Merge pull request #20 from /issues/17

feat: add scheduling constraints to Cloud Controller Manager

Author: bsctl

README.md

@@ -91,11 +91,9 @@ This command installs the Cluster Autoscaler and configures it to manage the wor
 
 ## Prerequisites
 
-- Kubernetes 1.28+
 - Kamaji installed and configured
-- Cluster API with vSphere provider
-- IPAM provider (optional)
-- Helm 3.x
+- Cluster API vSphere provider installed and configured
+- Cluster API IPAM provider installed and configure (optional)
 - Access to vSphere environment
 
 ## Installation
@@ -106,7 +104,7 @@ helm repo add clastix https://clastix.github.io/charts
 helm repo update
 
 # Install with custom values
-helm install cluster-name clastix/capi-kamaji-vsphere -f my-values.yaml
+helm install cluster-name clastix/capi-kamaji-vsphere -f values.yaml
 ```
 
 ## Credentials Management
@@ -134,7 +132,7 @@ metadata:
     cluster.x-k8s.io/cluster-name: "cluster-name"
 stringData:
   username: "administrator@vsphere.local"
-  password: "YOUR_PASSWORD"
+  password: "password"
 EOF
 ```
 
@@ -152,14 +150,13 @@ stringData:
   vsphere.conf: |
     global:
       port: 443
-      insecure-flag: false
-      password: "YOUR_PASSWORD"
+      insecureFlag: false
+      password: "password"
       user: "administrator@vsphere.local"
-      thumbprint: "YOUR_VCENTER_THUMBPRINT"
     vcenter:
       vcenter.example.com:
         datacenters:
-        - "YOUR_DATACENTER"
+        - "datacenter-name"
         server: "vcenter.example.com"
 EOF
 ```
@@ -177,11 +174,9 @@ kind: Secret
 metadata:
   name: vsphere-secret
   namespace: capv-system
-  labels:
-    cluster.x-k8s.io/cluster-name: "cluster-name"
 stringData:
   username: "administrator@vsphere.local"
-  password: "YOUR_PASSWORD"
+  password: "password"
 EOF
 ```
 
@@ -199,9 +194,9 @@ spec:
   allowedNamespaces:
     selector:
       matchLabels: {} # allow all namespaces
+EOF
 ```
 
-
 ```yaml
 # Create the vsphere-config-secret for Cloud Controller Manager
 cat <<EOF | kubectl apply -f -
@@ -217,13 +212,12 @@ stringData:
     global:
       port: 443
       insecure-flag: false
-      password: "YOUR_PASSWORD"
+      password: "password"
       user: "administrator@vsphere.local"
-      thumbprint: "YOUR_VCENTER_THUMBPRINT"
     vcenter:
       vcenter.example.com:
         datacenters:
-        - "YOUR_DATACENTER"
+        - "datacenter-name"
         server: "vcenter.example.com"
 EOF
 ```
@@ -253,7 +247,9 @@ nodePools:
   - name: default
     template: "ubuntu-2204-kube-v1.32.0"
 vSphereCloudControllerManager:
-  version: "v1.32.0"
+  image:
+    tag: "v1.32.0"
+
 
 # Apply upgrade
 helm upgrade cluster-name ./cluster-api-kamaji-vsphere -f values.yaml
@@ -297,13 +293,15 @@ kubectl wait --for=delete vspheremachines -l cluster.x-k8s.io/cluster-name=clust
 helm uninstall cluster-name
 ```
 
-If nodes taints are not removed:
+If nodes taints are not removed, check Cloud Controller Manager logs:
 
 ```bash
 # Check CPI Controller logs
 kubectl logs -l component=cloud-controller-manager
 ```
 
+Most of the time the issue is related to authentication issues with vSphere credentials. Check the secret used by the `VSphereClusterIdentity` or `VSphereCluster` and ensure that the credentials are correct.
+
 ## Configuration
 
 See the values you can override [here](charts/capi-kamaji-vsphere/README.md).

charts/capi-kamaji-vsphere/README.md

@@ -72,13 +72,14 @@ A Helm chart for deploying a Kamaji Tenant Cluster on vSphere using Cluster API
 | nodePools[0].resourcePool | string | `"*/Resources"` | VSphere resource pool to use |
 | nodePools[0].staticRoutes | list | `[]` | Static network routes if required |
 | nodePools[0].storagePolicyName | string | `""` | VSphere storage policy to use |
-| nodePools[0].template | string | `"ubuntu-2204-kube-v1.32.0"` | VSphere template to clone |
+| nodePools[0].template | string | `"ubuntu-2404-kube-v1.32.0"` | VSphere template to clone |
 | nodePools[0].users | list | `[{"lockPassword":true,"name":"ubuntu","shell":"/bin/bash","sshAuthorizedKeys":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}]` | users to create on machines |
 | nodePools[0].users[0] | object | `{"lockPassword":true,"name":"ubuntu","shell":"/bin/bash","sshAuthorizedKeys":[],"sudo":"ALL=(ALL) NOPASSWD:ALL"}` | username to create |
 | nodePools[0].users[0].lockPassword | bool | `true` | Lock login password |
 | nodePools[0].users[0].shell | string | `"/bin/bash"` | SSH shell to use |
 | nodePools[0].users[0].sshAuthorizedKeys | list | `[]` | SSH public key to add |
 | nodePools[0].users[0].sudo | string | `"ALL=(ALL) NOPASSWD:ALL"` | sudoers configuration |
+| vSphere.caFile | string | `""` | Path to the CA file if it has been mounted into the pod. |
 | vSphere.dataCenter | string | `"datacenter"` | Datacenter to use |
 | vSphere.identityRef | object | `{"name":"vsphere-secret","type":"Secret"}` | VSphere Identity Management |
 | vSphere.identityRef.name | string | `"vsphere-secret"` | Specifies the name of the VSphereClusterIdentity or Secret |
@@ -87,9 +88,20 @@ A Helm chart for deploying a Kamaji Tenant Cluster on vSphere using Cluster API
 | vSphere.port | int | `443` | VSphere server port |
 | vSphere.server | string | `"server.sample.org"` | VSphere server dns name or address |
 | vSphere.tlsThumbprint | string | `""` | VSphere https TLS thumbprint |
-| vSphereCloudControllerManager.enabled | bool | `true` | Installs vsphere-cloud-controller-manager on the management cluster |
-| vSphereCloudControllerManager.secret.name | string | `"vsphere-config-secret"` | The name of an existing Secret for vSphere.  |
-| vSphereCloudControllerManager.version | string | `"v1.32.0"` | Version of the vsphere-cloud-controller-manager to install. The major and minor versions of releases should be equivalent to the compatible upstream Kubernetes release. |
+| vSphereCloudControllerManager.additionalMetadata.annotations | object | `{}` |  |
+| vSphereCloudControllerManager.additionalMetadata.labels | object | `{}` |  |
+| vSphereCloudControllerManager.affinity | object | `{}` | Affinity scheduling rules |
+| vSphereCloudControllerManager.image | object | `{"pullPolicy":"IfNotPresent","registry":"registry.k8s.io","repository":"cloud-pv-vsphere/cloud-provider-vsphere","tag":"v1.32.0"}` | Image of the vsphere-cloud-controller-manager to install.  |
+| vSphereCloudControllerManager.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
+| vSphereCloudControllerManager.image.registry | string | `"registry.k8s.io"` | Set the image registry |
+| vSphereCloudControllerManager.image.repository | string | `"cloud-pv-vsphere/cloud-provider-vsphere"` | Set the image repository |
+| vSphereCloudControllerManager.image.tag | string | `"v1.32.0"` | The tag should be equivalent to the upstream Kubernetes version. |
+| vSphereCloudControllerManager.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector for scheduling |
+| vSphereCloudControllerManager.podAdditionalMetadata | object | `{"annotations":{},"labels":{}}` | Pods Additional metadata as labels and annotations |
+| vSphereCloudControllerManager.secret.name | string | `"vsphere-config-secret"` | The name of an existing Secret to access the vCenter API |
+| vSphereCloudControllerManager.tolerations | list | `[]` | Tolerations for scheduling |
+| vSphereCloudControllerManager.topology | object | `{"region":"k8s-region","zone":"k8s-zone"}` | Labels for toplogy regions and zones |
+| vSphereCloudControllerManager.topologySpreadConstraints | list | `[]` | TopologySpreadConstraints for scheduling |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/capi-kamaji-vsphere/templates/_helpers.tpl

@@ -13,7 +13,4 @@
 {{- .Values.vSphereCloudControllerManager.secret.name | default "vsphere-config-secret" -}}
 {{- end -}}
 
-{{/* CSI vSphere config secret name used by CSI */}}
-{{- define "cluster-api-kamaji-vsphere.csi-config-secret-name" -}}
-{{- .Values.vSphereStorageControllerManager.secret.name | default "csi-config-secret" -}}
-{{- end -}}
+

