diff --git a/CHANGELOG.md b/CHANGELOG.md index e11478f6f..2a8d0f640 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ## unreleased + +## v0.1.44 (beta) - August 2, 2023 * Remove deny and allow load balancer firewall rules when annotations are removed (@olove) ## v0.1.43 (beta) - May 25, 2023 diff --git a/VERSION b/VERSION index 7b68d4413..db9012a41 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.1.43 +v0.1.44 diff --git a/releases/v0.1.44.yml b/releases/v0.1.44.yml new file mode 100644 index 000000000..81421b250 --- /dev/null +++ b/releases/v0.1.44.yml @@ -0,0 +1,154 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: digitalocean-cloud-controller-manager + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app: digitalocean-cloud-controller-manager + template: + metadata: + labels: + app: digitalocean-cloud-controller-manager + spec: + dnsPolicy: Default + hostNetwork: true + serviceAccountName: cloud-controller-manager + priorityClassName: system-cluster-critical + tolerations: + # this taint is set by all kubelets running `--cloud-provider=external` + # so we should tolerate it to schedule the digitalocean ccm + - key: "node.cloudprovider.kubernetes.io/uninitialized" + value: "true" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + # cloud controller manages should be able to run on masters + # TODO: remove this when ccm is not supported on k8s <= 1.23 + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + # k8s clusters 1.24+ uses control-plane name instead of master + - key: "node-role.kubernetes.io/control-plane" + effect: NoSchedule + containers: + - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.44 + name: digitalocean-cloud-controller-manager + command: + - "/bin/digitalocean-cloud-controller-manager" + - "--leader-elect=false" + resources: + requests: + cpu: 100m + memory: 50Mi + env: + - name: DO_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: +- kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system