scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-29 17:42:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

update deployments

Browse Source
This commit is contained in:
Serge Logvinov
2023-09-12 09:35:33 +03:00
parent 127c2d1377
commit 3555d01c17
9 changed files with 492 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_deployments/vars/coredns-local.yaml
View File

@@ -114,7 +114,7 @@ spec:
hostNetwork: true hostNetwork: true
containers: containers:
- name: coredns - name: coredns
image: coredns/coredns:1.10.1 image: coredns/coredns:1.11.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
limits: limits:

3
azure/Makefile
View File

@@ -35,6 +35,9 @@ create-templates:
@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json @yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
create-deployments: create-deployments:
helm template --namespace=kube-system -f deployments/azure-ccm.yaml azure-cloud-controller-manager \
cloud-provider-azure > deployments/azure-cloud-controller-manager.yaml
helm template --namespace=kube-system -f deployments/azure-autoscaler.yaml cluster-autoscaler-azure \ helm template --namespace=kube-system -f deployments/azure-autoscaler.yaml cluster-autoscaler-azure \
autoscaler/cluster-autoscaler > deployments/azure-autoscaler-result.yaml autoscaler/cluster-autoscaler > deployments/azure-autoscaler-result.yaml

80
azure/deployments/azure-cloud-controller-manager.yaml
View File

@@ -1,13 +1,20 @@
---
# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: azure-cloud-controller-manager name: azure-cloud-controller-manager
namespace: kube-system namespace: kube-system
--- ---
# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: system:azure-cloud-controller-manager name: system:azure-cloud-controller-manager
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
k8s-app: azure-cloud-controller-manager
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
@@ -57,12 +64,6 @@ rules:
- list - list
- watch - watch
- update - update
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@@ -98,9 +99,18 @@ rules:
- get - get
- create - create
- update - update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
--- ---
apiVersion: rbac.authorization.k8s.io/v1 # Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: system:azure-cloud-controller-manager name: system:azure-cloud-controller-manager
roleRef: roleRef:
@@ -112,6 +122,7 @@ subjects:
name: azure-cloud-controller-manager name: azure-cloud-controller-manager
namespace: kube-system namespace: kube-system
--- ---
# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
@@ -126,6 +137,7 @@ subjects:
name: azure-cloud-controller-manager name: azure-cloud-controller-manager
namespace: kube-system namespace: kube-system
--- ---
# Source: cloud-provider-azure/templates/cloud-provider-azure.yaml
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -134,62 +146,62 @@ metadata:
labels: labels:
component: azure-cloud-controller-manager component: azure-cloud-controller-manager
spec: spec:
replicas: 1
strategy:
type: Recreate
selector: selector:
matchLabels: matchLabels:
tier: control-plane tier: control-plane
component: azure-cloud-controller-manager component: azure-cloud-controller-manager
replicas: 1
template: template:
metadata: metadata:
labels: labels:
tier: control-plane
component: azure-cloud-controller-manager component: azure-cloud-controller-manager
tier: control-plane
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
hostNetwork: true hostNetwork: true
serviceAccountName: azure-cloud-controller-manager
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
node.cloudprovider.kubernetes.io/platform: azure serviceAccountName: azure-cloud-controller-manager
tolerations: tolerations:
- key: "node.cloudprovider.kubernetes.io/uninitialized" - effect: NoSchedule
value: "true" key: node-role.kubernetes.io/control-plane
effect: "NoSchedule" topologySpreadConstraints:
- key: "node-role.kubernetes.io/control-plane" - maxSkew: 1
effect: NoSchedule topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
tier: control-plane
component: azure-cloud-controller-manager
containers: containers:
- name: azure-cloud-controller-manager - name: azure-cloud-controller-manager
image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.26.5 image: mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.8
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["cloud-controller-manager"] command: ["cloud-controller-manager"]
args: args:
- --v=2 - "--allocate-node-cidrs=false"
- --cluster-name=$(CLUSTER_NAME) - "--cloud-config=/etc/azure/azure.json"
- --cloud-config=/etc/azure/azure.json - "--cloud-provider=azure"
- --cloud-provider=azure - "--cluster-cidr=10.244.0.0/16"
- --allocate-node-cidrs=false - "--cluster-name=kubernetes"
- "--configure-cloud-routes=false"
- --controllers=cloud-node-lifecycle # disable cloud-node controller - --controllers=cloud-node-lifecycle # disable cloud-node controller
- --configure-cloud-routes=false - "--leader-elect=true"
- --leader-elect-resource-name=cloud-controller-manager-azure - --leader-elect-resource-name=cloud-controller-manager-azure
- --use-service-account-credentials - "--route-reconciliation-period=10s"
# - --bind-address=127.0.0.1 - "--secure-port=10268"
- --secure-port=10267 - "--v=2"
env:
- name: CLUSTER_NAME
value: kubernetes
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
limits: limits:
cpu: "1" cpu: 100m
memory: 512Mi memory: 128Mi
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
port: 10267 port: 10268
scheme: HTTPS scheme: HTTPS
initialDelaySeconds: 20 initialDelaySeconds: 20
periodSeconds: 10 periodSeconds: 10