charts/capi-kamaji-vsphere/templates/cpi-manifests.yaml

@@ -1,5 +1,3 @@
-{{- if .Values.vSphereCloudControllerManager.enabled }}
----
 kind: ServiceAccount
 apiVersion: v1
 metadata:
@@ -36,6 +34,13 @@ metadata:
   labels:
     component: cloud-controller-manager
     cluster.x-k8s.io/cluster-name: {{ include "cluster-api-kamaji-vsphere.cluster-name" . | quote }}
+    {{- with .Values.vSphereCloudControllerManager.additionalMetadata.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with .Values.vSphereCloudControllerManager.additionalMetadata.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   name: {{ include "cluster-api-kamaji-vsphere.cluster-name" . }}-vsphere-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 spec:
@@ -48,10 +53,18 @@ spec:
       labels:
         component: cloud-controller-manager
         app: {{ include "cluster-api-kamaji-vsphere.cluster-name" . }}-vsphere-cloud-controller-manager
+        {{- with .Values.vSphereCloudControllerManager.podAdditionalMetadata.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- with .Values.vSphereCloudControllerManager.podAdditionalMetadata.annotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       containers:
         - name: vsphere-cloud-controller-manager
-          image: registry.k8s.io/cloud-pv-vsphere/cloud-provider-vsphere:{{ .Values.vSphereCloudControllerManager.version }}
+          image: {{ .Values.vSphereCloudControllerManager.image.registry }}/{{ .Values.vSphereCloudControllerManager.image.repository }}:{{ .Values.vSphereCloudControllerManager.image.tag }}
+          imagePullPolicy: {{ .Values.vSphereCloudControllerManager.image.pullPolicy }}
           args:
             - --v=2
             - --cloud-config=/etc/cloud/vsphere.conf
@@ -71,6 +84,22 @@ spec:
       hostNetwork: false
       securityContext:
         runAsUser: 1001
+      affinity:
+        {{- with .Values.vSphereCloudControllerManager.affinity }}
+        {{- toYaml . | nindent 6 }}
+        {{- end }}
+      tolerations:
+        {{- with .Values.vSphereCloudControllerManager.tolerations }}
+        {{- toYaml . | nindent 6 }}
+        {{- end }}
+      nodeSelector:
+        {{- with .Values.vSphereCloudControllerManager.nodeSelector }}
+        {{- toYaml . | nindent 6 }}
+        {{- end }}
+      topologySpreadConstraints:
+        {{- with .Values.vSphereCloudControllerManager.topologySpreadConstraints }}
+        {{- toYaml . | nindent 6 }}
+        {{- end }}
       serviceAccountName: {{ include "cluster-api-kamaji-vsphere.cluster-name" . }}-cloud-controller-manager
       volumes:
         - name: vsphere-config-volume
@@ -79,4 +108,4 @@ spec:
         - name: '{{ include "cluster-api-kamaji-vsphere.cluster-name" . }}-admin-kubeconfig'
           secret:
             secretName: '{{ include "cluster-api-kamaji-vsphere.cluster-name" . }}-admin-kubeconfig'
-{{- end }}
+            

charts/capi-kamaji-vsphere/values.yaml

@@ -9,6 +9,8 @@ vSphere:
   insecure: false
   # -- VSphere https TLS thumbprint
   tlsThumbprint: ""
+  # -- Path to the CA file if it has been mounted into the pod.
+  caFile: ""
   # -- VSphere Identity Management
   identityRef:
     # -- Specifies whether use VSphereClusterIdentity or Secret
@@ -124,7 +126,7 @@ nodePools:
     # -- VSphere storage policy to use
     storagePolicyName: ""
     # -- VSphere template to clone
-    template: "ubuntu-2204-kube-v1.32.0"
+    template: "ubuntu-2404-kube-v1.32.0"
     # -- VSphere network for VMs and CSI
     network: "network"
     # -- Number of worker VMs instances
@@ -186,10 +188,38 @@ nodePools:
     # -- Taints to add to the node pool when joining the cluster
     # taints: "node.kubernetes.io/node:NoSchedule"
 vSphereCloudControllerManager:
-  # -- Installs vsphere-cloud-controller-manager on the management cluster
-  enabled: true
+  # -- Labels for toplogy regions and zones
+  topology: 
+    region: "k8s-region"
+    zone: "k8s-zone"
+  # -- Image of the vsphere-cloud-controller-manager to install. 
+  image:
+     # -- Set the image registry
+    registry: registry.k8s.io
+    # -- Set the image repository
+    repository: cloud-pv-vsphere/cloud-provider-vsphere
+    # -- The tag should be equivalent to the upstream Kubernetes version.
+    tag: v1.32.0
+    # -- Set the image pull policy.
+    pullPolicy: IfNotPresent
   secret:
-    # -- The name of an existing Secret for vSphere. 
+    # -- The name of an existing Secret to access the vCenter API
     name: vsphere-config-secret
-  # -- Version of the vsphere-cloud-controller-manager to install. The major and minor versions of releases should be equivalent to the compatible upstream Kubernetes release.
-  version: v1.32.0
+    # -- Additional metadata as labels and annotations
+  additionalMetadata: 
+    labels: {}
+    annotations: {}
+  # -- Pods Additional metadata as labels and annotations
+  podAdditionalMetadata:
+    labels: {}
+    annotations: {}
+  # -- Affinity scheduling rules
+  affinity: {}
+  # -- Tolerations for scheduling
+  tolerations: []
+  # -- NodeSelector for scheduling
+  nodeSelector:
+    kubernetes.io/os: linux
+  # -- TopologySpreadConstraints for scheduling
+  topologySpreadConstraints: []
+