diff --git a/charts/vsphere-cpi-1.26.0.tgz b/charts/vsphere-cpi-1.26.0.tgz new file mode 100644 index 000000000..f27df3b1f Binary files /dev/null and b/charts/vsphere-cpi-1.26.0.tgz differ diff --git a/charts/vsphere-cpi/Chart.yaml b/charts/vsphere-cpi/Chart.yaml index 412d9fb93..f12b7d0ad 100644 --- a/charts/vsphere-cpi/Chart.yaml +++ b/charts/vsphere-cpi/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 1.25.0 +appVersion: 1.26.0 description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) name: vsphere-cpi -version: 1.25.0 +version: 1.26.0 keywords: - vsphere - vmware diff --git a/charts/vsphere-cpi/README.md b/charts/vsphere-cpi/README.md index 1266aaf8b..132604bb0 100644 --- a/charts/vsphere-cpi/README.md +++ b/charts/vsphere-cpi/README.md @@ -149,7 +149,7 @@ helm repo add vsphere-cpi https://kubernetes.github.io/cloud-provider-vsphere helm repo update # Package CPI Chart -VERSION=1.25.0 +VERSION=1.26.0 cd charts helm package vsphere-cpi --version $VERSION --app-version $VERSION diff --git a/charts/vsphere-cpi/templates/configmap.yaml b/charts/vsphere-cpi/templates/configmap.yaml index 93f2a5029..b4f9273c3 100644 --- a/charts/vsphere-cpi/templates/configmap.yaml +++ b/charts/vsphere-cpi/templates/configmap.yaml @@ -13,8 +13,12 @@ data: # Global properties in this section will be used for all specified vCenters unless overriden in VirtualCenter section. global: port: 443 + {{- if .Values.config.tlsThumbprint }} + tlsThumbprint: {{- .Values.config.tlsThumbprint }} + {{- else }} # set insecure-flag to true if the vCenter uses a self-signed cert insecureFlag: true + {{- end }} # settings for using k8s secret secretName: {{ .Values.config.secret.name }} secretNamespace: {{ .Release.Namespace }} diff --git a/charts/vsphere-cpi/values.yaml b/charts/vsphere-cpi/values.yaml index 8fd979681..be643eb55 100644 --- a/charts/vsphere-cpi/values.yaml +++ b/charts/vsphere-cpi/values.yaml @@ -15,6 +15,7 @@ config: datacenter: "dc" region: "k8s-region" zone: "k8s-zone" + tlsThumbprint: "" secret: # Specifies whether Secret should be created from config values @@ -58,7 +59,7 @@ serviceAccount: daemonset: annotations: {} image: gcr.io/cloud-provider-vsphere/cpi/release/manager - tag: v1.25.0 + tag: v1.26.0 pullPolicy: IfNotPresent dnsPolicy: ClusterFirst cmdline: diff --git a/cluster/images/controller-manager/Dockerfile b/cluster/images/controller-manager/Dockerfile index cc3e6f97a..6979c98ce 100644 --- a/cluster/images/controller-manager/Dockerfile +++ b/cluster/images/controller-manager/Dockerfile @@ -33,7 +33,7 @@ ARG DISTROLESS_IMAGE=gcr.io/distroless/static@sha256:1e6ae0365c169e23830c155592f FROM ${GOLANG_IMAGE} as builder # This build arg is the version to embed in the CPI binary -ARG VERSION=1.25.0 +ARG VERSION=1.26.0 # This build arg controls the GOPROXY setting ARG GOPROXY diff --git a/docs/book/tutorials/disable-node-deletion.yaml b/docs/book/tutorials/disable-node-deletion.yaml index 0c3f58e5a..8e8ac41e4 100644 --- a/docs/book/tutorials/disable-node-deletion.yaml +++ b/docs/book/tutorials/disable-node-deletion.yaml @@ -233,7 +233,7 @@ spec: priorityClassName: system-node-critical containers: - name: vsphere-cloud-controller-manager - image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.25.0 + image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.26.0 args: - --cloud-provider=vsphere - --v=2 diff --git a/index.yaml b/index.yaml index 19ece0bbf..70dd5637b 100644 --- a/index.yaml +++ b/index.yaml @@ -1,9 +1,28 @@ apiVersion: v1 entries: vsphere-cpi: + - apiVersion: v2 + appVersion: 1.26.0 + created: "2023-03-01T21:57:01.219602-08:00" + description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) + digest: 2ecf416700c819f408eedf9263d08dbc04cd61969576be13d8935f15605f4a69 + home: https://github.com/kubernetes/cloud-provider-vsphere + icon: https://raw.githubusercontent.com/kubernetes/cloud-provider-vsphere/master/docs/vmware_logo.png + keywords: + - vsphere + - vmware + - cloud + - provider + - cpi + name: vsphere-cpi + sources: + - https://github.com/kubernetes/cloud-provider-vsphere + urls: + - https://kubernetes.github.io/cloud-provider-vsphere/charts/vsphere-cpi-1.26.0.tgz + version: 1.26.0 - apiVersion: v2 appVersion: 1.25.0 - created: "2022-10-18T18:31:05.010977-07:00" + created: "2023-03-01T21:57:01.215227-08:00" description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) digest: 3d48df49fdfb8bda6b5cec1d9e9f566183a150c8c01e111eec5e22ab1f557e31 home: https://github.com/kubernetes/cloud-provider-vsphere @@ -22,7 +41,7 @@ entries: version: 1.25.0 - apiVersion: v2 appVersion: 1.24.2 - created: "2022-10-18T18:31:05.010225-07:00" + created: "2023-03-01T21:57:01.209746-08:00" description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) digest: d0bfaf8a081128f9477b8d8ff00079f8506d4aa2ea899f55511d06400179b159 home: https://github.com/kubernetes/cloud-provider-vsphere @@ -41,7 +60,7 @@ entries: version: 1.24.2 - apiVersion: v2 appVersion: 1.24.1 - created: "2022-10-18T18:31:05.008975-07:00" + created: "2023-03-01T21:57:01.205477-08:00" description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) digest: 6e9dec3e4c6aaeed0d7f95aa2beade986d5a0a2261509b11479ceb1a51312096 home: https://github.com/kubernetes/cloud-provider-vsphere @@ -58,4 +77,4 @@ entries: urls: - https://kubernetes.github.io/cloud-provider-vsphere/charts/vsphere-cpi-1.24.1.tgz version: 1.24.1 -generated: "2022-10-18T18:31:05.006999-07:00" +generated: "2023-03-01T21:57:01.196276-08:00" diff --git a/releases/v1.26/vsphere-cloud-controller-manager.yaml b/releases/v1.26/vsphere-cloud-controller-manager.yaml new file mode 100644 index 000000000..9dffa2d87 --- /dev/null +++ b/releases/v1.26/vsphere-cloud-controller-manager.yaml @@ -0,0 +1,263 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + labels: + vsphere-cpi-infra: service-account + component: cloud-controller-manager + namespace: kube-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: vsphere-cloud-secret + labels: + vsphere-cpi-infra: secret + component: cloud-controller-manager + namespace: kube-system + # NOTE: this is just an example configuration, update with real values based on your environment +stringData: + 10.0.0.1.username: "" + 10.0.0.1.password: "" + 1.2.3.4.username: "" + 1.2.3.4.password: "" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vsphere-cloud-config + labels: + vsphere-cpi-infra: config + component: cloud-controller-manager + namespace: kube-system +data: + # NOTE: this is just an example configuration, update with real values based on your environment + vsphere.conf: | + # Global properties in this section will be used for all specified vCenters unless overriden in VirtualCenter section. + global: + port: 443 + # set insecureFlag to true if the vCenter uses a self-signed cert + insecureFlag: true + # settings for using k8s secret + secretName: vsphere-cloud-secret + secretNamespace: kube-system + + # vcenter section + vcenter: + your-vcenter-name-here: + server: 10.0.0.1 + user: use-your-vcenter-user-here + password: use-your-vcenter-password-here + datacenters: + - hrwest + - hreast + could-be-a-tenant-label: + server: 1.2.3.4 + datacenters: + - mytenantdc + secretName: cpi-engineering-secret + secretNamespace: kube-system + + # labels for regions and zones + labels: + region: k8s-region + zone: k8s-zone +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: servicecatalog.k8s.io:apiserver-authentication-reader + labels: + vsphere-cpi-infra: role-binding + component: cloud-controller-manager + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - apiGroup: "" + kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + - apiGroup: "" + kind: User + name: cloud-controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager + labels: + vsphere-cpi-infra: cluster-role-binding + component: cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: + - kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system + - kind: User + name: cloud-controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager + labels: + vsphere-cpi-infra: role + component: cloud-controller-manager +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - "*" + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - get + - list + - watch + - update +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: vsphere-cloud-controller-manager + labels: + component: cloud-controller-manager + tier: control-plane + namespace: kube-system +spec: + selector: + matchLabels: + name: vsphere-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + name: vsphere-cloud-controller-manager + component: cloud-controller-manager + tier: control-plane + spec: + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + operator: Exists + - key: node.kubernetes.io/not-ready + effect: NoSchedule + operator: Exists + securityContext: + runAsUser: 1001 + serviceAccountName: cloud-controller-manager + priorityClassName: system-node-critical + containers: + - name: vsphere-cloud-controller-manager + image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.26.0 + args: + - --cloud-provider=vsphere + - --v=2 + - --cloud-config=/etc/cloud/vsphere.conf + volumeMounts: + - mountPath: /etc/cloud + name: vsphere-config-volume + readOnly: true + resources: + requests: + cpu: 200m + hostNetwork: true + volumes: + - name: vsphere-config-volume + configMap: + name: vsphere-cloud-config + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists