diff --git a/inventory/sample/group_vars/all/huaweicloud.yml b/inventory/sample/group_vars/all/huaweicloud.yml index b85e7c2ac..c5879d7f9 100644 --- a/inventory/sample/group_vars/all/huaweicloud.yml +++ b/inventory/sample/group_vars/all/huaweicloud.yml @@ -14,4 +14,4 @@ ## The repo and tag of the external Huawei Cloud Controller image # external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com" -# external_huawei_cloud_controller_image_tag: "v0.26.6" +# external_huawei_cloud_controller_image_tag: "v0.26.8" diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml index f81bf1e2e..9cd42ed68 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml @@ -16,4 +16,4 @@ external_huaweicloud_cloud: "{{ lookup('env','OS_CLOUD') }}" ## arg2: "value2" external_huawei_cloud_controller_extra_args: {} external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com" -external_huawei_cloud_controller_image_tag: "v0.26.6" +external_huawei_cloud_controller_image_tag: "v0.26.8" diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 index 07f1771d6..875ea9b89 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2 @@ -21,3 +21,6 @@ subnet-id={{ external_huaweicloud_lbaas_subnet_id }} {% if external_huaweicloud_lbaas_network_id is defined %} id={{ external_huaweicloud_lbaas_network_id }} {% endif %} +{% if external_huaweicloud_security_group_id is defined %} +security-group-id={{ external_huaweicloud_security_group_id }} +{% endif %} diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 index b9b2ec354..29f99b205 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2 @@ -47,6 +47,11 @@ spec: - --cloud-config=$(CLOUD_CONFIG) - --cloud-provider=huaweicloud - --use-service-account-credentials=true + - --node-status-update-frequency=5s + - --node-monitor-period=5s + - --leader-elect-lease-duration=30s + - --leader-elect-renew-deadline=20s + - --leader-elect-retry-period=2s {% for key, value in external_huawei_cloud_controller_extra_args.items() %} - "{{ '--' + key + '=' + value }}" {% endfor %} diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 index bbdf3364a..3c893f3fa 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2 @@ -1,16 +1,12 @@ -apiVersion: v1 -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: system:cloud-controller-manager - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager - subjects: +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: - kind: ServiceAccount name: cloud-controller-manager - namespace: kube-system -kind: List -metadata: {} + namespace: kube-system \ No newline at end of file diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 index 2e2d8b64e..d2710e960 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2 @@ -1,117 +1,113 @@ -apiVersion: v1 -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: system:cloud-controller-manager - rules: +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager +rules: - resources: - - tokenreviews + - tokenreviews verbs: - - get - - list - - watch - - create - - update - - patch + - get + - list + - watch + - create + - update + - patch apiGroups: - - authentication.k8s.io + - authentication.k8s.io - resources: - - configmaps - - endpoints - - pods - - services - - secrets - - serviceaccounts - - serviceaccounts/token + - configmaps + - endpoints + - pods + - services + - secrets + - serviceaccounts + - serviceaccounts/token verbs: - - get - - list - - watch - - create - - update - - patch + - get + - list + - watch + - create + - update + - patch apiGroups: - - '' + - '' - resources: - - nodes + - nodes verbs: - - get - - list - - watch - - delete - - patch - - update + - get + - list + - watch + - delete + - patch + - update apiGroups: - - '' + - '' - resources: - - services/status - - pods/status + - services/status + - pods/status verbs: - - update - - patch + - update + - patch apiGroups: - - '' + - '' - resources: - - nodes/status + - nodes/status verbs: - - patch - - update + - patch + - update apiGroups: - - '' + - '' - resources: - - events - - endpoints + - events + - endpoints verbs: - - create - - patch - - update + - create + - patch + - update apiGroups: - - '' + - '' - resources: - - leases + - leases verbs: - - get - - update - - create - - delete + - get + - update + - create + - delete apiGroups: - - coordination.k8s.io + - coordination.k8s.io - resources: - - customresourcedefinitions + - customresourcedefinitions verbs: - - get - - update - - create - - delete + - get + - update + - create + - delete apiGroups: - apiextensions.k8s.io - resources: - - ingresses + - ingresses verbs: - - get - - list - - watch - - update - - create - - patch - - delete + - get + - list + - watch + - update + - create + - patch + - delete apiGroups: - - networking.k8s.io + - networking.k8s.io - resources: - - ingresses/status + - ingresses/status verbs: - - update - - patch + - update + - patch apiGroups: - - networking.k8s.io + - networking.k8s.io - resources: - - endpointslices + - endpointslices verbs: - - get - - list - - watch + - get + - list + - watch apiGroups: - - discovery.k8s.io -kind: List -metadata: {} + - discovery.k8s.io \ No newline at end of file