From 77587f7b9ec64e2516efe3609c88d9b956ff1f45 Mon Sep 17 00:00:00 2001 From: gottwald Date: Tue, 4 Jun 2024 10:28:44 +0000 Subject: [PATCH] create release manifests for v0.1.52 --- CHANGELOG.md | 2 + VERSION | 2 +- .../v0.1.52.yml | 109 +++++++++++++ .../v0.1.52.yml | 153 ++++++++++++++++++ 4 files changed, 265 insertions(+), 1 deletion(-) create mode 100644 releases/digitalocean-cloud-controller-manager-admission-server/v0.1.52.yml create mode 100644 releases/digitalocean-cloud-controller-manager/v0.1.52.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index aab91ee05..cd6f7a0a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ## unreleased +## v0.1.52 (beta) - June 4, 2024 + * Adding support for specifiying `loadBalancerSourceRanges` in the service spec. Source ranges take precedence over annotation based allow rules (`service.beta.kubernetes.io/do-loadbalancer-allow-rules`). ## v0.1.51 (beta) - May 28, 2024 diff --git a/VERSION b/VERSION index 660641b8a..b87515b8c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.1.51 +v0.1.52 diff --git a/releases/digitalocean-cloud-controller-manager-admission-server/v0.1.52.yml b/releases/digitalocean-cloud-controller-manager-admission-server/v0.1.52.yml new file mode 100644 index 000000000..878c564a4 --- /dev/null +++ b/releases/digitalocean-cloud-controller-manager-admission-server/v0.1.52.yml @@ -0,0 +1,109 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: digitalocean-cloud-controller-manager-admission-server + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: digitalocean-cloud-controller-manager-admission-server + template: + metadata: + labels: + app: digitalocean-cloud-controller-manager-admission-server + spec: + containers: + - image: digitalocean/digitalocean-cloud-controller-manager-admission-server:v0.1.52 + name: digitalocean-cloud-controller-manager-admission-server + command: + - "/bin/digitalocean-cloud-controller-manager-admission-server" + resources: + requests: + cpu: 100m + memory: 50Mi + env: + - name: DO_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + ports: + - containerPort: 9443 + name: admission + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: serving-certs + readOnly: true + volumes: + - name: serving-certs + secret: + defaultMode: 420 + secretName: digitalocean-cloud-controller-manager-admission-server-serving-certs +--- +apiVersion: v1 +kind: Service +metadata: + name: digitalocean-cloud-controller-manager-admission-server + namespace: kube-system +spec: + selector: + app: digitalocean-cloud-controller-manager-admission-server + ports: + - protocol: TCP + port: 443 + targetPort: 9443 +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: digitalocean-cloud-controller-manager-admission-server-serving-certs + namespace: kube-system +spec: + dnsNames: + - digitalocean-cloud-controller-manager-admission-server + - digitalocean-cloud-controller-manager-admission-server.kube-system.svc + - digitalocean-cloud-controller-manager-admission-server.kube-system.svc.cluster.local + issuerRef: + kind: Issuer + name: digitalocean-cloud-controller-manager-selfsigned-issuer + secretName: digitalocean-cloud-controller-manager-admission-server-serving-certs +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: digitalocean-cloud-controller-manager-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kube-system/digitalocean-cloud-controller-manager-admission-server-serving-certs + name: digitalocean-cloud-controller-manager-admission-webhook +webhooks: +- name: validation-webhook.cloud-controller-manager.digitalocean.com + admissionReviewVersions: + - v1 + clientConfig: + service: + namespace: "kube-system" + name: "digitalocean-cloud-controller-manager-admission-server" + path: "/lb-service" + failurePolicy: Ignore + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services + scope: Namespaced + sideEffects: None diff --git a/releases/digitalocean-cloud-controller-manager/v0.1.52.yml b/releases/digitalocean-cloud-controller-manager/v0.1.52.yml new file mode 100644 index 000000000..3e031175c --- /dev/null +++ b/releases/digitalocean-cloud-controller-manager/v0.1.52.yml @@ -0,0 +1,153 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: digitalocean-cloud-controller-manager + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: digitalocean-cloud-controller-manager + template: + metadata: + labels: + app: digitalocean-cloud-controller-manager + spec: + dnsPolicy: Default + hostNetwork: true + serviceAccountName: cloud-controller-manager + priorityClassName: system-cluster-critical + tolerations: + # this taint is set by all kubelets running `--cloud-provider=external` + # so we should tolerate it to schedule the digitalocean ccm + - key: "node.cloudprovider.kubernetes.io/uninitialized" + value: "true" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + # cloud controller manages should be able to run on masters + # TODO: remove this when ccm is not supported on k8s <= 1.23 + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + # k8s clusters 1.24+ uses control-plane name instead of master + - key: "node-role.kubernetes.io/control-plane" + effect: NoSchedule + containers: + - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.52 + name: digitalocean-cloud-controller-manager + command: + - "/bin/digitalocean-cloud-controller-manager" + - "--leader-elect=false" + resources: + requests: + cpu: 100m + memory: 50Mi + env: + - name: DO_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: +- kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system