Run pods needing control-plane instance credentials on hostNetwork

2022-12-30 11:18:41 -08:00 · 2022-12-30 11:18:41 -08:00 · ad92d2760c
parent 0b8ccf2c9e
commit ad92d2760c
4 changed files with 19 additions and 0 deletions
--- a/pkg/wellknownports/wellknownports.go
+++ b/pkg/wellknownports/wellknownports.go
@ -73,6 +73,9 @@ const (
 	// VxlanUDP is the port used by VXLAN tunneling over UDP
 	VxlanUDP = 8472

+	// AWSLBCMetricsPort is reserved for the AWS Load Balancer Controller's metrics.
+	AWSLBCMetricsPort = 9442
+
 	// KubeletAPI is the port where kubelet listens
 	KubeletAPI = 10250
 )
--- a/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
+++ b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template
@ -479,6 +479,7 @@ spec:
      priorityClassName: system-cluster-critical
      nodeSelector: null
      {{ if not UseServiceAccountExternalPermissions }}
+      hostNetwork: true
      tolerations:
        - operator: Exists
      {{ end }}
--- a/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template
+++ b/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template
@ -723,6 +723,12 @@ spec:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/name: aws-load-balancer-controller
+  {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+  {{ end }}
  template:
    metadata:
      labels:
@ -744,6 +750,7 @@ spec:
      {{ end }}
      containers:
      - args:
+        - --metrics-bind-addr=:9442
        - --cluster-name={{ ClusterName }}
        - --enable-waf={{ .EnableWAF }}
        - --enable-wafv2={{ .EnableWAFv2 }}
@ -789,6 +796,7 @@ spec:
      serviceAccountName: aws-load-balancer-controller
      terminationGracePeriodSeconds: 10
      {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
+      hostNetwork: true
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          operator: Exists
--- a/upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template
+++ b/upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template
@ -273,6 +273,12 @@ spec:
  selector:
    matchLabels:
      app: cluster-autoscaler
+  {{ if not (and UseServiceAccountExternalPermissions (IsKubernetesGTE "1.24")) }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+  {{ end }}
  template:
    metadata:
      annotations:
@ -360,6 +366,7 @@ spec:
              memory: {{ or .MemoryRequest "300Mi"}}
      serviceAccountName: cluster-autoscaler
      {{ if not UseServiceAccountExternalPermissions }}
+      hostNetwork: true
      tolerations:
      - operator: "Exists"
        key: node-role.kubernetes.io/control-plane