create release manifests for v0.1.55

Author: timoreimann

CHANGELOG.md

@@ -1,5 +1,7 @@
 ## unreleased
 
+## v0.1.55 (beta) - July 29, 2024
+
 * When using the LoadBalancer `service.beta.kubernetes.io/do-loadbalancer-type=REGIONAL_NETWORK` (under closed beta), firewall rules
 are added to open up the underlying health check port and all the defined (port, protocols) defined on the service. This is to
 permit traffic to arrive directly on the underlying worker nodes.

VERSION

@@ -1 +1 @@
-v0.1.54
+v0.1.55

releases/digitalocean-cloud-controller-manager-admission-server/v0.1.55.yml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: digitalocean-cloud-controller-manager-admission-server
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: digitalocean-cloud-controller-manager-admission-server
+  template:
+    metadata:
+      labels:
+        app: digitalocean-cloud-controller-manager-admission-server
+    spec:
+      containers:
+      - image: digitalocean/digitalocean-cloud-controller-manager-admission-server:v0.1.55
+        name: digitalocean-cloud-controller-manager-admission-server
+        command:
+          - "/bin/digitalocean-cloud-controller-manager-admission-server"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+        env:
+          - name: DO_ACCESS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: digitalocean
+                key: access-token
+        ports:
+        - containerPort: 9443
+          name: admission
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: serving-certs
+          readOnly: true
+      volumes:
+      - name: serving-certs
+        secret:
+          defaultMode: 420
+          secretName: digitalocean-cloud-controller-manager-admission-server-serving-certs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: digitalocean-cloud-controller-manager-admission-server
+  namespace: kube-system
+spec:
+  selector:
+    app: digitalocean-cloud-controller-manager-admission-server
+  ports:
+    - protocol: TCP
+      port: 443
+      targetPort: 9443
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: digitalocean-cloud-controller-manager-admission-server-serving-certs
+  namespace: kube-system
+spec:
+  dnsNames:
+  - digitalocean-cloud-controller-manager-admission-server
+  - digitalocean-cloud-controller-manager-admission-server.kube-system.svc
+  - digitalocean-cloud-controller-manager-admission-server.kube-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: digitalocean-cloud-controller-manager-selfsigned-issuer
+  secretName: digitalocean-cloud-controller-manager-admission-server-serving-certs
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: digitalocean-cloud-controller-manager-selfsigned-issuer
+  namespace: kube-system
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: kube-system/digitalocean-cloud-controller-manager-admission-server-serving-certs
+  name: digitalocean-cloud-controller-manager-admission-webhook
+webhooks:
+- name: validation-webhook.cloud-controller-manager.digitalocean.com
+  admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      namespace: "kube-system"
+      name: "digitalocean-cloud-controller-manager-admission-server"
+      path: "/lb-service"
+  failurePolicy: Ignore
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - services
+    scope: Namespaced
+  sideEffects: None

releases/digitalocean-cloud-controller-manager/v0.1.55.yml

@@ -0,0 +1,153 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: digitalocean-cloud-controller-manager
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: digitalocean-cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        app: digitalocean-cloud-controller-manager
+    spec:
+      dnsPolicy: Default
+      hostNetwork: true
+      serviceAccountName: cloud-controller-manager
+      priorityClassName: system-cluster-critical
+      tolerations:
+        # this taint is set by all kubelets running `--cloud-provider=external`
+        # so we should tolerate it to schedule the digitalocean ccm
+        - key: "node.cloudprovider.kubernetes.io/uninitialized"
+          value: "true"
+          effect: "NoSchedule"
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        # cloud controller manages should be able to run on masters
+        # TODO: remove this when ccm is not supported on k8s <= 1.23
+        - key: "node-role.kubernetes.io/master"
+          effect: NoSchedule
+        # k8s clusters 1.24+ uses control-plane name instead of master
+        - key: "node-role.kubernetes.io/control-plane"
+          effect: NoSchedule
+      containers:
+      - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.55
+        name: digitalocean-cloud-controller-manager
+        command:
+          - "/bin/digitalocean-cloud-controller-manager"
+          - "--leader-elect=false"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+        env:
+          - name: DO_ACCESS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: digitalocean
+                key: access-token
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:cloud-controller-manager
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
+- kind: ServiceAccount
+  name: cloud-controller-manager
+  namespace: kube-system