diff --git a/charts/openstack-cloud-controller-manager/Chart.yaml b/charts/openstack-cloud-controller-manager/Chart.yaml index 3f083bf687..95ed5a8e4c 100644 --- a/charts/openstack-cloud-controller-manager/Chart.yaml +++ b/charts/openstack-cloud-controller-manager/Chart.yaml @@ -4,7 +4,7 @@ description: Openstack Cloud Controller Manager Helm Chart icon: https://object-storage-ca-ymq-1.vexxhost.net/swift/v1/6e4619c416ff4bd19e1c087f27a43eea/www-images-prod/openstack-logo/OpenStack-Logo-Vertical.png home: https://github.com/kubernetes/cloud-provider-openstack name: openstack-cloud-controller-manager -version: 2.35.0 +version: 2.35.1 maintainers: - name: eumel8 email: f.kloeker@telekom.de diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrole-node-controller.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrole-node-controller.yaml new file mode 100644 index 0000000000..99824681d7 --- /dev/null +++ b/charts/openstack-cloud-controller-manager/templates/clusterrole-node-controller.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-node-controller + labels: {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-node-controller.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-node-controller.yaml new file mode 100644 index 0000000000..c65a5e3c9a --- /dev/null +++ b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-node-controller.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-node-controller + labels: {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-node-controller +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccountName }} + namespace: {{ .Release.Namespace | quote }} diff --git a/charts/openstack-cloud-controller-manager/templates/daemonset.yaml b/charts/openstack-cloud-controller-manager/templates/daemonset.yaml index 40f98ea3f8..27e9946184 100644 --- a/charts/openstack-cloud-controller-manager/templates/daemonset.yaml +++ b/charts/openstack-cloud-controller-manager/templates/daemonset.yaml @@ -26,8 +26,8 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.podSecurityContext }} diff --git a/charts/openstack-cloud-controller-manager/values.yaml b/charts/openstack-cloud-controller-manager/values.yaml index d813226992..17cbfc1488 100644 --- a/charts/openstack-cloud-controller-manager/values.yaml +++ b/charts/openstack-cloud-controller-manager/values.yaml @@ -48,16 +48,27 @@ readinessProbe: {} dnsPolicy: ClusterFirst -# Set nodeSelector where the controller should run, i.e. controlplane nodes -nodeSelector: - node-role.kubernetes.io/control-plane: "" +# Set affinity rules for where the controller should run, i.e. controlplane nodes +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists # Set tolerations for nodes where the controller should run, i.e. node # should be uninitialized, controlplane... tolerations: + - key: "CriticalAddonsOnly" + operator: "Equal" + value: "true" + effect: NoExecute - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule - key: node-role.kubernetes.io/control-plane effect: NoSchedule