Update external huawei cloud controller to 0.26.8 (#11172)

* Update external huawei cloud controller to 0.26.8 * Update huawei cloud controller templates * Add security-group-id to config * git fail
6 months ago · 0b0faf8f72
6 changed files with 99 additions and 99 deletions
--- a/inventory/sample/group_vars/all/huaweicloud.yml
+++ b/inventory/sample/group_vars/all/huaweicloud.yml
@ -14,4 +14,4 @@

 ## The repo and tag of the external Huawei Cloud Controller image
 # external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
-# external_huawei_cloud_controller_image_tag: "v0.26.6"
+# external_huawei_cloud_controller_image_tag: "v0.26.8"
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/defaults/main.yml
@ -16,4 +16,4 @@ external_huaweicloud_cloud: "{{ lookup('env','OS_CLOUD') }}"
 ##    arg2: "value2"
 external_huawei_cloud_controller_extra_args: {}
 external_huawei_cloud_controller_image_repo: "swr.ap-southeast-1.myhuaweicloud.com"
-external_huawei_cloud_controller_image_tag: "v0.26.6"
+external_huawei_cloud_controller_image_tag: "v0.26.8"
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-config.j2
@ -21,3 +21,6 @@ subnet-id={{ external_huaweicloud_lbaas_subnet_id }}
 {% if external_huaweicloud_lbaas_network_id is defined %}
 id={{ external_huaweicloud_lbaas_network_id }}
 {% endif %}
+{% if external_huaweicloud_security_group_id is defined %}
+security-group-id={{ external_huaweicloud_security_group_id }}
+{% endif %}
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-ds.yml.j2
@ -47,6 +47,11 @@ spec:
            - --cloud-config=$(CLOUD_CONFIG)
            - --cloud-provider=huaweicloud
            - --use-service-account-credentials=true
+            - --node-status-update-frequency=5s
+            - --node-monitor-period=5s
+            - --leader-elect-lease-duration=30s
+            - --leader-elect-renew-deadline=20s
+            - --leader-elect-retry-period=2s
 {% for key, value in external_huawei_cloud_controller_extra_args.items() %}
            - "{{ '--' + key + '=' + value }}"
 {% endfor %}
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-role-bindings.yml.j2
@ -1,16 +1,12 @@
-apiVersion: v1
-items:
- apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRoleBinding
-  metadata:
-    name: system:cloud-controller-manager
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: system:cloud-controller-manager
-  subjects:
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
  - kind: ServiceAccount
    name: cloud-controller-manager
-    namespace: kube-system
-kind: List
-metadata: {}
+    namespace: kube-system
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/templates/external-huawei-cloud-controller-manager-roles.yml.j2
@ -1,117 +1,113 @@
-apiVersion: v1
-items:
- apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRole
-  metadata:
-    name: system:cloud-controller-manager
-  rules:
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:cloud-controller-manager
+rules:
  - resources:
-    - tokenreviews
+      - tokenreviews
    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - patch
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
    apiGroups:
-    - authentication.k8s.io
+      - authentication.k8s.io
  - resources:
-    - configmaps
-    - endpoints
-    - pods
-    - services
-    - secrets
-    - serviceaccounts
-    - serviceaccounts/token
+      - configmaps
+      - endpoints
+      - pods
+      - services
+      - secrets
+      - serviceaccounts
+      - serviceaccounts/token
    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - patch
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
    apiGroups:
-    - ''
+      - ''
  - resources:
-    - nodes
+      - nodes
    verbs:
-    - get
-    - list
-    - watch
-    - delete
-    - patch
-    - update
+      - get
+      - list
+      - watch
+      - delete
+      - patch
+      - update
    apiGroups:
-    - ''
+      - ''
  - resources:
-    - services/status
-    - pods/status
+      - services/status
+      - pods/status
    verbs:
-    - update
-    - patch
+      - update
+      - patch
    apiGroups:
-    - ''
+      - ''
  - resources:
-    - nodes/status
+      - nodes/status
    verbs:
-    - patch
-    - update
+      - patch
+      - update
    apiGroups:
-    - ''
+      - ''
  - resources:
-    - events
-    - endpoints
+      - events
+      - endpoints
    verbs:
-    - create
-    - patch
-    - update
+      - create
+      - patch
+      - update
    apiGroups:
-    - ''
+      - ''
  - resources:
-    - leases
+      - leases
    verbs:
-    - get
-    - update
-    - create
-    - delete
+      - get
+      - update
+      - create
+      - delete
    apiGroups:
-    - coordination.k8s.io
+      - coordination.k8s.io
  - resources:
-    - customresourcedefinitions
+      - customresourcedefinitions
    verbs:
-    - get
-    - update
-    - create
-    - delete
+      - get
+      - update
+      - create
+      - delete
    apiGroups:
      - apiextensions.k8s.io
  - resources:
-    - ingresses
+      - ingresses
    verbs:
-    - get
-    - list
-    - watch
-    - update
-    - create
-    - patch
-    - delete
+      - get
+      - list
+      - watch
+      - update
+      - create
+      - patch
+      - delete
    apiGroups:
-    - networking.k8s.io
+      - networking.k8s.io
  - resources:
-    - ingresses/status
+      - ingresses/status
    verbs:
-    - update
-    - patch
+      - update
+      - patch
    apiGroups:
-    - networking.k8s.io
+      - networking.k8s.io
  - resources:
-    - endpointslices
+      - endpointslices
    verbs:
-    - get
-    - list
-    - watch
+      - get
+      - list
+      - watch
    apiGroups:
-    - discovery.k8s.io
-kind: List
-metadata: {}
+      - discovery.k8s.io