feat(chart): add daemonset and node selector (#537)

This adds the ability to run hccm as a `DaemonSet` like other cloud controller managers. There are also nodeSelectors as a new value to set where the DaemonSet (and deployment) should run. The default deployment kind of `Deployment` with 1 replica is not touched. The new configuration options are documented in the README file.
hetznercloud · Oct 18, 2023 · a94384f · a94384f
1 parent 8775196
commit a94384f
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 2 deletions.
diff --git a/chart/README.md b/chart/README.md
@@ -50,8 +50,12 @@ If you've already deployed hccm using the `helm install` command above, you can
 helm upgrade hccm hcloud/hcloud-cloud-controller-manager -n kube-system --set monitoring.podMonitor.enabled=true
 ```
 
-### Multiple replicas
+### Multiple replicas / DaemonSet
 
-If you want to use multiple replicas you can change `replicaCount` inside the helm values. 
+You can choose between different deployment options. By default the chart will deploy a single replica as a Deployment.
 
+If you want to change the replica count you can adjust the value `replicaCount` inside the helm values.
 If you have more than 1 replica leader election will be turned on automatically.
+
+If you want to deploy hccm as a DaemonSet you can set `kind` to `DaemonSet` inside the values. 
+To adjust on which nodes the DaemonSet should be deployed you can use the `nodeSelector` and `additionalTolerations` values.
diff --git a/chart/templates/daemonset.yaml b/chart/templates/daemonset.yaml
@@ -0,0 +1,85 @@
+{{- if eq $.Values.kind "DaemonSet" }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "hcloud-cloud-controller-manager.name" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      {{- include "hcloud-cloud-controller-manager.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "hcloud-cloud-controller-manager.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "hcloud-cloud-controller-manager.name" . }}
+      dnsPolicy: Default
+      tolerations:
+        # Allow HCCM itself to schedule on nodes that have not yet been initialized by HCCM.
+        - key: "node.cloudprovider.kubernetes.io/uninitialized"
+          value: "true"
+          effect: "NoSchedule"
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+
+        # Allow HCCM to schedule on control plane nodes.
+        - key: "node-role.kubernetes.io/master"
+          effect: NoSchedule
+          operator: Exists
+        - key: "node-role.kubernetes.io/control-plane"
+          effect: NoSchedule
+          operator: Exists
+
+        - key: "node.kubernetes.io/not-ready"
+          effect: "NoExecute"
+
+        {{- if gt (len .Values.additionalTolerations) 0 }}
+        {{ toYaml .Values.additionalTolerations | nindent 8 }}
+        {{- end }}
+
+      {{- if gt (len .Values.nodeSelector) 0 }}
+      nodeSelector: 
+        {{ toYaml .Values.nodeSelector | nindent 8 }}
+      {{- end }}
+
+      {{- if $.Values.networking.enabled }}
+      hostNetwork: true
+      {{- end }}
+      containers:
+        - name: hcloud-cloud-controller-manager
+          command:
+            - "/bin/hcloud-cloud-controller-manager"
+            {{- range $key, $value := $.Values.args }}
+            {{- if not (eq $value nil) }}
+            - "--{{ $key }}{{ if $value }}={{ $value }}{{ end }}"
+            {{- end }}
+            {{- end }}
+            {{- if $.Values.networking.enabled }}
+            - "--allocate-node-cidrs=true"
+            - "--cluster-cidr={{ $.Values.networking.clusterCIDR }}"
+            {{- end }}
+          env:
+            {{- range $key, $value := $.Values.env }}
+            - name: {{ $key }}
+              {{- tpl (toYaml $value) $ | nindent 14 }}
+            {{- end }}
+            {{- if $.Values.networking.enabled }}
+            - name: HCLOUD_NETWORK
+              {{- tpl (toYaml $.Values.networking.network) $ | nindent 14 }}
+            {{- end }}
+            {{- if not $.Values.monitoring.enabled }}
+            - name: HCLOUD_METRICS_ENABLED
+              value: "false"
+            {{- end }}
+          image: {{ $.Values.image.repository }}:{{ tpl $.Values.image.tag . }} # x-release-please-version
+          ports:
+            {{- if $.Values.monitoring.enabled }}
+            - name: metrics
+              containerPort: 8233
+            {{- end }}
+          resources:
+            {{- toYaml $.Values.resources | nindent 12 }}
+      priorityClassName: system-cluster-critical
+{{- end }}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -1,3 +1,4 @@
+{{- if eq $.Values.kind "Deployment" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -38,6 +39,11 @@ spec:
         {{- if gt (len .Values.additionalTolerations) 0 }}
         {{ toYaml .Values.additionalTolerations | nindent 8 }}
         {{- end }}
+
+      {{- if gt (len .Values.nodeSelector) 0 }}
+      nodeSelector: 
+        {{ toYaml .Values.nodeSelector | nindent 8 }}
+      {{- end }}
 
       {{- if $.Values.networking.enabled }}
       hostNetwork: true
@@ -80,3 +86,4 @@ spec:
           resources:
             {{- toYaml $.Values.resources | nindent 12 }}
       priorityClassName: system-cluster-critical
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -13,6 +13,10 @@ args:
   # https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/492
   webhook-secure-port: "0"
 
+# Change deployment kind from "Deployment" to "DaemonSet"
+kind: Deployment
+
+# change replicaCount (only used when kind is "Deployment")
 replicaCount: 1
 
 # hccm environment variables
@@ -78,3 +82,6 @@ selectorLabels:
   app.kubernetes.io/instance: '{{ $.Release.Name }}'
 
 additionalTolerations: []
+
+nodeSelector: {}
+  # node-role.kubernetes.io/control-plane: ""