6
hetzner/Makefile
View File

@@ -63,8 +63,12 @@ create-secrets:
helm-repos: ## add helm repos helm-repos: ## add helm repos
helm repo add hcloud https://charts.hetzner.cloud helm repo add hcloud https://charts.hetzner.cloud
helm repo add autoscaler https://kubernetes.github.io/autoscaler
helm repo update helm repo update
create-deployments: create-deployments:
helm template --namespace=kube-system -f deployments/hcloud-cloud-controller-manager.yaml \ helm template --namespace=kube-system -f deployments/hcloud-ccm.yaml \
hcloud-cloud-controller-manager hcloud/hcloud-cloud-controller-manager > deployments/hcloud-cloud-controller-manager-result.yaml hcloud-cloud-controller-manager hcloud/hcloud-cloud-controller-manager > deployments/hcloud-cloud-controller-manager-result.yaml
helm template --namespace=kube-system -f deployments/hcloud-autoscaler.yaml cluster-autoscaler-hcloud \
autoscaler/cluster-autoscaler > deployments/hcloud-autoscaler-result.yaml

361
hetzner/deployments/cluster-autoscaler-hcloud-result.yaml Normal file
View File

@@ -0,0 +1,361 @@
---
# Source: cluster-autoscaler/templates/pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
namespace: kube-system
spec:
selector:
matchLabels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
maxUnavailable: 1
---
# Source: cluster-autoscaler/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
namespace: kube-system
automountServiceAccountToken: true
---
# Source: cluster-autoscaler/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
rules:
- apiGroups:
- ""
resources:
- events
- endpoints
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
- apiGroups:
- ""
resources:
- pods/status
verbs:
- update
- apiGroups:
- ""
resources:
- endpoints
resourceNames:
- cluster-autoscaler
verbs:
- get
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- watch
- list
- get
- update
- apiGroups:
- ""
resources:
- namespaces
- pods
- services
- replicationcontrollers
- persistentvolumeclaims
- persistentvolumes
verbs:
- watch
- list
- get
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- watch
- list
- get
- apiGroups:
- batch
- extensions
resources:
- jobs
verbs:
- get
- list
- patch
- watch
- apiGroups:
- extensions
resources:
- replicasets
- daemonsets
verbs:
- watch
- list
- get
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- watch
- list
- apiGroups:
- apps
resources:
- daemonsets
- replicasets
- statefulsets
verbs:
- watch
- list
- get
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- csinodes
- csidrivers
- csistoragecapacities
verbs:
- watch
- list
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- cluster-autoscaler
resources:
- leases
verbs:
- get
- update
---
# Source: cluster-autoscaler/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-autoscaler-hcloud
subjects:
- kind: ServiceAccount
name: cluster-autoscaler-hcloud
namespace: kube-system
---
# Source: cluster-autoscaler/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- cluster-autoscaler-status
verbs:
- delete
- get
- update
---
# Source: cluster-autoscaler/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cluster-autoscaler-hcloud
subjects:
- kind: ServiceAccount
name: cluster-autoscaler-hcloud
namespace: kube-system
---
# Source: cluster-autoscaler/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
namespace: kube-system
spec:
ports:
- port: 8085
protocol: TCP
targetPort: 8085
name: http
selector:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
type: "ClusterIP"
---
# Source: cluster-autoscaler/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{}
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
app.kubernetes.io/managed-by: "Helm"
helm.sh/chart: "cluster-autoscaler-9.29.3"
name: cluster-autoscaler-hcloud
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
template:
metadata:
labels:
app.kubernetes.io/instance: "cluster-autoscaler-hcloud"
app.kubernetes.io/name: "hetzner-cluster-autoscaler"
spec:
priorityClassName: "system-cluster-critical"
dnsPolicy: "ClusterFirst"
containers:
- name: hetzner-cluster-autoscaler
image: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.3"
imagePullPolicy: "IfNotPresent"
command:
- ./cluster-autoscaler
- --cloud-provider=hetzner
- --namespace=kube-system
- --nodes=0:2:CPX31:NBG1:worker-nbg1
- --nodes=0:2:CPX31:FSN1:worker-fsn1
- --nodes=0:2:CPX31:HEL1:worker-hel1
- --logtostderr=true
- --node-deletion-delay-timeout=10m0s
- --regional=true
- --scan-interval=3m
- --stderrthreshold=info
- --v=4
env:
- name: HCLOUD_CLOUD_INIT
valueFrom:
secretKeyRef:
name: hcloud
key: worker
- name: HCLOUD_IMAGE
valueFrom:
secretKeyRef:
name: hcloud
key: image
- name: HCLOUD_NETWORK
valueFrom:
secretKeyRef:
name: hcloud
key: network
- name: HCLOUD_SSH_KEY
valueFrom:
secretKeyRef:
name: hcloud
key: sshkey
- name: HCLOUD_TOKEN
valueFrom:
secretKeyRef:
name: hcloud
key: token
livenessProbe:
httpGet:
path: /health-check
port: 8085
ports:
- containerPort: 8085
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 100m
memory: 300Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
nodeSelector:
node-role.kubernetes.io/control-plane: ""
node.cloudprovider.kubernetes.io/platform: hcloud
serviceAccountName: cluster-autoscaler-hcloud
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane

257
hetzner/deployments/hcloud-autoscaler.yaml
View File

@@ -1,196 +1,67 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
name: cluster-autoscaler
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-autoscaler
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
rules:
- apiGroups: [""]
resources: ["events", "endpoints"]
verbs: ["create", "patch"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
- apiGroups: [""]
resources: ["pods/status"]
verbs: ["update"]
- apiGroups: [""]
resources: ["endpoints"]
resourceNames: ["cluster-autoscaler"]
verbs: ["get", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["watch", "list", "get", "update"]
- apiGroups: [""]
resources:
- "namespaces"
- "pods"
- "services"
- "replicationcontrollers"
- "persistentvolumeclaims"
- "persistentvolumes"
verbs: ["watch", "list", "get"]
- apiGroups: ["extensions"]
resources: ["replicasets", "daemonsets"]
verbs: ["watch", "list", "get"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["watch", "list"]
- apiGroups: ["apps"]
resources: ["statefulsets", "replicasets", "daemonsets"]
verbs: ["watch", "list", "get"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "csinodes", "csistoragecapacities", "csidrivers"]
verbs: ["watch", "list", "get"]
- apiGroups: ["batch", "extensions"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create"]
- apiGroups: ["coordination.k8s.io"]
resourceNames: ["cluster-autoscaler"]
resources: ["leases"]
verbs: ["get", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cluster-autoscaler
namespace: kube-system
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create","list","watch"]
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"]
verbs: ["delete", "get", "update", "watch"]
--- fullnameOverride: cluster-autoscaler-hcloud
apiVersion: rbac.authorization.k8s.io/v1 image:
kind: ClusterRoleBinding tag: v1.27.3
metadata:
name: cluster-autoscaler
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-autoscaler
subjects:
- kind: ServiceAccount
name: cluster-autoscaler
namespace: kube-system
--- cloudProvider: hetzner
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cluster-autoscaler
namespace: kube-system
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cluster-autoscaler
subjects:
- kind: ServiceAccount
name: cluster-autoscaler
namespace: kube-system
--- autoscalingGroups:
apiVersion: apps/v1 - name: CPX31:NBG1:worker-nbg1
kind: Deployment maxSize: 2
metadata: minSize: 0
name: cluster-autoscaler - name: CPX31:FSN1:worker-fsn1
namespace: kube-system maxSize: 2
labels: minSize: 0
app: cluster-autoscaler - name: CPX31:HEL1:worker-hel1
spec: maxSize: 2
replicas: 1 minSize: 0
selector:
matchLabels: extraEnvSecrets:
app: cluster-autoscaler HCLOUD_TOKEN:
template: name: hcloud
metadata: key: token
labels: HCLOUD_NETWORK:
app: cluster-autoscaler name: hcloud
annotations: key: network
prometheus.io/scrape: 'true' HCLOUD_SSH_KEY:
prometheus.io/port: '8085' name: hcloud
spec: key: sshkey
serviceAccountName: cluster-autoscaler HCLOUD_IMAGE:
nodeSelector: name: hcloud
# node-role.kubernetes.io/control-plane: "" key: image
node.cloudprovider.kubernetes.io/platform: hcloud HCLOUD_CLOUD_INIT:
tolerations: name: hcloud
- key: node-role.kubernetes.io/control-plane key: worker
effect: NoSchedule
containers: containerSecurityContext:
- name: cluster-autoscaler allowPrivilegeEscalation: false
image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.2 seccompProfile:
# image: ghcr.io/sergelogvinov/cluster-autoscaler-amd64:dev type: RuntimeDefault
name: cluster-autoscaler capabilities:
resources: drop: ["ALL"]
limits:
cpu: 100m extraArgs:
memory: 300Mi node-deletion-delay-timeout: 10m0s
requests: scan-interval: 3m
cpu: 100m regional: true
memory: 300Mi logtostderr: true
command: stderrthreshold: info
- ./cluster-autoscaler v: 4
- --cloud-provider=hetzner
- --stderrthreshold=info priorityClassName: system-cluster-critical
- --node-deletion-delay-timeout=10m0s
- --scan-interval=3m resources:
- --regional limits:
- --balance-similar-node-groups cpu: 100m
- --nodes=0:2:CPX31:NBG1:worker-nbg1 memory: 300Mi
- --nodes=0:2:CPX31:FSN1:worker-fsn1 requests:
- --nodes=0:2:CPX31:HEL1:worker-hel1 cpu: 100m
- --v=2 memory: 300Mi
env:
- name: HCLOUD_TOKEN nodeSelector:
valueFrom: node-role.kubernetes.io/control-plane: ""
secretKeyRef: node.cloudprovider.kubernetes.io/platform: hcloud
name: hcloud
key: token tolerations:
- name: HCLOUD_NETWORK - key: node-role.kubernetes.io/control-plane
valueFrom: effect: NoSchedule
secretKeyRef:
name: hcloud
key: network
- name: HCLOUD_SSH_KEY
valueFrom:
secretKeyRef:
name: hcloud
key: sshkey
- name: HCLOUD_IMAGE
valueFrom:
secretKeyRef:
name: hcloud-init
key: image
- name: HCLOUD_CLOUD_INIT
valueFrom:
secretKeyRef:
name: hcloud-init
key: worker

0
hetzner/deployments/hcloud-ccm.yaml Normal file
View File

17
hetzner/deployments/hcloud-cloud-controller-manager-result.yaml
View File

@@ -3,21 +3,21 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: cloud-controller-manager name: hcloud-cloud-controller-manager
namespace: kube-system namespace: kube-system
--- ---
# Source: hcloud-cloud-controller-manager/templates/clusterrolebinding.yaml # Source: hcloud-cloud-controller-manager/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: system:cloud-controller-manager name: "system:hcloud-cloud-controller-manager"
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: cluster-admin
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: cloud-controller-manager name: hcloud-cloud-controller-manager
namespace: kube-system namespace: kube-system
--- ---
# Source: hcloud-cloud-controller-manager/templates/deployment.yaml # Source: hcloud-cloud-controller-manager/templates/deployment.yaml
@@ -39,7 +39,7 @@ spec:
app.kubernetes.io/instance: 'hcloud-cloud-controller-manager' app.kubernetes.io/instance: 'hcloud-cloud-controller-manager'
app.kubernetes.io/name: 'hcloud-cloud-controller-manager' app.kubernetes.io/name: 'hcloud-cloud-controller-manager'
spec: spec:
serviceAccountName: cloud-controller-manager serviceAccountName: hcloud-cloud-controller-manager
dnsPolicy: Default dnsPolicy: Default
tolerations: tolerations:
# Allow HCCM itself to schedule on nodes that have not yet been initialized by HCCM. # Allow HCCM itself to schedule on nodes that have not yet been initialized by HCCM.
@@ -65,8 +65,9 @@ spec:
- "/bin/hcloud-cloud-controller-manager" - "/bin/hcloud-cloud-controller-manager"
- "--allow-untagged-cloud" - "--allow-untagged-cloud"
- "--cloud-provider=hcloud" - "--cloud-provider=hcloud"
- "--leader-elect=false"
- "--route-reconciliation-period=30s" - "--route-reconciliation-period=30s"
- "--webhook-secure-port=0"
- "--leader-elect=false"
env: env:
- name: HCLOUD_TOKEN - name: HCLOUD_TOKEN
valueFrom: valueFrom:
@@ -77,10 +78,10 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: HCLOUD_METRICS_ENABLED image: hetznercloud/hcloud-cloud-controller-manager:v1.17.2 # x-release-please-version
value: "false"
image: hetznercloud/hcloud-cloud-controller-manager:v1.15.0
ports: ports:
- name: metrics
containerPort: 8233
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

4
hetzner/deployments/hcloud-cloud-controller-manager.yaml
View File

@@ -48,7 +48,7 @@ spec:
- key: "node-role.kubernetes.io/control-plane" - key: "node-role.kubernetes.io/control-plane"
effect: NoSchedule effect: NoSchedule
containers: containers:
- image: hetznercloud/hcloud-cloud-controller-manager:v1.15.0 - image: hetznercloud/hcloud-cloud-controller-manager:v1.17.2
name: hcloud-cloud-controller-manager name: hcloud-cloud-controller-manager
args: args:
- --cloud-provider=hcloud - --cloud-provider=hcloud
@@ -78,10 +78,12 @@ spec:
- name: ROBOT_USER_NAME - name: ROBOT_USER_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
optional: true
name: hcloud name: hcloud
key: user key: user
- name: ROBOT_PASSWORD - name: ROBOT_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
optional: true
name: hcloud name: hcloud
key: password key: password