Merge pull request #226 from digitalocean/set-static-flags-in-code

Set static flags in-code

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## unreleased
 
+* Set cloud tagging, authentication lookup skipping, and cloud provider flags in-code (@timoreimann)
 * Drop droplet cache usage in Instances implementation (@timoreimann)
 * Add note to README about CCM being already installed on DOKS (@snormore)
 * Set a custom user agent for the godo client (@andrewsomething)

cloud-controller-manager/cmd/digitalocean-cloud-controller-manager/main.go

@@ -27,7 +27,8 @@ import (
 	_ "k8s.io/kubernetes/pkg/client/metrics/prometheus" // for client metric registration
 	_ "k8s.io/kubernetes/pkg/version/prometheus"        // for version metric registration
 
-	_ "github.com/digitalocean/digitalocean-cloud-controller-manager/cloud-controller-manager/do"
+	"github.com/digitalocean/digitalocean-cloud-controller-manager/cloud-controller-manager/do"
+	"github.com/spf13/pflag"
 )
 
 func init() {
@@ -42,6 +43,34 @@ func main() {
 
 	command := app.NewCloudControllerManagerCommand()
 
+	// Set static flags for which we know the values.
+	command.Flags().VisitAll(func(fl *pflag.Flag) {
+		var err error
+		switch fl.Name {
+		case "allow-untagged-cloud",
+			// Untagged clouds must be enabled explicitly as they were once marked
+			// deprecated. See
+			// https://github.com/kubernetes/cloud-provider/issues/12 for an ongoing
+			// discussion on whether that is to be changed or not.
+			"authentication-skip-lookup":
+			// Prevent reaching out to an authentication-related ConfigMap that
+			// we do not need, and thus do not intend to create RBAC permissions
+			// for. See also
+			// https://github.com/digitalocean/digitalocean-cloud-controller-manager/issues/217
+			// and https://github.com/kubernetes/cloud-provider/issues/29.
+			err = fl.Value.Set("true")
+		case "cloud-provider":
+			// Specify the name we register our own cloud provider implementation
+			// for.
+			err = fl.Value.Set(do.ProviderName)
+		}
+
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "failed to set flag %q: %s\n", fl.Name, err)
+			os.Exit(1)
+		}
+	})
+
 	// (The following comment is copied from upstream:)
 	// TODO: once we switch everything over to Cobra commands, we can go back to calling
 	// utilflag.InitFlags() (by removing its pflag.Parse() call). For now, we have to set the

cloud-controller-manager/do/cloud.go

@@ -30,11 +30,12 @@ import (
 )
 
 const (
+	// ProviderName specifies the name for the DigitalOcean provider
+	ProviderName        string = "digitalocean"
 	doAccessTokenEnv    string = "DO_ACCESS_TOKEN"
 	doOverrideAPIURLEnv string = "DO_OVERRIDE_URL"
 	doClusterIDEnv      string = "DO_CLUSTER_ID"
 	doClusterVPCIDEnv   string = "DO_CLUSTER_VPC_ID"
-	providerName        string = "digitalocean"
 )
 
 var version string
@@ -107,7 +108,7 @@ func newCloud() (cloudprovider.Interface, error) {
 }
 
 func init() {
-	cloudprovider.RegisterCloudProvider(providerName, func(io.Reader) (cloudprovider.Interface, error) {
+	cloudprovider.RegisterCloudProvider(ProviderName, func(io.Reader) (cloudprovider.Interface, error) {
 		return newCloud()
 	})
 }
@@ -144,7 +145,7 @@ func (c *cloud) Routes() (cloudprovider.Routes, bool) {
 }
 
 func (c *cloud) ProviderName() string {
-	return providerName
+	return ProviderName
 }
 
 func (c *cloud) ScrubDNS(nameservers, searches []string) (nsOut, srchOut []string) {

cloud-controller-manager/do/droplets.go

@@ -221,8 +221,8 @@ func dropletIDFromProviderID(providerID string) (int, error) {
 	}
 
 	// since split[0] is actually "digitalocean:"
-	if strings.TrimSuffix(split[0], ":") != providerName {
-		return 0, fmt.Errorf("provider name from providerID should be digitalocean: %s", providerID)
+	if strings.TrimSuffix(split[0], ":") != ProviderName {
+		return 0, fmt.Errorf("provider name from providerID should be %s: %s", ProviderName, providerID)
 	}
 
 	return strconv.Atoi(split[2])

docs/example-manifests/cloud-controller-manager.yml

@@ -51,9 +51,7 @@ spec:
         name: digitalocean-cloud-controller-manager
         command:
           - "/bin/digitalocean-cloud-controller-manager"
-          - "--cloud-provider=digitalocean"
           - "--leader-elect=true"
-          - "--allow-untagged-cloud=true"
         resources:
           requests:
             cpu: 100m

docs/getting-started.md

@@ -26,14 +26,6 @@ All `kubelet`s in your cluster **MUST** set the flag `--cloud-provider=external`
 
 In the future, `--cloud-provider=external` will be the default. Learn more about the future of cloud providers in Kubernetes [here](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/cloud-provider/cloud-provider-refactoring.md).
 
-#### --allow-untagged-cloud=true
-
-SIG Cloud Provider requires all cloud providers to specify a cluster ID in order to allow for a clear separation of multiple cloud controller managers managing several clusters in the same account. For the time being, this is not needed on DigitalOcean and thus **MUST** be disabled explicitly via the `--allow-untagged-cloud=true` flag. Otherwise, cloud controller manager will fail to start.
-
-(Note that earlier versions of the cloud controller manager set this option in-code; however, it had to be moved to a CLI argument to account for upstream bootstrapping changes that made it challenging to continue the programmatic approach.)
-
-As of this writing, there is [an ongoing debate](https://github.com/kubernetes/cloud-provider/issues/12) on whether the requirement to provide a cluster ID should be dropped again.
-
 #### --provider-id=digitalocean://\<droplet ID\>
 
 A so-called _provider ID_ annotation is attached to each node by the cloud controller manager that serves as a unique identifier to the cloud-specific VM representation. With DigitalOcean, the droplet ID is used for this purpose. The provider ID can be leveraged for efficient droplet lookups via the DigitalOcean API. Lacking the provider ID, a name-based lookup is mandated by the cloud provider interface. However, this is fairly expensive at DigitalOcean since the API does not support droplet retrieval based on names, meaning that the DigitalOcean cloud controller manager needs to iterate over all available droplets to find the one matching the desired name.