Xelon-AG · pavel-github · May 23, 2024 · May 23, 2024
diff --git a/releases/dev/xelon-ccm.yml b/releases/dev/xelon-ccm.yml
@@ -1,4 +1,79 @@
 ---
+# Source: xelon-cloud-controller-manager/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: xelon-cloud-controller-manager
+  namespace: kube-system
+---
+# Source: xelon-cloud-controller-manager/templates/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: xelon-ccm-credentials
+  namespace: kube-system
+type: Opaque
+stringData:
+  baseUrl: "INSERT_XELON_BASE_URL_HERE"
+  clientId: "INSERT_XELON_CLIENT_ID_HERE"
+  cloudId: "INSERT_XELON_CLOUD_ID_HERE"
+  kubernetesClusterId: "INSERT_XELON_KUBERNETES_CLUSTER_ID_HERE"
+  token: "INSERT_XELON_TOKEN_HERE"
+---
+# Source: xelon-cloud-controller-manager/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:xelon-cloud-controller-manager
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["create", "get", "list", "update", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["nodes/status"]
+    verbs: ["patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["list", "patch", "update", "watch"]
+  - apiGroups: [""]
+    resources: ["services/status"]
+    verbs: ["list", "patch", "update", "watch"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "update", "watch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["create", "get", "list", "update", "watch"]
+---
+# Source: xelon-cloud-controller-manager/templates/rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:xelon-cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:xelon-cloud-controller-manager
+subjects:
+  - kind: ServiceAccount
+    name: xelon-cloud-controller-manager
+    namespace: kube-system
+---
+# Source: xelon-cloud-controller-manager/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -14,135 +89,59 @@ spec:
     metadata:
       labels:
         app: xelon-cloud-controller-manager
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
       dnsPolicy: Default
       hostNetwork: true
-      serviceAccountName: cloud-controller-manager
+      priorityClassName: ""
+      serviceAccountName: xelon-cloud-controller-manager
       tolerations:
-        # this taint is set by all kubelets running `--cloud-provider=external`
-        # so we should tolerate it to schedule the xelon ccm
-        - key: "node.cloudprovider.kubernetes.io/uninitialized"
-          value: "true"
-          effect: "NoSchedule"
         - key: "CriticalAddonsOnly"
           operator: "Exists"
-        # cloud controller manages should be able to run on masters
+        - key: "node.cloudprovider.kubernetes.io/uninitialized"
+          value: "true"
+          effect: NoSchedule
         - key: "node-role.kubernetes.io/master"
           effect: NoSchedule
+        - key: "node.kubernetes.io/not-ready"
+          operator: Exists
+          effect: NoSchedule
+        - key: "node.kubernetes.io/unreachable"
+          operator: Exists
+          effect: NoSchedule
       containers:
-        - image: xelonag/xelon-cloud-controller-manager:dev
-          name: xelon-cloud-controller-manager
+        - name: xelon-cloud-controller-manager
+          image: xelonag/xelon-cloud-controller-manager:dev
+          imagePullPolicy: Always
           args:
-            - --v=2
-          command:
-            - "/bin/xelon-cloud-controller-manager"
             - "--leader-elect=false"
-          imagePullPolicy: "Always"
+            - "--v=2"
+          env:
+            - name: XELON_BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: xelon-ccm-credentials
+                  key: baseUrl
+            - name: XELON_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: xelon-ccm-credentials
+                  key: clientId
+            - name: XELON_CLOUD_ID
+              valueFrom:
+                secretKeyRef:
+                  name: xelon-ccm-credentials
+                  key: cloudId
+            - name: XELON_KUBERNETES_CLUSTER_ID
+              valueFrom:
+                secretKeyRef:
+                  name: xelon-ccm-credentials
+                  key: kubernetesClusterId
+            - name: XELON_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: xelon-ccm-credentials
+                  key: token
           resources:
             requests:
               cpu: 100m
               memory: 50Mi
-          env:
-            - name: XELON_TOKEN
-              value: "INSERT_TOKEN_HERE"
-            - name: XELON_API_URL
-              value: "INSERT_API_URL_HERE"
-            - name: XELON_CLIENT_ID
-              value: "INSERT_CLIENT_ID_HERE"
-            - name: XELON_CLOUD_ID
-              value: "INSERT_CLOUD_ID_HERE"
-            - name: XELON_CLUSTER_ID
-              value: "INSERT_CLUSTER_ID_HERE"
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloud-controller-manager
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  name: system:cloud-controller-manager
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
-      - update
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-    resources:
-      - nodes/status
-    verbs:
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - services
-    verbs:
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - services/status
-    verbs:
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - serviceaccounts
-    verbs:
-      - create
-  - apiGroups:
-      - ""
-    resources:
-      - persistentvolumes
-    verbs:
-      - get
-      - list
-      - update
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - endpoints
-    verbs:
-      - create
-      - get
-      - list
-      - watch
-      - update
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:cloud-controller-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:cloud-controller-manager
-subjects:
-  - kind: ServiceAccount
-    name: cloud-controller-manager
-    namespace: kube-system