"
+    app.kubernetes.io/version: "1.4.0"
     app.kubernetes.io/managed-by: Helm
   namespace: kube-system
 spec:
@@ -219,7 +219,7 @@ spec:
               - ALL
             seccompProfile:
               type: RuntimeDefault
-          image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.3.0"
+          image: "ghcr.io/siderolabs/talos-cloud-controller-manager:v1.4.0"
           imagePullPolicy: IfNotPresent
           command: ["/talos-cloud-controller-manager"]
           args:

hack/CHANGELOG.tpl.md

@@ -4,11 +4,18 @@
 
 Welcome to the {{ .Tag.Name }} release of Talos CCM!
 
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+
 ### Changelog
 
-{{ range .Commits -}}{{ if ne .Subject "" -}}
+{{ range .Commits -}}{{ if ne .Subject ""}}{{ if not (hasPrefix .Header "chore: release") -}}
 * {{ .Hash.Short }} {{ .Header }}
-{{ end }}{{ end }}
+{{ end }}{{ end }}{{ end }}
 
 {{- if .NoteGroups -}}
 {{ range .NoteGroups -}}

hack/chglog-config.yml

@@ -5,18 +5,17 @@ info:
   repository_url: https://github.com/siderolabs/talos-cloud-controller-manager
 options:
   commits:
-    # filters:
-    #   Type:
-    #     - feat
+    filters:
+      Type:
+        - feat
     #     - fix
     #     - perf
     #     - refactor
   commit_groups:
-    # title_maps:
-    #   feat: Features
-    #   fix: Bug Fixes
-    #   perf: Performance Improvements
-    #   refactor: Code Refactoring
+    group_by: Type
+    sort_by: Title
+    title_maps:
+      feat: Features
   header:
     pattern: "^(\\w*)\\:\\s(.*)$"
     pattern_maps: