From 86befebf0b7df37659d0b923b9167149a74a1bac Mon Sep 17 00:00:00 2001
From: Vyas Nellutla <vyasnellutla@gmail.com>
Date: Thu, 11 May 2023 12:13:11 -0500
Subject: [PATCH 1/2] feat: Add Helm Chart

---
 .../Chart.yaml                                | 22 +++++
 ...oud-controller-manager.serviceaccount.yaml |  6 ++
 ...n-cloud-controller-manager.deployment.yaml | 52 ++++++++++++
 ...:cloud-controller-manager.clusterrole.yaml | 82 +++++++++++++++++++
 ...controller-manager.clusterrolebinding.yaml | 13 +++
 .../values.yaml                               |  1 +
 6 files changed, 176 insertions(+)
 create mode 100644 charts/digitalocean-cloud-controller-manager/Chart.yaml
 create mode 100644 charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml
 create mode 100644 charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml
 create mode 100644 charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrole.yaml
 create mode 100644 charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml
 create mode 100644 charts/digitalocean-cloud-controller-manager/values.yaml

diff --git a/charts/digitalocean-cloud-controller-manager/Chart.yaml b/charts/digitalocean-cloud-controller-manager/Chart.yaml
new file mode 100644
index 000000000..782b38aa5
--- /dev/null
+++ b/charts/digitalocean-cloud-controller-manager/Chart.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v2
+name: digitalocean-cloud-controller-manager
+description: digitalocean-cloud-controller-manager is the Kubernetes cloud controller manager implementation for DigitalOcean. Read more about cloud controller managers [here](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/). Running `digitalocean-cloud-controller-manager` allows you to leverage many of the cloud provider features offered by DigitalOcean on your Kubernetes clusters.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.42
+
+# Used as the default manager tag value when no tag property is provided in the values.yaml
+appVersion: 0.1.42
+
+home: https://github.com/digitalocean/digitalocean-cloud-controller-manager
+
+sources:
+  - https://github.com/digitalocean/digitalocean-cloud-controller-manager
+
+maintainers:
+  - name: DigitalOcean
+    url: https://github.com/digitalocean
diff --git a/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml b/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml
new file mode 100644
index 000000000..2a3382ad0
--- /dev/null
+++ b/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloud-controller-manager
+  namespace: kube-system
diff --git a/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml b/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml
new file mode 100644
index 000000000..eab1773b3
--- /dev/null
+++ b/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: digitalocean-cloud-controller-manager
+  namespace: kube-system
+spec:
+  replicas: 1
+  revisionHistoryLimit: 2
+  selector:
+    matchLabels:
+      app: digitalocean-cloud-controller-manager
+  template:
+    metadata:
+      labels:
+        app: digitalocean-cloud-controller-manager
+    spec:
+      dnsPolicy: Default
+      hostNetwork: true
+      serviceAccountName: cloud-controller-manager
+      priorityClassName: system-cluster-critical
+      tolerations:
+        # this taint is set by all kubelets running `--cloud-provider=external`
+        # so we should tolerate it to schedule the digitalocean ccm
+        - key: "node.cloudprovider.kubernetes.io/uninitialized"
+          value: "true"
+          effect: "NoSchedule"
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        # cloud controller manages should be able to run on masters
+        # TODO: remove this when ccm is not supported on k8s <= 1.23
+        - key: "node-role.kubernetes.io/master"
+          effect: NoSchedule
+        # k8s clusters 1.24+ uses control-plane name instead of master
+        - key: "node-role.kubernetes.io/control-plane"
+          effect: NoSchedule
+      containers:
+        - image: digitalocean/digitalocean-cloud-controller-manager:v0.1.42
+          name: digitalocean-cloud-controller-manager
+          command:
+            - "/bin/digitalocean-cloud-controller-manager"
+            - "--leader-elect=false"
+          resources:
+            requests:
+              cpu: 100m
+              memory: 50Mi
+          env:
+            - name: DO_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: digitalocean
+                  key: access-token
diff --git a/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrole.yaml b/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrole.yaml
new file mode 100644
index 000000000..1510f149d
--- /dev/null
+++ b/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrole.yaml
@@ -0,0 +1,82 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:cloud-controller-manager
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - watch
+      - list
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - "*"
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services/status
+    verbs:
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumes
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
diff --git a/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml b/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml
new file mode 100644
index 000000000..155e8fb65
--- /dev/null
+++ b/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:cloud-controller-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:cloud-controller-manager
+subjects:
+  - kind: ServiceAccount
+    name: cloud-controller-manager
+    namespace: kube-system
diff --git a/charts/digitalocean-cloud-controller-manager/values.yaml b/charts/digitalocean-cloud-controller-manager/values.yaml
new file mode 100644
index 000000000..ed97d539c
--- /dev/null
+++ b/charts/digitalocean-cloud-controller-manager/values.yaml
@@ -0,0 +1 @@
+---

From 7b0fa4fac2cc7d706514ee4bf5fc8f0505d5b40c Mon Sep 17 00:00:00 2001
From: Vyas Nellutla <vyasnellutla@gmail.com>
Date: Thu, 11 May 2023 14:10:07 -0500
Subject: [PATCH 2/2] feat: use helm namespace & extract resource requests

---
 .../templates/cloud-controller-manager.serviceaccount.yaml  | 2 +-
 .../digitalocean-cloud-controller-manager.deployment.yaml   | 6 ++----
 .../system:cloud-controller-manager.clusterrolebinding.yaml | 2 +-
 charts/digitalocean-cloud-controller-manager/values.yaml    | 4 ++++
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml b/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml
index 2a3382ad0..c8851561d 100644
--- a/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml
+++ b/charts/digitalocean-cloud-controller-manager/templates/cloud-controller-manager.serviceaccount.yaml
@@ -3,4 +3,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: cloud-controller-manager
-  namespace: kube-system
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml b/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml
index eab1773b3..560a0f2c0 100644
--- a/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml
+++ b/charts/digitalocean-cloud-controller-manager/templates/digitalocean-cloud-controller-manager.deployment.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: digitalocean-cloud-controller-manager
-  namespace: kube-system
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   revisionHistoryLimit: 2
@@ -41,9 +41,7 @@ spec:
             - "/bin/digitalocean-cloud-controller-manager"
             - "--leader-elect=false"
           resources:
-            requests:
-              cpu: 100m
-              memory: 50Mi
+            {{- toYaml .Values.resources | nindent 12 }}
           env:
             - name: DO_ACCESS_TOKEN
               valueFrom:
diff --git a/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml b/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml
index 155e8fb65..39948d817 100644
--- a/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml
+++ b/charts/digitalocean-cloud-controller-manager/templates/system:cloud-controller-manager.clusterrolebinding.yaml
@@ -10,4 +10,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: cloud-controller-manager
-    namespace: kube-system
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/digitalocean-cloud-controller-manager/values.yaml b/charts/digitalocean-cloud-controller-manager/values.yaml
index ed97d539c..2b0d838cd 100644
--- a/charts/digitalocean-cloud-controller-manager/values.yaml
+++ b/charts/digitalocean-cloud-controller-manager/values.yaml
@@ -1 +1,5 @@
 ---
+resources:
+  requests:
+    cpu: 100m
+    memory: 50Mi