diff --git a/CHANGELOG.md b/CHANGELOG.md index 69a2284f4..d832802ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ## unreleased +## v0.1.47 (beta) - February 1, 2024 + ## v0.1.46 (beta) - January 9, 2024 * Updates kubernetes dependencies: (@kperath) - k8s.io/api@v0.29.0 diff --git a/VERSION b/VERSION index 9d6e2f7a0..9dce8237c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.1.46 +v0.1.47 diff --git a/releases/v0.1.47.yml b/releases/v0.1.47.yml new file mode 100644 index 000000000..579aa6c29 --- /dev/null +++ b/releases/v0.1.47.yml @@ -0,0 +1,245 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: digitalocean-cloud-controller-manager + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: digitalocean-cloud-controller-manager + template: + metadata: + labels: + app: digitalocean-cloud-controller-manager + spec: + dnsPolicy: Default + hostNetwork: true + serviceAccountName: cloud-controller-manager + priorityClassName: system-cluster-critical + tolerations: + # this taint is set by all kubelets running `--cloud-provider=external` + # so we should tolerate it to schedule the digitalocean ccm + - key: "node.cloudprovider.kubernetes.io/uninitialized" + value: "true" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + # cloud controller manages should be able to run on masters + # TODO: remove this when ccm is not supported on k8s <= 1.23 + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + # k8s clusters 1.24+ uses control-plane name instead of master + - key: "node-role.kubernetes.io/control-plane" + effect: NoSchedule + containers: + - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.47 + name: digitalocean-cloud-controller-manager + command: + - "/bin/digitalocean-cloud-controller-manager" + - "--leader-elect=false" + resources: + requests: + cpu: 100m + memory: 50Mi + env: + - name: DO_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + - image: digitalocean/digitalocean-cloud-controller-manager-admission-server:v0.1.47 + name: digitalocean-cloud-controller-manager-admission-server + command: + - "/bin/digitalocean-cloud-controller-manager-admission-server" + resources: + requests: + cpu: 100m + memory: 50Mi + env: + - name: DO_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + ports: + - containerPort: 9443 + name: admission + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: digitalocean-cloud-controller-manager-serving-certs + readOnly: true + volumes: + - name: digitalocean-cloud-controller-manager-serving-certs + secret: + defaultMode: 420 + secretName: digitalocean-cloud-controller-manager-serving-certs +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: +- kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + name: digitalocean-cloud-controller-manager + namespace: kube-system +spec: + selector: + app: digitalocean-cloud-controller-manager + ports: + - protocol: TCP + port: 443 + targetPort: 9443 +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: digitalocean-cloud-controller-manager-serving-certs + namespace: kube-system +spec: + dnsNames: + - digitalocean-cloud-controller-manager + - digitalocean-cloud-controller-manager.kube-system.svc + - digitalocean-cloud-controller-manager.kube-system.svc.cluster.local + issuerRef: + kind: Issuer + name: digitalocean-cloud-controller-manager-selfsigned-issuer + secretName: digitalocean-cloud-controller-manager-serving-certs +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: digitalocean-cloud-controller-manager-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kube-system/digitalocean-cloud-controller-manager-serving-certs + name: digitalocean-cloud-controller-manager-admission-webhook +webhooks: +- name: validation-webhook.loadbalancer.doks.io + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: "kube-system" + name: "digitalocean-cloud-controller-manager" + path: "/lb-service" + failurePolicy: Ignore + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + scope: Namespaced + sideEffects: None