Merge pull request #1220 from PennyScissors/devv26-fix-cpi-csi

[dev-v2.6] Fix vSphere CPI RBAC conflicts

charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/questions.yaml

@@ -1,4 +1,15 @@
 questions:
+  - variable: clusterType
+    label: Cluster Type
+    description: Select the type of the cluster where vSphere CPI will be deployed
+    type: enum
+    default: "rke"
+    options:
+      - "rke"
+      - "rke2"
+      - "other"
+    group: Configuration
+
   - variable: vCenter.host
     label: vCenter Host
     description: IP address or FQDN of the vCenter

charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/vsphere-cpi-ds.yaml

@@ -5,29 +5,33 @@ metadata:
   annotations:
     scheduler.alpha.kubernetes.io/critical-pod: ""
   labels:
-    component: cloud-controller-manager
+    component: {{ .Chart.Name }}-cloud-controller-manager
     tier: control-plane
-    k8s-app: vsphere-cloud-controller-manager
-  name: vsphere-cloud-controller-manager
+    k8s-app: {{ .Chart.Name }}-cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
-      k8s-app: vsphere-cloud-controller-manager
+      k8s-app: {{ .Chart.Name }}-cloud-controller-manager
   updateStrategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
-        k8s-app: vsphere-cloud-controller-manager
+        k8s-app: {{ .Chart.Name }}-cloud-controller-manager
     spec:
-      nodeSelector:
       {{- if .Values.cloudControllerManager.nodeSelector }}
+      nodeSelector:
       {{- with .Values.cloudControllerManager.nodeSelector }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- else }}
+      {{- else if eq .Values.clusterType "rke" }}
+      nodeSelector:
         node-role.kubernetes.io/controlplane: "true"
+      {{- else if eq .Values.clusterType "rke2" }}
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: "true"
       {{- end }}
       securityContext:
         runAsUser: 1001
@@ -36,9 +40,9 @@ spec:
         operator: Exists
       - effect: NoSchedule
         operator: Exists
-      serviceAccountName: cloud-controller-manager
+      serviceAccountName: {{ .Chart.Name }}-cloud-controller-manager
       containers:
-        - name: vsphere-cloud-controller-manager
+        - name: {{ .Chart.Name }}-cloud-controller-manager
           image: "{{ template "system_default_registry" . }}{{ .Values.cloudControllerManager.image.repository }}:{{ .Values.cloudControllerManager.image.tag }}"
           args:
             - --v=2
@@ -61,8 +65,8 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    component: cloud-controller-manager
-  name: vsphere-cloud-controller-manager
+    component: {{ .Chart.Name }}-cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 spec:
   type: NodePort
@@ -71,4 +75,4 @@ spec:
       protocol: TCP
       targetPort: 43001
   selector:
-    component: cloud-controller-manager
+    component: {{ .Chart.Name }}-cloud-controller-manager

charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/vsphere-cpi-rbac.yaml

@@ -1,14 +1,15 @@
+{{- if .Values.cloudControllerManager.rbac.enabled -}}
 # Source: https://github.com/kubernetes/cloud-provider-vsphere/blob/master/releases/v1.19/vsphere-cloud-controller-manager.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 rules:
 - apiGroups:
   - ""
@@ -105,23 +106,24 @@ roleRef:
 subjects:
 - apiGroup: ""
   kind: ServiceAccount
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 - apiGroup: ""
   kind: User
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 subjects:
 - kind: ServiceAccount
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 - kind: User
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
+{{- end -}}

charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/values.yaml

@@ -14,6 +14,11 @@ cloudControllerManager:
     repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
     tag: v1.2.1
   nodeSelector: {}
+  rbac:
+    enabled: true
+
+# Set to "rke" or "rke2" to apply the node selector label appropriate for the cluster
+clusterType: "rke"
 
 global:
   cattle:

