diff --git a/upup/models/cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template b/upup/models/cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template new file mode 100644 index 0000000000..3d61aa5181 --- /dev/null +++ b/upup/models/cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template @@ -0,0 +1,156 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: digitalocean + namespace: kube-system +stringData: + # insert your DO access token here + access-token: {{ DO_TOKEN }} + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: digitalocean-cloud-controller-manager + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: digitalocean-cloud-controller-manager + template: + metadata: + labels: + k8s-app: digitalocean-cloud-controller-manager + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + serviceAccountName: cloud-controller-manager + dnsPolicy: Default + hostNetwork: true + tolerations: + - key: "node.cloudprovider.kubernetes.io/uninitialized" + value: "true" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 300 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 300 + containers: + - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.3 + name: digitalocean-cloud-controller-manager + command: + - "/bin/digitalocean-cloud-controller-manager" + - "--cloud-provider=digitalocean" + - "--leader-elect=false" + resources: + requests: + cpu: 100m + memory: 50Mi + env: + - name: DO_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: system:cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: +- kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system diff --git a/upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml.template b/upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml.template index ea91ea657d..495c9c67bf 100644 --- a/upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml.template +++ b/upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.6.yaml.template @@ -44,6 +44,14 @@ spec: - name: {{ $name }} value: {{ $value }} {{ end }} +{{- end }} +{{- if eq .CloudProvider "digitalocean" }} + env: + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token {{- end }} resources: requests: diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 3f11e52d24..9ebbf111dd 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -290,6 +290,26 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri } } + if kops.CloudProviderID(b.cluster.Spec.CloudProvider) == kops.CloudProviderDO { + key := "digitalocean-cloud-controller.addons.k8s.io" + version := "1.8" + + { + id := "k8s-1.8" + location := key + "/" + id + ".yaml" + + addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ + Name: fi.String(key), + Version: fi.String(version), + Selector: map[string]string{"k8s-addon": key}, + Manifest: fi.String(location), + KubernetesVersion: ">=1.8.0", + Id: id, + }) + manifests[key+"-"+id] = "addons/" + location + } + } + if kops.CloudProviderID(b.cluster.Spec.CloudProvider) == kops.CloudProviderGCE { key := "storage-gce.addons.k8s.io" version := "1.7.0" diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index 1ed1083dc9..6ec0ad6f91 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -94,6 +94,10 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap) { dest["ProxyEnv"] = tf.ProxyEnv + dest["DO_TOKEN"] = func() string { + return os.Getenv("DIGITALOCEAN_ACCESS_TOKEN") + } + if tf.cluster.Spec.Networking != nil && tf.cluster.Spec.Networking.Flannel != nil { flannelBackendType := tf.cluster.Spec.Networking.Flannel.Backend if flannelBackendType == "" { @@ -187,8 +191,6 @@ func (tf *TemplateFunctions) DnsControllerArgv() ([]string, error) { case kops.CloudProviderGCE: argv = append(argv, "--dns=google-clouddns") case kops.CloudProviderDO: - // this is not supported yet, here so we can successfully create clusters - // this will be supported for digitalocean in the future argv = append(argv, "--dns=digitalocean") case kops.CloudProviderVSphere: argv = append(argv, "--dns=coredns")