From bb367f22ea4463b99312a454f2b5e5bff23fbf3b Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Tue, 6 Jul 2021 09:34:43 +0200 Subject: [PATCH 1/3] Add aws- prefix to CCM SA --- .../k8s-1.18.yaml.template | 8 ++++---- .../aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml | 8 ++++---- .../awscloudcontroller/manifest.yaml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template b/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template index bb02d447efa7a..186308bcb22fd 100644 --- a/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template +++ b/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template @@ -25,7 +25,7 @@ spec: effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule - serviceAccountName: cloud-controller-manager + serviceAccountName: aws-cloud-controller-manager containers: - name: aws-cloud-controller-manager image: {{ if .ExternalCloudControllerManager.Image }}{{ .ExternalCloudControllerManager.Image }}{{ else }}gcr.io/k8s-staging-provider-aws/cloud-controller-manager:{{AWSCCMTag}}{{ end }} @@ -42,7 +42,7 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: cloud-controller-manager + name: aws-cloud-controller-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 @@ -57,7 +57,7 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: cloud-controller-manager + name: aws-cloud-controller-manager namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 @@ -168,6 +168,6 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: cloud-controller-manager + name: aws-cloud-controller-manager namespace: kube-system diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml index 3cc76fee57cb1..81e820379d7dc 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml @@ -36,7 +36,7 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical - serviceAccountName: cloud-controller-manager + serviceAccountName: aws-cloud-controller-manager tolerations: - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized @@ -56,7 +56,7 @@ metadata: addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: aws-cloud-controller.addons.k8s.io - name: cloud-controller-manager + name: aws-cloud-controller-manager namespace: kube-system --- @@ -78,7 +78,7 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: cloud-controller-manager + name: aws-cloud-controller-manager namespace: kube-system --- @@ -203,5 +203,5 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: cloud-controller-manager + name: aws-cloud-controller-manager namespace: kube-system diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index b538550b5cc5a..0313de9c2f160 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -47,7 +47,7 @@ spec: k8s-addon: storage-aws.addons.k8s.io - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 44f4c35583b89ca3dce92aad96c06095bc0ead28 + manifestHash: 262dc72788b283088815442c33e4609e75769f7f name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io From bedfb409ca0312486aa192ff1ba2635939d1d3b9 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Tue, 6 Jul 2021 13:46:21 +0200 Subject: [PATCH 2/3] Don't always pull the CCM image --- .../aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template | 1 + .../aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml | 1 + .../bootstrapchannelbuilder/awscloudcontroller/manifest.yaml | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template b/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template index 186308bcb22fd..7cbe9d5fdb13a 100644 --- a/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template +++ b/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template @@ -29,6 +29,7 @@ spec: containers: - name: aws-cloud-controller-manager image: {{ if .ExternalCloudControllerManager.Image }}{{ .ExternalCloudControllerManager.Image }}{{ else }}gcr.io/k8s-staging-provider-aws/cloud-controller-manager:{{AWSCCMTag}}{{ end }} + imagePullPolicy: IfNotPresent args: {{- range $arg := CloudControllerConfigArgv }} - {{ $arg }} diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml index 81e820379d7dc..4057023b2932b 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml @@ -28,6 +28,7 @@ spec: - --configure-cloud-routes=false - --use-service-account-credentials=true image: gcr.io/k8s-staging-provider-aws/cloud-controller-manager:latest + imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: requests: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 0313de9c2f160..980a6b9944d03 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -47,7 +47,7 @@ spec: k8s-addon: storage-aws.addons.k8s.io - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 262dc72788b283088815442c33e4609e75769f7f + manifestHash: 9ca4820e2d12cabdb9b2d32c2f8f9b00e3e75a7f name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io From af0aefd2e7b1ec07730a843e43e93f4527b6094c Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Tue, 6 Jul 2021 15:26:30 +0200 Subject: [PATCH 3/3] Use localhost as API address for CCM --- .../k8s-1.18.yaml.template | 19 +++++++++++-------- ...oud-controller.addons.k8s.io-k8s-1.18.yaml | 3 +++ .../awscloudcontroller/manifest.yaml | 2 +- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template b/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template index 7cbe9d5fdb13a..5b3ca302d245c 100644 --- a/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template +++ b/upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template @@ -27,16 +27,19 @@ spec: effect: NoSchedule serviceAccountName: aws-cloud-controller-manager containers: - - name: aws-cloud-controller-manager - image: {{ if .ExternalCloudControllerManager.Image }}{{ .ExternalCloudControllerManager.Image }}{{ else }}gcr.io/k8s-staging-provider-aws/cloud-controller-manager:{{AWSCCMTag}}{{ end }} - imagePullPolicy: IfNotPresent - args: + - name: aws-cloud-controller-manager + image: {{ if .ExternalCloudControllerManager.Image }}{{ .ExternalCloudControllerManager.Image }}{{ else }}gcr.io/k8s-staging-provider-aws/cloud-controller-manager:{{AWSCCMTag}}{{ end }} + imagePullPolicy: IfNotPresent + args: {{- range $arg := CloudControllerConfigArgv }} - - {{ $arg }} + - {{ $arg }} {{- end }} - resources: - requests: - cpu: 200m + env: + - name: KUBERNETES_SERVICE_HOST + value: "127.0.0.1" + resources: + requests: + cpu: 200m hostNetwork: true priorityClassName: system-cluster-critical --- diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml index 4057023b2932b..b9eb7c366f24e 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml @@ -27,6 +27,9 @@ spec: - --allocate-node-cidrs=true - --configure-cloud-routes=false - --use-service-account-credentials=true + env: + - name: KUBERNETES_SERVICE_HOST + value: 127.0.0.1 image: gcr.io/k8s-staging-provider-aws/cloud-controller-manager:latest imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 980a6b9944d03..765d668f5668d 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -47,7 +47,7 @@ spec: k8s-addon: storage-aws.addons.k8s.io - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 9ca4820e2d12cabdb9b2d32c2f8f9b00e3e75a7f + manifestHash: ef74ee3b557b92e6e6944329c81e4f1925e2f3df name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io