Skip to content

Commit 2ed2381

Browse files
LogicalSharkLogicalShark
committed
Add GCP CCM quickstart for kops and local
Signed-off-by: LogicalShark <maralder@google.com>
1 parent fa9f875 commit 2ed2381

File tree

8 files changed

+721
-1
lines changed

8 files changed

+721
-1
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,4 @@ _rundir/
99
_tmp/
1010
/bin/
1111
__pycache__/
12+
/clusters/

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@
1111
This repository implements the [cloud provider](https://github.com/kubernetes/cloud-provider) interface for [Google Cloud Platform (GCP)](https://cloud.google.com/).
1212
It provides components for Kubernetes clusters running on GCP and is maintained primarily by the Kubernetes team at Google.
1313

14-
To see all available commands in this repository, run `make help`.
14+
To get started with the GCP CCM, see the **[kOps Quickstart](docs/kops-quickstart.md)** (automated setup) or the **[Manual CCM Setup Guide](docs/ccm-manual.md)**.
15+
16+
For local development, use `make help` to see all available commands.
1517

1618
## Components
1719

clusters/kops.k8s.local/cloud-provider-gcp.yaml

Lines changed: 358 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,358 @@
1+
---
2+
apiVersion: apps/v1
3+
kind: DaemonSet
4+
metadata:
5+
name: cloud-controller-manager
6+
namespace: kube-system
7+
labels:
8+
component: cloud-controller-manager
9+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
10+
spec:
11+
selector:
12+
matchLabels:
13+
component: cloud-controller-manager
14+
updateStrategy:
15+
type: RollingUpdate
16+
template:
17+
metadata:
18+
labels:
19+
tier: control-plane
20+
component: cloud-controller-manager
21+
spec:
22+
nodeSelector: null
23+
affinity:
24+
nodeAffinity:
25+
requiredDuringSchedulingIgnoredDuringExecution:
26+
nodeSelectorTerms:
27+
- matchExpressions:
28+
- key: node-role.kubernetes.io/control-plane
29+
operator: Exists
30+
- matchExpressions:
31+
- key: node-role.kubernetes.io/master
32+
operator: Exists
33+
tolerations:
34+
- key: node.cloudprovider.kubernetes.io/uninitialized
35+
value: "true"
36+
effect: NoSchedule
37+
- key: node.kubernetes.io/not-ready
38+
effect: NoSchedule
39+
- key: node-role.kubernetes.io/master
40+
effect: NoSchedule
41+
- key: node-role.kubernetes.io/control-plane
42+
effect: NoSchedule
43+
serviceAccountName: cloud-controller-manager
44+
containers:
45+
- name: cloud-controller-manager
46+
image: gcr.io/maralder-k8s-dev/cloud-controller-manager:a2d4f8479
47+
imagePullPolicy: IfNotPresent
48+
# ko puts it somewhere else... command: ['/usr/local/bin/cloud-controller-manager']
49+
args: [] # args must be replaced by tooling
50+
env:
51+
- name: KUBERNETES_SERVICE_HOST
52+
value: "127.0.0.1"
53+
livenessProbe:
54+
failureThreshold: 3
55+
httpGet:
56+
host: 127.0.0.1
57+
path: /healthz
58+
port: 10258
59+
scheme: HTTPS
60+
initialDelaySeconds: 15
61+
periodSeconds: 10
62+
successThreshold: 1
63+
timeoutSeconds: 15
64+
resources:
65+
requests:
66+
cpu: "200m"
67+
volumeMounts:
68+
- mountPath: /etc/kubernetes/cloud.config
69+
name: cloudconfig
70+
readOnly: true
71+
hostNetwork: true
72+
priorityClassName: system-cluster-critical
73+
volumes:
74+
- hostPath:
75+
path: /etc/kubernetes/cloud.config
76+
type: ""
77+
name: cloudconfig
78+
---
79+
apiVersion: v1
80+
kind: ServiceAccount
81+
metadata:
82+
name: cloud-controller-manager
83+
namespace: kube-system
84+
labels:
85+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
86+
87+
---
88+
apiVersion: rbac.authorization.k8s.io/v1
89+
kind: RoleBinding
90+
metadata:
91+
name: cloud-controller-manager:apiserver-authentication-reader
92+
namespace: kube-system
93+
labels:
94+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
95+
roleRef:
96+
apiGroup: rbac.authorization.k8s.io
97+
kind: Role
98+
name: extension-apiserver-authentication-reader
99+
subjects:
100+
- apiGroup: ""
101+
kind: ServiceAccount
102+
name: cloud-controller-manager
103+
namespace: kube-system
104+
---
105+
106+
# https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/cloud-node-controller-role.yaml
107+
apiVersion: rbac.authorization.k8s.io/v1
108+
kind: ClusterRole
109+
metadata:
110+
name: system:cloud-controller-manager
111+
labels:
112+
addonmanager.kubernetes.io/mode: Reconcile
113+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
114+
rules:
115+
- apiGroups:
116+
- ""
117+
- events.k8s.io
118+
resources:
119+
- events
120+
verbs:
121+
- create
122+
- patch
123+
- update
124+
- apiGroups:
125+
- coordination.k8s.io
126+
resources:
127+
- leases
128+
verbs:
129+
- create
130+
- get
131+
- list
132+
- watch
133+
- update
134+
- apiGroups:
135+
- coordination.k8s.io
136+
resourceNames:
137+
