Set default image tag for OpenStack CCM

docs/getting_started/openstack.md

@@ -115,7 +115,7 @@ If you want use [External CCM](https://github.com/kubernetes/cloud-provider-open
 Enable featureflag:
 
 ```
-export KOPS_FEATURE_FLAGS=+EnableExternalCloudController
+export KOPS_FEATURE_FLAGS=EnableExternalCloudController
 ```
 
 Create cluster without `--yes` flag (or modify existing cluster):
@@ -127,9 +127,7 @@ kops edit cluster <cluster>
 Add following to clusterspec:
 
 ```
-  cloudControllerManager:
-    image: jesseh/occm:latest <- you can use this or compile your own
-    logLevel: 2
+  cloudControllerManager: {}
 ```
 
 Finally

upup/models/cloudup/resources/addons/openstack.addons.k8s.io/k8s-1.13.yaml.template

@@ -0,0 +1,213 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: kube-system
+  labels:
+    k8s-app: openstack-cloud-provider
+    k8s-addon: openstack.addons.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:cloud-node-controller
+  labels:
+    k8s-app: openstack-cloud-provider
+    k8s-addon: openstack.addons.k8s.io
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-node-controller
+subjects:
+- kind: ServiceAccount
+  name: cloud-node-controller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:cloud-controller-manager
+  labels:
+    k8s-app: openstack-cloud-provider
+    k8s-addon: openstack.addons.k8s.io
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
+- kind: ServiceAccount
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:cloud-controller-manager
+  labels:
+    k8s-app: openstack-cloud-provider
+    k8s-addon: openstack.addons.k8s.io
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - list
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:cloud-node-controller
+  labels:
+    k8s-app: openstack-cloud-provider
+    k8s-addon: openstack.addons.k8s.io
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: kube-system
+  name: openstack-cloud-provider
+  labels:
+    k8s-app: openstack-cloud-provider
+    k8s-addon: openstack.addons.k8s.io
+  annotations:
+    scheduler.alpha.kubernetes.io/critical-pod: ""
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      name: openstack-cloud-provider
+  template:
+    metadata:
+      labels:
+        name: openstack-cloud-provider
+    spec:
+      # run on the host network (don't depend on CNI)
+      hostNetwork: true
+      # run on each master node
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      securityContext:
+        runAsUser: 1001
+      serviceAccountName: cloud-controller-manager
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - key: CriticalAddonsOnly
+        operator: Exists
+      containers:
+      - name: openstack-cloud-controller-manager
+        image: "{{- if .ExternalCloudControllerManager.Image -}} {{ .ExternalCloudControllerManager.Image }} {{- else -}} {{OpenStackCCM}} {{- end -}}"
+        args:
+          - /bin/openstack-cloud-controller-manager
+          - --v={{ if .ExternalCloudControllerManager.LogLevel -}} {{ .ExternalCloudControllerManager.LogLevel }} {{- else }}2{{ end }}
+          - --cloud-config=/etc/kubernetes/cloud.config
+          - --cloud-provider=openstack
+          - --use-service-account-credentials=true
+          - --address=127.0.0.1
+        resources:
+          requests:
+            cpu: 200m
+        volumeMounts:
+        - mountPath: /etc/kubernetes/cloud.config
+          name: cloudconfig
+          readOnly: true
+{{ if .UseHostCertificates }}
+        - mountPath: /etc/ssl/certs
+          name: etc-ssl-certs
+          readOnly: true
+{{ end }}
+      volumes:
+      - hostPath:
+          path: /etc/kubernetes/cloud.config
+        name: cloudconfig
+{{ if .UseHostCertificates }}
+      - hostPath:
+          path: /etc/ssl/certs
+          type: DirectoryOrCreate
+        name: etc-ssl-certs
+{{ end }}

upup/pkg/fi/cloudup/bootstrapchannelbuilder.go

@@ -1230,7 +1230,23 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
 					Version:           fi.String(version),
 					Manifest:          fi.String(location),
 					Selector:          map[string]string{"k8s-addon": key},
-					KubernetesVersion: ">=1.11.0",
+					KubernetesVersion: ">=1.11.0 <1.13.0",
+					Id:                id,
+				})
+			}
+			{
+				key := "openstack.addons.k8s.io"
+				version := "1.13.0"
+
+				location := key + "/k8s-1.13.yaml"
+				id := "k8s-1.13-ccm"
+
+				addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
+					Name:              fi.String(key),
+					Version:           fi.String(version),
+					Manifest:          fi.String(location),
+					Selector:          map[string]string{"k8s-addon": key},
+					KubernetesVersion: ">=1.13.0",
 					Id:                id,
 				})
 			}

upup/pkg/fi/cloudup/template_functions.go

@@ -40,6 +40,7 @@ import (
 	"k8s.io/klog"
 	kopscontrollerconfig "k8s.io/kops/cmd/kops-controller/pkg/config"
 	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/pkg/apis/kops/util"
 	"k8s.io/kops/pkg/dns"
 	"k8s.io/kops/pkg/featureflag"
 	"k8s.io/kops/pkg/model"
@@ -103,6 +104,10 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
 		return tf.region
 	}
 
+	if featureflag.EnableExternalCloudController.Enabled() {
+		// will return openstack external ccm image location for current kubernetes version
+		dest["OpenStackCCM"] = tf.OpenStackCCM
+	}
 	dest["ProxyEnv"] = tf.ProxyEnv
 
 	dest["KopsSystemEnv"] = tf.KopsSystemEnv
@@ -380,3 +385,22 @@ func (tf *TemplateFunctions) KopsSystemEnv() []corev1.EnvVar {
 
 	return envMap.ToEnvVars()
 }
+
+// OpenStackCCM returns OpenStack external cloud controller manager current image
+// with tag specified to k8s version
+func (tf *TemplateFunctions) OpenStackCCM() string {
+	var tag string
+	parsed, err := util.ParseKubernetesVersion(tf.cluster.Spec.KubernetesVersion)
+	if err != nil {
+		tag = "latest"
+	} else {
+		if parsed.Minor == 13 {
+			// The bugfix release
+			tag = "1.13.1"
+		} else {
+			// otherwise we use always .0 ccm image, if needed that can be overrided using clusterspec
+			tag = fmt.Sprintf("v%d.%d.0", parsed.Major, parsed.Minor)
+		}
+	}
+	return fmt.Sprintf("docker.io/k8scloudprovider/openstack-cloud-controller-manager:%s", tag)
+}