Skip to content

Add Calico HelmChartProxy and metal-ccm ClusterResourceSet sample. #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Gerrit91 merged 9 commits into from
Oct 31, 2025
Merged

Add Calico HelmChartProxy and metal-ccm ClusterResourceSet sample. #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e508c7e
Add Calico HelmChartProxy and metal-ccm ResourceSet sample.
Gerrit91 Oct 30, 2025
03f3a19
Update.
Gerrit91 Oct 31, 2025
1ee2b3b
Only provide new samples.
Gerrit91 Oct 31, 2025
e7d836c
Document divider.
Gerrit91 Oct 31, 2025
93bb9cb
Use different label.
Gerrit91 Oct 31, 2025
f6f19ed
Merge branch 'main' into auto-deploy
vknabel Oct 31, 2025
957cbfe
Merge branch 'main' into auto-deploy
Gerrit91 Oct 31, 2025
7ca3f6d
Document vars.
Gerrit91 Oct 31, 2025
2316197
Update.
Gerrit91 Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions config/samples/calico-cni/helm-calico-cni.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
apiVersion: addons.cluster.x-k8s.io/v1alpha1
kind: HelmChartProxy
metadata:
name: calico-cni
spec:
clusterSelector:
matchLabels:
cluster.metal-stack.io/cni: calico
releaseName: calico
repoURL: https://docs.tigera.io/calico/charts
chartName: tigera-operator
namespace: kube-system
version: v3.28.3
valuesTemplate: |
installation:
enabled: true

calicoNetwork:
bgp: Disabled
ipPools:
- name: default-ipv4-ippool
blockSize: 26
cidr: 10.240.0.0/12
encapsulation: None
mtu: 1440
cni:
ipam:
type: HostLocal
type: Calico

goldmane:
enabled: false

whisker:
enabled: false
270 changes: 270 additions & 0 deletions config/samples/metal-ccm/crs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,270 @@
# Requires the following variables to be replaced (with envsubst)
# - NAMESPACE
# - CLUSTER_NAME
# - METAL_API_URL
# - METAL_API_HMAC
# - METAL_API_HMAC_AUTH_TYPE
# - METAL_PROJECT_ID
# - METAL_PARTITION
# - METAL_NODE_NETWORK_ID
---
apiVersion: addons.cluster.x-k8s.io/v1beta1
kind: ClusterResourceSet
metadata:
name: metal-ccm
spec:
strategy: Reconcile
clusterSelector:
matchLabels:
cluster.metal-stack.io/infrastructure-provider: metal-stack
cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME}
resources:
- name: crs-cloud-controller-manager
kind: ConfigMap
- name: crs-cloud-controller-manager
kind: Secret
---
apiVersion: v1
kind: Secret
metadata:
name: crs-cloud-controller-manager
type: addons.cluster.x-k8s.io/resource-set
stringData:
secret.yaml: |
---
apiVersion: v1
kind: Secret
metadata:
name: cloud-controller-manager
namespace: kube-system
stringData:
api-url: ${METAL_API_URL}
api-hmac: ${METAL_API_HMAC}
api-hmac-auth-type: ${METAL_API_HMAC_AUTH_TYPE}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: crs-cloud-controller-manager
data:
deploy.yaml: |
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- "*"
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
- services/status
- endpoints
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
- serviceaccounts/token
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- update
- create
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
- apiGroups:
- metallb.io
resources:
- bgppeers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metallb.io
resources:
- ipaddresspools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metallb.io
resources:
- bgpadvertisements
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cloud-controller-manager
name: cloud-controller-manager
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: cloud-controller-manager
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: cloud-controller-manager
spec:
containers:
- command:
- ./metal-cloud-controller-manager
- --cluster-cidr=10.240.0.0/12
- --cluster-name=
- --concurrent-service-syncs=10
- --leader-elect=true
- --secure-port=10258
- --use-service-account-credentials
- --v=2
env:
- name: METAL_API_URL
valueFrom:
secretKeyRef:
key: api-url
name: cloud-controller-manager
- name: METAL_AUTH_HMAC
valueFrom:
secretKeyRef:
key: api-hmac
name: cloud-controller-manager
- name: METAL_AUTH_HMAC_AUTH_TYPE
valueFrom:
secretKeyRef:
key: api-hmac-auth-type
name: cloud-controller-manager
- name: METAL_PROJECT_ID
value: ${METAL_PROJECT_ID}
- name: METAL_PARTITION_ID
value: ${METAL_PARTITION}
# associates service type load balancer ips with this cluster:
- name: METAL_CLUSTER_ID
value: ${NAMESPACE}.${CLUSTER_NAME}
- name: METAL_DEFAULT_EXTERNAL_NETWORK_ID
value: internet
- name: METAL_ADDITIONAL_NETWORKS
value: internet,${METAL_NODE_NETWORK_ID}
- name: METAL_SSH_PUBLICKEY
value: ""
image: ghcr.io/metal-stack/metal-ccm:v0.9.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 2
httpGet:
path: /healthz
port: 10258
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 15
name: cloud-controller-manager
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
nodeSelector:
node-role.kubernetes.io/control-plane: ""
hostNetwork: true
serviceAccountName: cloud-controller-manager
tolerations:
- effect: NoSchedule
operator: Exists
key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
restartPolicy: Always
volumes:
- name: cloud-controller-manager
secret:
defaultMode: 420
secretName: cloud-controller-manager
Loading