- cloud-controller-manager
138+
resources:
139+
- leases
140+
verbs:
141+
- get
142+
- update
143+
- apiGroups:
144+
- ""
145+
resources:
146+
- endpoints
147+
- serviceaccounts
148+
- services
149+
verbs:
150+
- create
151+
- get
152+
- update
153+
- apiGroups:
154+
- ""
155+
resources:
156+
- nodes
157+
verbs:
158+
- get
159+
- update
160+
- patch # until #393 lands
161+
- apiGroups:
162+
- ""
163+
resources:
164+
- namespaces
165+
verbs:
166+
- get
167+
- apiGroups:
168+
- ""
169+
resources:
170+
- nodes/status
171+
- services/status
172+
verbs:
173+
- patch
174+
- update
175+
- apiGroups:
176+
- ""
177+
resources:
178+
- secrets
179+
verbs:
180+
- create
181+
- delete
182+
- get
183+
- update
184+
- apiGroups:
185+
- "authentication.k8s.io"
186+
resources:
187+
- tokenreviews
188+
verbs:
189+
- create
190+
- apiGroups:
191+
- "*"
192+
resources:
193+
- "*"
194+
verbs:
195+
- list
196+
- watch
197+
- apiGroups:
198+
- ""
199+
resources:
200+
- serviceaccounts/token
201+
verbs:
202+
- create
203+
---
204+
apiVersion: rbac.authorization.k8s.io/v1
205+
kind: Role
206+
metadata:
207+
name: system::leader-locking-cloud-controller-manager
208+
namespace: kube-system
209+
labels:
210+
addonmanager.kubernetes.io/mode: Reconcile
211+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
212+
rules:
213+
- apiGroups:
214+
- ""
215+
resources:
216+
- configmaps
217+
verbs:
218+
- watch
219+
- apiGroups:
220+
- ""
221+
resources:
222+
- configmaps
223+
resourceNames:
224+
- cloud-controller-manager
225+
verbs:
226+
- get
227+
- update
228+
---
229+
apiVersion: rbac.authorization.k8s.io/v1
230+
kind: ClusterRole
231+
metadata:
232+
name: system:controller:cloud-node-controller
233+
labels:
234+
addonmanager.kubernetes.io/mode: Reconcile
235+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
236+
rules:
237+
- apiGroups:
238+
- ""
239+
resources:
240+
- events
241+
verbs:
242+
- create
243+
- patch
244+
- update
245+
- apiGroups:
246+
- ""
247+
resources:
248+
- nodes
249+
verbs:
250+
- get
251+
- list
252+
- update
253+
- delete
254+
- patch
255+
- apiGroups:
256+
- ""
257+
resources:
258+
- nodes/status
259+
verbs:
260+
- get
261+
- list
262+
- update
263+
- delete
264+
- patch
265+
266+
- apiGroups:
267+
- ""
268+
resources:
269+
- pods
270+
verbs:
271+
- list
272+
- delete
273+
- apiGroups:
274+
- ""
275+
resources:
276+
- pods/status
277+
verbs:
278+
- list
279+
- delete
280+
---
281+
282+
# https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/cloud-node-controller-binding.yaml
283+
apiVersion: rbac.authorization.k8s.io/v1
284+
kind: RoleBinding
285+
metadata:
286+
name: system::leader-locking-cloud-controller-manager
287+
namespace: kube-system
288+
labels:
289+
addonmanager.kubernetes.io/mode: Reconcile
290+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
291+
roleRef:
292+
apiGroup: rbac.authorization.k8s.io
293+
kind: Role
294+
name: system::leader-locking-cloud-controller-manager
295+
subjects:
296+
- kind: ServiceAccount
297+
name: cloud-controller-manager
298+
namespace: kube-system
299+
---
300+
apiVersion: rbac.authorization.k8s.io/v1
301+
kind: ClusterRoleBinding
302+
metadata:
303+
name: system:cloud-controller-manager
304+
labels:
305+
addonmanager.kubernetes.io/mode: Reconcile
306+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
307+
roleRef:
308+
apiGroup: rbac.authorization.k8s.io
309+
kind: ClusterRole
310+
name: system:cloud-controller-manager
311+
subjects:
312+
- kind: ServiceAccount
313+
apiGroup: ""
314+
name: cloud-controller-manager
315+
namespace: kube-system
316+
---
317+
apiVersion: rbac.authorization.k8s.io/v1
318+
kind: ClusterRoleBinding
319+
metadata:
320+
name: system:controller:cloud-node-controller
321+
labels:
322+
addonmanager.kubernetes.io/mode: Reconcile
323+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
324+
roleRef:
325+
apiGroup: rbac.authorization.k8s.io
326+
kind: ClusterRole
327+
name: system:controller:cloud-node-controller
328+
subjects:
329+
- kind: ServiceAccount
330+
name: cloud-node-controller
331+
namespace: kube-system
332+
---
333+
334+
# https://github.com/kubernetes/cloud-provider-gcp/blob/master/deploy/pvl-controller-role.yaml
335+
apiVersion: rbac.authorization.k8s.io/v1
336+
kind: ClusterRole
337+
metadata:
338+
name: system:controller:pvl-controller
339+
labels:
340+
addonmanager.kubernetes.io/mode: Reconcile
341+
addon.kops.k8s.io/name: gcp-cloud-controller.addons.k8s.io
342+
rules:
343+
- apiGroups:
344+
- ""
345+
resources:
346+
- events
347+
verbs:
348+
- create
349+
- patch
350+
- update
351+
- apiGroups:
352+
- ""
353+
resources:
354+
- persistentvolumeclaims
355+
- persistentvolumes
356+
verbs:
357+
- list
358+
- watch

0 commit comments

Comments
 (0)