github-personal/talos-cloud-controller-manager
1
0
Fork 0
mirror of https://github.com/outbackdingo/talos-cloud-controller-manager.git synced 2026-01-27 18:20:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: update helm readme

Browse Source 
Update helm chart documentation.
Add edge image deployment.

Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
This commit is contained in:
Serge Logvinov
2023-05-08 16:59:46 +03:00
parent 5d65b1d694
commit bba5b6a74b
14 changed files with 433 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build-edge.yaml vendored
View File

@@ -9,6 +9,7 @@ on:
- 'go.sum' - 'go.sum'
- 'cmd/**' - 'cmd/**'
- 'pkg/**' - 'pkg/**'
- 'Dockerfile'
jobs: jobs:
build-publish: build-publish:
@@ -20,6 +21,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up docker buildx - name: Set up docker buildx
run: make docker-init run: make docker-init
@@ -33,5 +36,6 @@ jobs:
- name: Build and push - name: Build and push
run: make images run: make images
env: env:
USERNAME: ${{ github.repository_owner }}
PUSH: "true" PUSH: "true"
TAG: "edge" TAG: "edge"

7
.github/workflows/build-test.yaml vendored
View File

@@ -9,6 +9,7 @@ on:
- 'go.sum' - 'go.sum'
- 'cmd/**' - 'cmd/**'
- 'pkg/**' - 'pkg/**'
- 'Dockerfile'
jobs: jobs:
build: build:
@@ -19,6 +20,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up go - name: Set up go
uses: actions/setup-go@v3 uses: actions/setup-go@v3
@@ -26,9 +29,9 @@ jobs:
go-version-file: 'go.mod' go-version-file: 'go.mod'
cache: true cache: true
- name: Build
run: make build
- name: Lint - name: Lint
uses: golangci/golangci-lint-action@v3 uses: golangci/golangci-lint-action@v3
with: with:
args: --config=.golangci.yml args: --config=.golangci.yml
- name: Build
run: make build

4
.github/workflows/charts.yaml vendored
View File

@@ -24,6 +24,4 @@ jobs:
- name: Run helm chart linter - name: Run helm chart linter
run: ct --config hack/ct.yml lint run: ct --config hack/ct.yml lint
- name: Run helm template - name: Run helm template
run: | run: make helm-unit
helm template -n kube-system -f charts/talos-cloud-controller-manager/values-tests.yaml \
ccm charts/talos-cloud-controller-manager > /dev/null

5
Dockerfile
View File

@@ -16,8 +16,9 @@ RUN make build-all-archs
######################################## ########################################
FROM --platform=${TARGETARCH} scratch AS release FROM --platform=${TARGETARCH} scratch AS release
LABEL org.opencontainers.image.source https://github.com/siderolabs/talos-cloud-controller-manager LABEL org.opencontainers.image.source="https://github.com/siderolabs/talos-cloud-controller-manager" \
LABEL org.opencontainers.image.licenses MIT org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.description="Talos Cloud Controller Manager"
ARG TARGETARCH ARG TARGETARCH
COPY --from=builder /src/talos-cloud-controller-manager-${TARGETARCH} /talos-cloud-controller-manager COPY --from=builder /src/talos-cloud-controller-manager-${TARGETARCH} /talos-cloud-controller-manager

28
Makefile
View File

@@ -36,7 +36,7 @@ To build this project, you must have the following installed:
- git - git
- make - make
- golang 1.19 - golang 1.20+
- golangci-lint - golangci-lint
endef endef
@@ -47,7 +47,11 @@ help: ## This help menu.
@echo "$$HELP_MENU_HEADER" @echo "$$HELP_MENU_HEADER"
@grep -E '^[a-zA-Z0-9%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' @grep -E '^[a-zA-Z0-9%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
############
#
# Build Abstractions # Build Abstractions
#
############
build-all-archs: build-all-archs:
@for arch in $(ARCHS); do $(MAKE) ARCH=$${arch} build ; done @for arch in $(ARCHS); do $(MAKE) ARCH=$${arch} build ; done
@@ -63,30 +67,48 @@ run: build
--use-service-account-credentials --leader-elect=false --bind-address=127.0.0.1 --use-service-account-credentials --leader-elect=false --bind-address=127.0.0.1
.PHONY: lint .PHONY: lint
lint: ## Lint lint: ## Lint Code
golangci-lint run --config .golangci.yml golangci-lint run --config .golangci.yml
.PHONY: unit .PHONY: unit
unit: unit: ## Unit Tests
go test -tags=unit $(shell go list ./...) $(TESTARGS) go test -tags=unit $(shell go list ./...) $(TESTARGS)
.PHONY: conformance .PHONY: conformance
conformance: ## Conformance conformance: ## Conformance
docker run --rm -it -v $(PWD):/src -w /src ghcr.io/siderolabs/conform:v0.1.0-alpha.27 enforce docker run --rm -it -v $(PWD):/src -w /src ghcr.io/siderolabs/conform:v0.1.0-alpha.27 enforce
############
.PHONY: helm-unit
helm-unit: ## Helm Unit Tests
@helm lint charts/talos-cloud-controller-manager
@helm template -f charts/talos-cloud-controller-manager/ci/values.yaml \
talos-cloud-controller-manager charts/talos-cloud-controller-manager >/dev/null
.PHONY: docs .PHONY: docs
docs: docs:
helm template -n kube-system talos-cloud-controller-manager \ helm template -n kube-system talos-cloud-controller-manager \
--set-string image.tag=$(TAG) \ --set-string image.tag=$(TAG) \
charts/talos-cloud-controller-manager > docs/deploy/cloud-controller-manager.yml charts/talos-cloud-controller-manager > docs/deploy/cloud-controller-manager.yml
helm template -n kube-system talos-cloud-controller-manager \
-f charts/talos-cloud-controller-manager/values.edge.yaml \
charts/talos-cloud-controller-manager > docs/deploy/cloud-controller-manager-edge.yml
helm template -n kube-system talos-cloud-controller-manager \ helm template -n kube-system talos-cloud-controller-manager \
--set-string image.tag=$(TAG) \ --set-string image.tag=$(TAG) \
--set useDaemonSet=true \ --set useDaemonSet=true \
charts/talos-cloud-controller-manager > docs/deploy/cloud-controller-manager-daemonset.yml charts/talos-cloud-controller-manager > docs/deploy/cloud-controller-manager-daemonset.yml
helm-docs charts/talos-cloud-controller-manager helm-docs charts/talos-cloud-controller-manager
release-update:
git-chglog --config hack/chglog-config.yml -o CHANGELOG.md git-chglog --config hack/chglog-config.yml -o CHANGELOG.md
############
#
# Docker Abstractions
#
############
docker-init: docker-init:
docker run --rm --privileged multiarch/qemu-user-static:register --reset docker run --rm --privileged multiarch/qemu-user-static:register --reset

11
charts/talos-cloud-controller-manager/Chart.yaml
View File

@@ -1,13 +1,16 @@
apiVersion: v2 apiVersion: v2
appVersion: "1.3.0"
version: 0.1.0
kubeVersion: ">= 1.24.0" kubeVersion: ">= 1.24.0"
type: application type: application
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
description: Talos Cloud Controller Manager Helm Chart description: Talos Cloud Controller Manager Helm Chart
home: https://github.com/siderolabs/talos-cloud-controller-manager home: https://github.com/siderolabs/talos-cloud-controller-manager
sources:
- https://github.com/siderolabs/talos-cloud-controller-manager
keywords:
- ccm
maintainers: maintainers:
- name: sergelogvinov - name: sergelogvinov
url: https://github.com/sergelogvinov url: https://github.com/sergelogvinov
version: 0.1.1
appVersion: "1.3.0"

38
charts/talos-cloud-controller-manager/README.md
View File

@@ -1,6 +1,6 @@
# talos-cloud-controller-manager # talos-cloud-controller-manager
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) ![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square)
Talos Cloud Controller Manager Helm Chart Talos Cloud Controller Manager Helm Chart
@@ -12,10 +12,43 @@ Talos Cloud Controller Manager Helm Chart
| ---- | ------ | --- | | ---- | ------ | --- |
| sergelogvinov | | <https://github.com/sergelogvinov> | | sergelogvinov | | <https://github.com/sergelogvinov> |
## Source Code
* <https://github.com/siderolabs/talos-cloud-controller-manager>
## Requirements ## Requirements
Kubernetes: `>= 1.24.0` Kubernetes: `>= 1.24.0`
## Deploy example
```yaml
# talos-ccm.yaml
replicaCount: 2
features:
# `approveNodeCSR` - check and approve node CSR.
approveNodeCSR: true
enabledControllers:
- cloud-node
# Deploy CCM only on control-plane nodes
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
```
Deploy chart:
```shell
helm upgrade -i --namespace=kube-system -f talos-ccm.yaml \
talos-cloud-controller-manager charts/talos-cloud-controller-manager
```
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
@@ -23,6 +56,7 @@ Kubernetes: `>= 1.24.0`
| affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | | affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| enabledControllers | list | `["cloud-node"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node` controller. | | enabledControllers | list | `["cloud-node"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node` controller. |
| extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager | | extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager |
| features.approveNodeCSR | bool | `true` | List of CCM features. `approveNodeCSR` - check and approve node CSR. |
| fullnameOverride | string | `""` | String to fully override deployment name. | | fullnameOverride | string | `""` | String to fully override deployment name. |
| image.pullPolicy | string | `"IfNotPresent"` | Pull policy: IfNotPresent or Always. | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy: IfNotPresent or Always. |
| image.repository | string | `"ghcr.io/siderolabs/talos-cloud-controller-manager"` | CCM image repository. | | image.repository | string | `"ghcr.io/siderolabs/talos-cloud-controller-manager"` | CCM image repository. |
@@ -46,7 +80,7 @@ Kubernetes: `>= 1.24.0`
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | | tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment | | updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
| useDaemonSet | bool | `false` | Deploy CCM in Daemonset mode. | | useDaemonSet | bool | `false` | Deploy CCM in Daemonset mode. CCM will use hostNetwork and host resolv.conf |
---------------------------------------------- ----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

48
charts/talos-cloud-controller-manager/README.md.gotmpl Normal file
View File

@@ -0,0 +1,48 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.badgesSection" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
## Deploy example
```yaml
# talos-ccm.yaml
replicaCount: 2
features:
# `approveNodeCSR` - check and approve node CSR.
approveNodeCSR: true
enabledControllers:
- cloud-node
# Deploy CCM only on control-plane nodes
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
```
Deploy chart:
```shell
helm upgrade -i --namespace=kube-system -f talos-ccm.yaml \
talos-cloud-controller-manager charts/talos-cloud-controller-manager
```
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

12
charts/talos-cloud-controller-manager/ci/values.yaml Normal file
View File

@@ -0,0 +1,12 @@
image:
pullPolicy: Always
tag: edge
nodeSelector:
node-role.kubernetes.io/control-plane: ""
logVerbosityLevel: 4
enabledControllers:
- cloud-node

4
charts/talos-cloud-controller-manager/values.edge.yaml Normal file
View File

@@ -0,0 +1,4 @@
image:
pullPolicy: Always
tag: edge

5
charts/talos-cloud-controller-manager/values.yaml
View File

@@ -35,9 +35,9 @@ enabledControllers:
# - route # - route
# - service # - service
# -- List of CCM features.
# `approveNodeCSR` - check and approve node CSR.
features: features:
# -- List of CCM features.
# `approveNodeCSR` - check and approve node CSR.
approveNodeCSR: true approveNodeCSR: true
# -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md # -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md
@@ -104,6 +104,7 @@ resources:
memory: 64Mi memory: 64Mi
# -- Deploy CCM in Daemonset mode. # -- Deploy CCM in Daemonset mode.
# CCM will use hostNetwork and host resolv.conf
useDaemonSet: false useDaemonSet: false
# -- Deployment update stategy type. # -- Deployment update stategy type.

