From 14b4518fdaf993ed0e087c9b11d1e076f4d732af Mon Sep 17 00:00:00 2001 From: Ulrich GIRAUD Date: Fri, 18 Feb 2022 14:56:10 +0100 Subject: [PATCH 1/4] fix(clusterrole): check if clusterAPIMode is kubeconfig-incluster for machindeployment resources --- charts/cluster-autoscaler/templates/clusterrole.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-autoscaler/templates/clusterrole.yaml b/charts/cluster-autoscaler/templates/clusterrole.yaml index d9153eeca417..e3d36557ffd4 100644 --- a/charts/cluster-autoscaler/templates/clusterrole.yaml +++ b/charts/cluster-autoscaler/templates/clusterrole.yaml @@ -146,7 +146,7 @@ rules: verbs: - use {{- end -}} -{{- if and ( and ( eq .Values.cloudProvider "clusterapi" ) ( .Values.rbac.clusterScoped ) ( or ( eq .Values.clusterAPIMode "incluster-incluster" ) ( eq .Values.clusterAPIMode "incluster-kubeconfig" ) ))}} +{{- if and ( and ( eq .Values.cloudProvider "clusterapi" ) ( .Values.rbac.clusterScoped ) ( or ( eq .Values.clusterAPIMode "incluster-incluster" ) ( eq .Values.clusterAPIMode "kubeconfig-incluster" ) ))}} - apiGroups: - cluster.x-k8s.io resources: From f2fbbc71362efadcc494758f0dde5e98ee2a3ba5 Mon Sep 17 00:00:00 2001 From: Ulrich GIRAUD Date: Fri, 18 Feb 2022 14:57:16 +0100 Subject: [PATCH 2/4] fix(deployment): add volumes and volumeMounts when .Values.clusterAPIKubeconfigSecret is defined --- charts/cluster-autoscaler/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/cluster-autoscaler/templates/deployment.yaml b/charts/cluster-autoscaler/templates/deployment.yaml index b6980da89bb1..10fe19deaae9 100644 --- a/charts/cluster-autoscaler/templates/deployment.yaml +++ b/charts/cluster-autoscaler/templates/deployment.yaml @@ -201,7 +201,7 @@ spec: securityContext: {{ toYaml .Values.containerSecurityContext | nindent 12 | trim }} {{- end }} - {{- if or (eq .Values.cloudProvider "magnum") .Values.extraVolumeSecrets .Values.extraVolumeMounts }} + {{- if or (eq .Values.cloudProvider "magnum") .Values.extraVolumeSecrets .Values.extraVolumeMounts .Values.clusterAPIKubeconfigSecret }} volumeMounts: {{- if eq .Values.cloudProvider "magnum" }} - name: cloudconfig @@ -245,7 +245,7 @@ spec: securityContext: {{ toYaml .Values.securityContext | nindent 8 | trim }} {{- end }} - {{- if or (eq .Values.cloudProvider "magnum") .Values.extraVolumeSecrets .Values.extraVolumes }} + {{- if or (eq .Values.cloudProvider "magnum") .Values.extraVolumeSecrets .Values.extraVolumes .Values.clusterAPIKubeconfigSecret }} volumes: {{- if eq .Values.cloudProvider "magnum" }} - name: cloudconfig From 654c590cd98511351a00414f18ab9724e04a0149 Mon Sep 17 00:00:00 2001 From: Ulrich GIRAUD Date: Fri, 18 Feb 2022 15:07:37 +0100 Subject: [PATCH 3/4] feat(clusterapi): allow namespace definition for kubeconfig-incluster mode --- charts/cluster-autoscaler/templates/deployment.yaml | 4 ++++ charts/cluster-autoscaler/values.yaml | 3 +++ 2 files changed, 7 insertions(+) diff --git a/charts/cluster-autoscaler/templates/deployment.yaml b/charts/cluster-autoscaler/templates/deployment.yaml index 10fe19deaae9..043b98bda83e 100644 --- a/charts/cluster-autoscaler/templates/deployment.yaml +++ b/charts/cluster-autoscaler/templates/deployment.yaml @@ -46,7 +46,11 @@ spec: command: - ./cluster-autoscaler - --cloud-provider={{ .Values.cloudProvider }} + {{- if and (eq .Values.cloudProvider "clusterapi") (eq .Values.clusterAPIMode "kubeconfig-incluster") }} + - --namespace={{ .Values.clusterAPIConfigMapsNamespace | default "kube-system" }} + {{- else }} - --namespace={{ .Release.Namespace }} + {{- end }} {{- if .Values.autoscalingGroups }} {{- range .Values.autoscalingGroups }} - --nodes={{ .minSize }}:{{ .maxSize }}:{{ .name }} diff --git a/charts/cluster-autoscaler/values.yaml b/charts/cluster-autoscaler/values.yaml index bc82e01220be..a701456cc6a9 100644 --- a/charts/cluster-autoscaler/values.yaml +++ b/charts/cluster-autoscaler/values.yaml @@ -120,6 +120,9 @@ clusterAPIWorkloadKubeconfigPath: /etc/kubernetes/value # clusterAPICloudConfigPath -- Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig` clusterAPICloudConfigPath: /etc/kubernetes/mgmt-kubeconfig +# clusterAPIConfigMapsNamespace -- Namespace on the workload cluster to store Leader election and status configmaps +clusterAPIConfigMapsNamespace: "" + # cloudConfigPath -- Configuration file for cloud provider. cloudConfigPath: /etc/gce.conf From 81667107da20ad52a03204d8cb3566cb970d53be Mon Sep 17 00:00:00 2001 From: Ulrich GIRAUD Date: Fri, 18 Feb 2022 15:32:54 +0100 Subject: [PATCH 4/4] chore: bump chart version and update README --- charts/cluster-autoscaler/Chart.yaml | 2 +- charts/cluster-autoscaler/README.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/cluster-autoscaler/Chart.yaml b/charts/cluster-autoscaler/Chart.yaml index 5b330ea439c8..ace99b32dd98 100644 --- a/charts/cluster-autoscaler/Chart.yaml +++ b/charts/cluster-autoscaler/Chart.yaml @@ -17,4 +17,4 @@ name: cluster-autoscaler sources: - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler type: application -version: 9.15.0 +version: 9.16.0 diff --git a/charts/cluster-autoscaler/README.md b/charts/cluster-autoscaler/README.md index a55d3efd0f87..5ac0858892ab 100644 --- a/charts/cluster-autoscaler/README.md +++ b/charts/cluster-autoscaler/README.md @@ -371,6 +371,7 @@ Though enough for the majority of installations, the default PodSecurityPolicy _ | cloudConfigPath | string | `"/etc/gce.conf"` | Configuration file for cloud provider. | | cloudProvider | string | `"aws"` | The cloud provider where the autoscaler runs. Currently only `gce`, `aws`, `azure`, `magnum` and `clusterapi` are supported. `aws` supported for AWS. `gce` for GCE. `azure` for Azure AKS. `magnum` for OpenStack Magnum, `clusterapi` for Cluster API. | | clusterAPICloudConfigPath | string | `"/etc/kubernetes/mgmt-kubeconfig"` | Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig` | +| clusterAPIConfigMapsNamespace | string | `""` | Namespace on the workload cluster to store Leader election and status configmaps | | clusterAPIKubeconfigSecret | string | `""` | Secret containing kubeconfig for connecting to Cluster API managed workloadcluster Required if `cloudProvider=clusterapi` and `clusterAPIMode=kubeconfig-kubeconfig,kubeconfig-incluster or incluster-kubeconfig` | | clusterAPIMode | string | `"incluster-incluster"` | Cluster API mode, see https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#connecting-cluster-autoscaler-to-cluster-api-management-and-workload-clusters Syntax: workloadClusterMode-ManagementClusterMode for `kubeconfig-kubeconfig`, `incluster-kubeconfig` and `single-kubeconfig` you always must mount the external kubeconfig using either `extraVolumeSecrets` or `extraMounts` and `extraVolumes` if you dont set `clusterAPIKubeconfigSecret`and thus use an in-cluster config or want to use a non capi generated kubeconfig you must do so for the workload kubeconfig as well | | clusterAPIWorkloadKubeconfigPath | string | `"/etc/kubernetes/value"` | Path to kubeconfig for connecting to Cluster API managed workloadcluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or kubeconfig-incluster` |