Upgrade proxmox-CCM to 0.5.1 and proxmox-csi-plugin to 0.8.2

aenix-io · Nov 22, 2024 · 7258c56 · 7258c56
1 parent f76bc8d
commit 7258c56
Show file tree

Hide file tree

Showing 21 changed files with 456 additions and 97 deletions.
diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml
@@ -1,24 +1,24 @@
 apiVersion: v2
 name: proxmox-cloud-controller-manager
-description: A Helm chart for Kubernetes
+description: Cloud Controller Manager plugin for Proxmox
 type: application
 home: https://github.com/sergelogvinov/proxmox-cloud-controller-manager
-icon: https://proxmox.com/templates/yoo_nano2/favicon.ico
+icon: https://raw.githubusercontent.com/sergelogvinov/proxmox-cloud-controller-manager/main/charts/proxmox-cloud-controller-manager/icon.png
 sources:
-- https://github.com/sergelogvinov/proxmox-cloud-controller-manager
+  - https://github.com/sergelogvinov/proxmox-cloud-controller-manager
 keywords:
-- ccm
+  - ccm
+  - proxmox
+  - kubernetes
 maintainers:
-- name: sergelogvinov
-  url: https://github.com/sergelogvinov
-
+  - name: sergelogvinov
+    url: https://github.com/sergelogvinov
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.6
-
+version: 0.2.8
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: v0.2.0
+appVersion: v0.5.1
diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md
@@ -1,8 +1,14 @@
 # proxmox-cloud-controller-manager
 
-![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
+![Version: 0.2.8](https://img.shields.io/badge/Version-0.2.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.5.1](https://img.shields.io/badge/AppVersion-v0.5.1-informational?style=flat-square)
 
-A Helm chart for Kubernetes
+Cloud Controller Manager plugin for Proxmox
+
+The Cloud Controller Manager (CCM) is responsible for managing node resources in cloud-based Kubernetes environments.
+
+Key functions of the Cloud Controller Manager:
+- `Node Management`: It manages nodes by initializing new nodes when they join the cluster (e.g., during scaling up) and removing nodes when they are no longer needed (e.g., during scaling down).
+- `Cloud-Specific Operations`: The CCM ensures that the cloud provider's API is integrated into the Kubernetes cluster to control and automate tasks like load balancing, storage provisioning, and node lifecycle management.
 
 **Homepage:** <https://github.com/sergelogvinov/proxmox-cloud-controller-manager>
 
@@ -16,7 +22,22 @@ A Helm chart for Kubernetes
 
 * <https://github.com/sergelogvinov/proxmox-cloud-controller-manager>
 
-Example:
+## Requirements
+
+You need to set `--cloud-provider=external` in the kubelet argument for all nodes in the cluster.
+
+## Proxmox permissions
+
+```shell
+# Create role CCM
+pveum role add CCM -privs "VM.Audit"
+# Create user and grant permissions
+pveum user add kubernetes@pve
+pveum aclmod / -user kubernetes@pve -role CCM
+pveum user token add kubernetes@pve ccm -privsep 0
+```
+
+## Helm values example
 
 ```yaml
 # proxmox-ccm.yaml
@@ -35,8 +56,13 @@ enabledControllers:
   - cloud-node-lifecycle
 
 # Deploy CCM only on control-plane nodes
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
 tolerations:
   - key: node-role.kubernetes.io/control-plane
     effect: NoSchedule
@@ -46,7 +72,7 @@ Deploy chart:
 
 ```shell
 helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
-		proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager
+    proxmox-cloud-controller-manager oci://ghcr.io/sergelogvinov/charts/proxmox-cloud-controller-manager
 ```
 
 ## Values
@@ -68,14 +94,16 @@ helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
 | config | object | `{"clusters":[]}` | Proxmox cluster config. |
 | serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
 | priorityClassName | string | `"system-cluster-critical"` | CCM pods' priorityClassName. |
+| initContainers | list | `[]` | Add additional init containers to the CCM pods. ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ |
+| hostAliases | list | `[]` | hostAliases Deployment pod host aliases ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ |
 | podAnnotations | object | `{}` | Annotations for data pods. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | podSecurityContext | object | `{"fsGroup":10258,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":10258,"runAsNonRoot":true,"runAsUser":10258}` | Pods Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}}` | Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
+| useDaemonSet | bool | `false` | Deploy CCM  in Daemonset mode. CCM will use hostNetwork. It allows to use CCM without CNI plugins. |
+| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update strategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
 | nodeSelector | object | `{}` | Node labels for data pods assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
 | affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
+| extraVolumes | list | `[]` | Additional volumes for Pods |
+| extraVolumeMounts | list | `[]` | Additional volume mounts for Pods |
diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl
@@ -6,6 +6,12 @@
 
 {{ template "chart.description" . }}
 
+The Cloud Controller Manager (CCM) is responsible for managing node resources in cloud-based Kubernetes environments.
+
+Key functions of the Cloud Controller Manager:
+- `Node Management`: It manages nodes by initializing new nodes when they join the cluster (e.g., during scaling up) and removing nodes when they are no longer needed (e.g., during scaling down).
+- `Cloud-Specific Operations`: The CCM ensures that the cloud provider's API is integrated into the Kubernetes cluster to control and automate tasks like load balancing, storage provisioning, and node lifecycle management.
+
 {{ template "chart.homepageLine" . }}
 
 {{ template "chart.maintainersSection" . }}
@@ -14,7 +20,22 @@
 
 {{ template "chart.requirementsSection" . }}
 
-Example:
+## Requirements
+
+You need to set `--cloud-provider=external` in the kubelet argument for all nodes in the cluster.
+
+## Proxmox permissions
+
+```shell
+# Create role CCM
+pveum role add CCM -privs "VM.Audit"
+# Create user and grant permissions
+pveum user add kubernetes@pve
+pveum aclmod / -user kubernetes@pve -role CCM
+pveum user token add kubernetes@pve ccm -privsep 0
+```
+
+## Helm values example
 
 ```yaml
 # proxmox-ccm.yaml
@@ -33,8 +54,13 @@ enabledControllers:
   - cloud-node-lifecycle
 
 # Deploy CCM only on control-plane nodes
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
 tolerations:
   - key: node-role.kubernetes.io/control-plane
     effect: NoSchedule
@@ -44,9 +70,7 @@ Deploy chart:
 
 ```shell
 helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
-		proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager
+    proxmox-cloud-controller-manager oci://ghcr.io/sergelogvinov/charts/proxmox-cloud-controller-manager
 ```
 
 {{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}
diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml
@@ -1,11 +1,15 @@
-
 image:
   repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager
   pullPolicy: Always
   tag: edge
 
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
 
 logVerbosityLevel: 4
 

diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/icon.png b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/icon.png
diff --git a/...ages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml b/...ages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml
@@ -1,14 +1,23 @@
 apiVersion: apps/v1
+{{- if .Values.useDaemonSet }}
+kind: DaemonSet
+{{- else }}
 kind: Deployment
+{{- end }}
 metadata:
   name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
   labels:
     {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
 spec:
+  {{- if not .Values.useDaemonSet }}
   replicas: {{ .Values.replicaCount }}
   strategy:
     type: {{ .Values.updateStrategy.type }}
+  {{- else }}
+  updateStrategy:
+    type: {{ .Values.updateStrategy.type }}
+  {{- end }}
   selector:
     matchLabels:
       {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 6 }}
@@ -35,6 +44,15 @@ spec:
       serviceAccountName: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if .Values.useDaemonSet }}
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      {{- end }}
+      {{- with .Values.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      initContainers: {{- toYaml .Values.initContainers | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -49,13 +67,18 @@ spec:
             - --leader-elect-resource-name=cloud-controller-manager-proxmox
             - --use-service-account-credentials
             - --secure-port=10258
+            - --authorization-always-allow-paths=/healthz,/livez,/readyz,/metrics
           {{- with .Values.extraArgs }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          ports:
+            - name: metrics
+              containerPort: 10258
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /healthz
-              port: 10258
+              port: metrics
               scheme: HTTPS
             initialDelaySeconds: 20
             periodSeconds: 30
@@ -66,25 +89,44 @@ spec:
             - name: cloud-config
               mountPath: /etc/proxmox
               readOnly: true
+            {{- with .Values.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.affinity }}
       affinity:
+      {{- with .Values.affinity }}
         {{- toYaml . | nindent 8 }}
+      {{- else }}
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 20 }}
+                topologyKey: topology.kubernetes.io/zone
+              weight: 1
       {{- end }}
-      {{- with .Values.tolerations }}
       tolerations:
+      {{- with .Values.tolerations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.useDaemonSet }}
+        - effect: NoSchedule
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+      {{- end }}
+      {{- if not .Values.useDaemonSet }}
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: kubernetes.io/hostname
           whenUnsatisfiable: DoNotSchedule
           labelSelector:
             matchLabels:
               {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 14 }}
+      {{- end }}
       volumes:
         {{- if .Values.existingConfigSecret }}
         - name: cloud-config
@@ -100,3 +142,6 @@ spec:
             secretName: {{ include "proxmox-cloud-controller-manager.fullname" . }}
             defaultMode: 416
         {{- end }}
+        {{- with .Values.extraVolumes }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml
@@ -1,10 +1,14 @@
-
 image:
   pullPolicy: Always
   tag: edge
 
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
 
 logVerbosityLevel: 4
 

diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml
@@ -1,6 +1,10 @@
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
 
 logVerbosityLevel: 4