12
docs/deploy/cloud-controller-manager-daemonset.yml
View File

@@ -5,7 +5,7 @@ kind: ServiceAccount
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -18,7 +18,7 @@ kind: ServiceAccount
metadata: metadata:
name: talos-cloud-controller-manager-talos-secrets name: talos-cloud-controller-manager-talos-secrets
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -34,7 +34,7 @@ kind: ConfigMap
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -51,7 +51,7 @@ kind: ClusterRole
metadata: metadata:
name: system:talos-cloud-controller-manager name: system:talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -159,7 +159,7 @@ kind: Service
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -183,7 +183,7 @@ kind: DaemonSet
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"

273
docs/deploy/cloud-controller-manager-edge.yml Normal file
View File

@@ -0,0 +1,273 @@
---
# Source: talos-cloud-controller-manager/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager
labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
---
# Source: talos-cloud-controller-manager/templates/serviceaccount.yaml
apiVersion: talos.dev/v1alpha1
kind: ServiceAccount
metadata:
name: talos-cloud-controller-manager-talos-secrets
labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
roles:
- os:reader
---
# Source: talos-cloud-controller-manager/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: talos-cloud-controller-manager
labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
data:
ccm-config.yaml: |
global:
approveNodeCSR: true
---
# Source: talos-cloud-controller-manager/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:talos-cloud-controller-manager
labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/approval
verbs:
- update
- apiGroups:
- certificates.k8s.io
resources:
- signers
resourceNames:
- kubernetes.io/kubelet-serving
verbs:
- approve
---
# Source: talos-cloud-controller-manager/templates/rolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:talos-cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:talos-cloud-controller-manager
subjects:
- kind: ServiceAccount
name: talos-cloud-controller-manager
namespace: kube-system
---
# Source: talos-cloud-controller-manager/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: system:talos-cloud-controller-manager:extension-apiserver-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: talos-cloud-controller-manager
namespace: kube-system
---
# Source: talos-cloud-controller-manager/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: talos-cloud-controller-manager
labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
clusterIP: None
type: ClusterIP
ports:
- name: https
port: 50258
targetPort: 50258
protocol: TCP
selector:
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
---
# Source: talos-cloud-controller-manager/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: talos-cloud-controller-manager
labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0"
app.kubernetes.io/managed-by: Helm
namespace: kube-system
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
template:
metadata:
labels:
app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager
spec:
serviceAccountName: talos-cloud-controller-manager
securityContext:
fsGroup: 10258
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 10258
runAsNonRoot: true
runAsUser: 10258
containers:
- name: talos-cloud-controller-manager
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/siderolabs/talos-cloud-controller-manager:edge"
imagePullPolicy: Always
command: ["/talos-cloud-controller-manager"]
args:
- --v=2
- --cloud-provider=talos
- --cloud-config=/etc/talos/ccm-config.yaml
- --controllers=cloud-node
- --leader-elect-resource-name=cloud-controller-manager-talos
- --use-service-account-credentials
- --secure-port=50258
ports:
- containerPort: 50258
name: https
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 30
timeoutSeconds: 5
resources:
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
- name: cloud-config
mountPath: /etc/talos
readOnly: true
- name: talos-secrets
mountPath: /var/run/secrets/talos.dev
readOnly: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
operator: Exists
volumes:
- name: cloud-config
configMap:
name: talos-cloud-controller-manager
defaultMode: 416 # 0640
- name: talos-secrets
secret:
secretName: talos-cloud-controller-manager-talos-secrets
defaultMode: 416 # 0640

12
docs/deploy/cloud-controller-manager.yml
View File

@@ -5,7 +5,7 @@ kind: ServiceAccount
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -18,7 +18,7 @@ kind: ServiceAccount
metadata: metadata:
name: talos-cloud-controller-manager-talos-secrets name: talos-cloud-controller-manager-talos-secrets
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -34,7 +34,7 @@ kind: ConfigMap
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -51,7 +51,7 @@ kind: ClusterRole
metadata: metadata:
name: system:talos-cloud-controller-manager name: system:talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -159,7 +159,7 @@ kind: Service
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"
@@ -183,7 +183,7 @@ kind: Deployment
metadata: metadata:
name: talos-cloud-controller-manager name: talos-cloud-controller-manager
labels: labels:
helm.sh/chart: talos-cloud-controller-manager-0.1.0 helm.sh/chart: talos-cloud-controller-manager-0.1.1
app.kubernetes.io/name: talos-cloud-controller-manager app.kubernetes.io/name: talos-cloud-controller-manager
app.kubernetes.io/instance: talos-cloud-controller-manager app.kubernetes.io/instance: talos-cloud-controller-manager
app.kubernetes.io/version: "1.3.0" app.kubernetes.io/version: "1.3.0"