diff --git a/inventory/sample/group_vars/all/huaweicloud.yml b/inventory/sample/group_vars/all/huaweicloud.yml
index b85e7c2acd811c1015873d1fcc60b8e6b1b483aa..c5879d7f931ee784bb4ce797ea55cd0dd380a412 100644
--- a/inventory/sample/group_vars/all/huaweicloud.yml
+++ b/inventory/sample/group_vars/all/huaweicloud.yml
@@ -14,4 +14,4 @@
## The repo and tag of the external Huawei Cloud Controller image
# external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
-# external_huawei_cloud_controller_image_tag: "v0.26.6"
+# external_huawei_cloud_controller_image_tag: "v0.26.8"
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
index f81bf1e2ec9d8b51dcd2d4f4316f9f1642025a8c..9cd42ed68e80c49fecf8b3690bf668a6ff449aef 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
@@ -16,4 +16,4 @@ external_huaweicloud_cloud: "{{ lookup('env','OS_CLOUD') }}"
## arg2: "value2"
external_huawei_cloud_controller_extra_args: {}
external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
-external_huawei_cloud_controller_image_tag: "v0.26.6"
+external_huawei_cloud_controller_image_tag: "v0.26.8"
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
index 07f1771d658022366d424f3b5b84e05f037ac5e9..875ea9b89189a46c44da7997913c170cb07b43ad 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
@@ -21,3 +21,6 @@ subnet-id={{ external_huaweicloud_lbaas_subnet_id }}
{% if external_huaweicloud_lbaas_network_id is defined %}
id={{ external_huaweicloud_lbaas_network_id }}
{% endif %}
+{% if external_huaweicloud_security_group_id is defined %}
+security-group-id={{ external_huaweicloud_security_group_id }}
+{% endif %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
index b9b2ec35458631975dbd6922cf325572a5dfaaac..29f99b20552eab1d1485e5272806fc3aa15801ac 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
@@ -47,6 +47,11 @@ spec:
- --cloud-config=$(CLOUD_CONFIG)
- --cloud-provider=huaweicloud
- --use-service-account-credentials=true
+ - --node-status-update-frequency=5s
+ - --node-monitor-period=5s
+ - --leader-elect-lease-duration=30s
+ - --leader-elect-renew-deadline=20s
+ - --leader-elect-retry-period=2s
{% for key, value in external_huawei_cloud_controller_extra_args.items() %}
- "{{ '--' + key + '=' + value }}"
{% endfor %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
index bbdf3364a14dbcb7de7e451afc12c14210429d8f..3c893f3faffc80606972dcfe3f9646c60e5cc263 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
@@ -1,16 +1,12 @@
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: system:cloud-controller-manager
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:cloud-controller-manager
- subjects:
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: system:cloud-controller-manager
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:cloud-controller-manager
+subjects:
- kind: ServiceAccount
name: cloud-controller-manager
- namespace: kube-system
-kind: List
-metadata: {}
+ namespace: kube-system
\ No newline at end of file
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
index 2e2d8b64e49b19c78ee93075eb3aeba340d6d691..d2710e960b59161f2052ea7c57b3169d9bf9169d 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
@@ -1,117 +1,113 @@
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: system:cloud-controller-manager
- rules:
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: system:cloud-controller-manager
+rules:
- resources:
- - tokenreviews
+ - tokenreviews
verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
apiGroups:
- - authentication.k8s.io
+ - authentication.k8s.io
- resources:
- - configmaps
- - endpoints
- - pods
- - services
- - secrets
- - serviceaccounts
- - serviceaccounts/token
+ - configmaps
+ - endpoints
+ - pods
+ - services
+ - secrets
+ - serviceaccounts
+ - serviceaccounts/token
verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
apiGroups:
- - ''
+ - ''
- resources:
- - nodes
+ - nodes
verbs:
- - get
- - list
- - watch
- - delete
- - patch
- - update
+ - get
+ - list
+ - watch
+ - delete
+ - patch
+ - update
apiGroups:
- - ''
+ - ''
- resources:
- - services/status
- - pods/status
+ - services/status
+ - pods/status
verbs:
- - update
- - patch
+ - update
+ - patch
apiGroups:
- - ''
+ - ''
- resources:
- - nodes/status
+ - nodes/status
verbs:
- - patch
- - update
+ - patch
+ - update
apiGroups:
- - ''
+ - ''
- resources:
- - events
- - endpoints
+ - events
+ - endpoints
verbs:
- - create
- - patch
- - update
+ - create
+ - patch
+ - update
apiGroups:
- - ''
+ - ''
- resources:
- - leases
+ - leases
verbs:
- - get
- - update
- - create
- - delete
+ - get
+ - update
+ - create
+ - delete
apiGroups:
- - coordination.k8s.io
+ - coordination.k8s.io
- resources:
- - customresourcedefinitions
+ - customresourcedefinitions
verbs:
- - get
- - update
- - create
- - delete
+ - get
+ - update
+ - create
+ - delete
apiGroups:
- apiextensions.k8s.io
- resources:
- - ingresses
+ - ingresses
verbs:
- - get
- - list
- - watch
- - update
- - create
- - patch
- - delete
+ - get
+ - list
+ - watch
+ - update
+ - create
+ - patch
+ - delete
apiGroups:
- - networking.k8s.io
+ - networking.k8s.io
- resources:
- - ingresses/status
+ - ingresses/status
verbs:
- - update
- - patch
+ - update
+ - patch
apiGroups:
- - networking.k8s.io
+ - networking.k8s.io
- resources:
- - endpointslices
+ - endpointslices
verbs:
- - get
- - list
- - watch
+ - get
+ - list
+ - watch
apiGroups:
- - discovery.k8s.io
-kind: List
-metadata: {}
+ - discovery.k8s.io
\ No newline at end of file