packages/rancher-vsphere-cpi/charts/questions.yaml

@@ -1,4 +1,15 @@
 questions:
+  - variable: clusterType
+    label: Cluster Type
+    description: Select the type of the cluster where vSphere CPI will be deployed
+    type: enum
+    default: "rke"
+    options:
+      - "rke"
+      - "rke2"
+      - "other"
+    group: Configuration
+
   - variable: vCenter.host
     label: vCenter Host
     description: IP address or FQDN of the vCenter

packages/rancher-vsphere-cpi/charts/templates/vsphere-cpi-ds.yaml

@@ -5,29 +5,33 @@ metadata:
   annotations:
     scheduler.alpha.kubernetes.io/critical-pod: ""
   labels:
-    component: cloud-controller-manager
+    component: {{ .Chart.Name }}-cloud-controller-manager
     tier: control-plane
-    k8s-app: vsphere-cloud-controller-manager
-  name: vsphere-cloud-controller-manager
+    k8s-app: {{ .Chart.Name }}-cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
-      k8s-app: vsphere-cloud-controller-manager
+      k8s-app: {{ .Chart.Name }}-cloud-controller-manager
   updateStrategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
-        k8s-app: vsphere-cloud-controller-manager
+        k8s-app: {{ .Chart.Name }}-cloud-controller-manager
     spec:
-      nodeSelector:
       {{- if .Values.cloudControllerManager.nodeSelector }}
+      nodeSelector:
       {{- with .Values.cloudControllerManager.nodeSelector }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- else }}
+      {{- else if eq .Values.clusterType "rke" }}
+      nodeSelector:
         node-role.kubernetes.io/controlplane: "true"
+      {{- else if eq .Values.clusterType "rke2" }}
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: "true"
       {{- end }}
       securityContext:
         runAsUser: 1001
@@ -36,9 +40,9 @@ spec:
         operator: Exists
       - effect: NoSchedule
         operator: Exists
-      serviceAccountName: cloud-controller-manager
+      serviceAccountName: {{ .Chart.Name }}-cloud-controller-manager
       containers:
-        - name: vsphere-cloud-controller-manager
+        - name: {{ .Chart.Name }}-cloud-controller-manager
           image: "{{ template "system_default_registry" . }}{{ .Values.cloudControllerManager.image.repository }}:{{ .Values.cloudControllerManager.image.tag }}"
           args:
             - --v=2
@@ -61,8 +65,8 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    component: cloud-controller-manager
-  name: vsphere-cloud-controller-manager
+    component: {{ .Chart.Name }}-cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 spec:
   type: NodePort
@@ -71,4 +75,4 @@ spec:
       protocol: TCP
       targetPort: 43001
   selector:
-    component: cloud-controller-manager
+    component: {{ .Chart.Name }}-cloud-controller-manager

packages/rancher-vsphere-cpi/charts/templates/vsphere-cpi-rbac.yaml

@@ -1,14 +1,15 @@
+{{- if .Values.cloudControllerManager.rbac.enabled -}}
 # Source: https://github.com/kubernetes/cloud-provider-vsphere/blob/master/releases/v1.19/vsphere-cloud-controller-manager.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 rules:
 - apiGroups:
   - ""
@@ -105,23 +106,24 @@ roleRef:
 subjects:
 - apiGroup: ""
   kind: ServiceAccount
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 - apiGroup: ""
   kind: User
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
 subjects:
 - kind: ServiceAccount
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
   namespace: {{ .Release.Namespace }}
 - kind: User
-  name: cloud-controller-manager
+  name: {{ .Chart.Name }}-cloud-controller-manager
+{{- end -}}

packages/rancher-vsphere-cpi/charts/values.yaml

@@ -14,6 +14,11 @@ cloudControllerManager:
     repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
     tag: v1.2.1
   nodeSelector: {}
+  rbac:
+    enabled: true
+
+# Set to "rke" or "rke2" to apply the node selector label appropriate for the cluster
+clusterType: "rke"
 
 global:
   cattle: