From 0b0faf8f7267781741efccb90ca669892cb2fcdb Mon Sep 17 00:00:00 2001
From: Daniel Strufe <2900921+dabeck@users.noreply.github.com>
Date: Wed, 8 May 2024 10:36:31 +0200
Subject: [PATCH] Update external huawei cloud controller to 0.26.8 (#11172)
* Update external huawei cloud controller to 0.26.8
* Update huawei cloud controller templates
* Add security-group-id to config
* git fail
---
.../sample/group_vars/all/huaweicloud.yml | 2 +-
.../huaweicloud/defaults/main.yml | 2 +-
.../templates/external-huawei-cloud-config.j2 | 3 +
...-huawei-cloud-controller-manager-ds.yml.j2 | 5 +
...ud-controller-manager-role-bindings.yml.j2 | 24 ++-
...awei-cloud-controller-manager-roles.yml.j2 | 162 +++++++++---------
6 files changed, 99 insertions(+), 99 deletions(-)
diff --git a/inventory/sample/group_vars/all/huaweicloud.yml b/inventory/sample/group_vars/all/huaweicloud.yml
index b85e7c2ac..c5879d7f9 100644
--- a/inventory/sample/group_vars/all/huaweicloud.yml
+++ b/inventory/sample/group_vars/all/huaweicloud.yml
@@ -14,4 +14,4 @@
## The repo and tag of the external Huawei Cloud Controller image
# external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
-# external_huawei_cloud_controller_image_tag: "v0.26.6"
+# external_huawei_cloud_controller_image_tag: "v0.26.8"
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
index f81bf1e2e..9cd42ed68 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
@@ -16,4 +16,4 @@ external_huaweicloud_cloud: "{{ lookup('env','OS_CLOUD') }}"
## arg2: "value2"
external_huawei_cloud_controller_extra_args: {}
external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
-external_huawei_cloud_controller_image_tag: "v0.26.6"
+external_huawei_cloud_controller_image_tag: "v0.26.8"
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
index 07f1771d6..875ea9b89 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
@@ -21,3 +21,6 @@ subnet-id={{ external_huaweicloud_lbaas_subnet_id }}
{% if external_huaweicloud_lbaas_network_id is defined %}
id={{ external_huaweicloud_lbaas_network_id }}
{% endif %}
+{% if external_huaweicloud_security_group_id is defined %}
+security-group-id={{ external_huaweicloud_security_group_id }}
+{% endif %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
index b9b2ec354..29f99b205 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
@@ -47,6 +47,11 @@ spec:
- --cloud-config=$(CLOUD_CONFIG)
- --cloud-provider=huaweicloud
- --use-service-account-credentials=true
+ - --node-status-update-frequency=5s
+ - --node-monitor-period=5s
+ - --leader-elect-lease-duration=30s
+ - --leader-elect-renew-deadline=20s
+ - --leader-elect-retry-period=2s
{% for key, value in external_huawei_cloud_controller_extra_args.items() %}
- "{{ '--' + key + '=' + value }}"
{% endfor %}
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
index bbdf3364a..3c893f3fa 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
@@ -1,16 +1,12 @@
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: system:cloud-controller-manager
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:cloud-controller-manager
- subjects:
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: system:cloud-controller-manager
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:cloud-controller-manager
+subjects:
- kind: ServiceAccount
name: cloud-controller-manager
- namespace: kube-system
-kind: List
-metadata: {}
+ namespace: kube-system
\ No newline at end of file
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
index 2e2d8b64e..d2710e960 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
@@ -1,117 +1,113 @@
-apiVersion: v1
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: system:cloud-controller-manager
- rules:
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: system:cloud-controller-manager
+rules:
- resources:
- - tokenreviews
+ - tokenreviews
verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
apiGroups:
- - authentication.k8s.io
+ - authentication.k8s.io
- resources:
- - configmaps
- - endpoints
- - pods
- - services
- - secrets
- - serviceaccounts
- - serviceaccounts/token
+ - configmaps
+ - endpoints
+ - pods
+ - services
+ - secrets
+ - serviceaccounts
+ - serviceaccounts/token
verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
apiGroups:
- - ''
+ - ''
- resources:
- - nodes
+ - nodes
verbs:
- - get
- - list
- - watch
- - delete
- - patch
- - update
+ - get
+ - list
+ - watch
+ - delete
+ - patch
+ - update
apiGroups:
- - ''
+ - ''
- resources:
- - services/status
- - pods/status
+ - services/status
+ - pods/status
verbs:
- - update
- - patch
+ - update
+ - patch
apiGroups:
- - ''
+ - ''
- resources:
- - nodes/status
+ - nodes/status
verbs:
- - patch
- - update
+ - patch
+ - update
apiGroups:
- - ''
+ - ''
- resources:
- - events
- - endpoints
+ - events
+ - endpoints
verbs:
- - create
- - patch
- - update
+ - create
+ - patch
+ - update
apiGroups:
- - ''
+ - ''
- resources:
- - leases
+ - leases
verbs:
- - get
- - update
- - create
- - delete
+ - get
+ - update
+ - create
+ - delete
apiGroups:
- - coordination.k8s.io
+ - coordination.k8s.io
- resources:
- - customresourcedefinitions
+ - customresourcedefinitions
verbs:
- - get
- - update
- - create
- - delete
+ - get
+ - update
+ - create
+ - delete
apiGroups:
- apiextensions.k8s.io
- resources:
- - ingresses
+ - ingresses
verbs:
- - get
- - list
- - watch
- - update
- - create
- - patch
- - delete
+ - get
+ - list
+ - watch
+ - update
+ - create
+ - patch
+ - delete
apiGroups:
- - networking.k8s.io
+ - networking.k8s.io
- resources:
- - ingresses/status
+ - ingresses/status
verbs:
- - update
- - patch
+ - update
+ - patch
apiGroups:
- - networking.k8s.io
+ - networking.k8s.io
- resources:
- - endpointslices
+ - endpointslices
verbs:
- - get
- - list
- - watch
+ - get
+ - list
+ - watch
apiGroups:
- - discovery.k8s.io
-kind: List
-metadata: {}
+ - discovery.k8s.io
\ No newline at end of file
--
GitLab